47153 matches found
Device Inspector v1.5 iOS - Command Inject Vulnerabilities
Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID VL-ID: ====================================...
Apple OS X / OS X Server multiple security vulnerabilities
62 vulnerabilities in different system components...
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of...
APPLE-SA-2014-09-17-1 iOS 8
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-1 iOS 8 iOS 8 is now available and addresses the following: 802.1X Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: An attacker can obtain WiFi credentials Description: An attacker...
CUPS unauthorized files access
Unauthorized access to RSS files...
CodeIgniter <= 2.1.4 Session Decoding Vulnerability
Class Weak encryption Remote Yes Published 6th June 2014 Credit Robin Bailey of Dionach [email protected] Vulnerable CodeIgniter = 2.1.4 Session cookies created by the CodeIgniter PHP framework contain a number of variables in a serialized PHP array. To prevent users from tampering with this cook...
E-Store (1.0 & 2.0) <= SQL Injection Vulnerability
Exploit Author: Nawaf Alkeraithe ====================================== for "E-store 1.0": Google Dork: "Powered by: PD" inurl:"page.php?id" Vulnerable page: http://target/page.php?id=SQL Injection ====================================== for "E-store 2.0": Google Dork: "Powered by: PD"...
[SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2887-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq -...
APPLE-SA-2014-03-10-1 iOS 7.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-1 iOS 7.1 iOS 7.1 is now available and addresses the following: Backup Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem...
CVE-2013-6429 Fix for XML External Entity (XXE) injection (CVE-2013-4152) in Spring Framework was incomplete
Severity: Important Vendor: Spring by Pivotal Versions Affected: - Spring MVC 3.0.0 to 3.2.4 - Spring MVC 4.0.0.M1-4.0.0.RC1 - Earlier unsupported versions may be affected Description: Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external...
[ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart
============================================= INTERNET SECURITY AUDITORS ALERT 2012-001 - Original release date: November 8th, 2012 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2013-3831...
[ MDVSA-2013:256 ] apache-mod_fcgid
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:256 http://www.mandriva.com/en/support/security/ Package : apache-modfcgid Date : October 18, 2013 Affected: Business Server 1.0 Problem Description: Updated apache-modfcgid package fixes security...
[USN-2035-1] Ruby vulnerabilities
========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013 ruby1.8, ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
ESA-2013-077.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities EMC Identifier: ESA-2013-077 CVE Identifier: CVE-2013-3288, CVE-2009-3555 Severity Rating: See below for individual scores and refer to vendor advisories for...
[SECURITY] [DSA 2791-1] tryton-client security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2791-1 [email protected] http://www.debian.org/security/ Florian Weimer November 04, 2013 http://www.debian.org/security/faq -...
HP Data Protector Arbitrary Remote Command Execution
""" HP Data Protector Arbitrary Remote Command Execution This script allows to execute a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory installpath/bin/. The main goal of the script is to bypass the...
[security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03880910 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03880910 Version: 1 HPSBHF02912 rev....
[security bulletin] HPSBGN02905 rev.1 - HP LoadRunner, Remote Code Execution and Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03862772 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03862772 Version: 1 HPSBGN02905 rev....
[Foreground Security 2013-002]: Corda Path Disclosure and XSS
Corda Path Disclosure and XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-002 - Original release date: July 12, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground Security - Contact: awillard at foregroundsecurit...
[SECURITY] [DSA 2616-1] nagios3 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2616-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire February 03, 2013 http://www.debian.org/security/faq -...
7sepehr SQL Injection Vulnerability
Exploit Title : 7sepehr SQL Injection Vulnerability Author : Iranian security & Research Lab Discovered By : Ehram.shahmohamadi Home : sec-lab.ir Contact : research at sec-lab dot ir Portal Link : www.7sepehr.Com Security Risk : High DorK : "Powered by 7sepehr.com"...
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876)
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow MS12-037 / CVE-2012-1876 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by...
Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities
Title: ====== Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=470 VL-ID: ===== 470 Introduction: ============= SysAid IT Enterprise Edition is an IT management solution that includes a suite of...
Vulnerabilities in Serv-U 11.1.0.3
Luigi Auriemma Application: Serv-U FTP http://www.serv-u.com Versions: = 11.1.0.3 Platforms: Windows, Linux bug B should affect only some Windows versions Bugs: A sockets and ports consumption B possible access to the management console Exploitation: remote Date: 03 Dec 2011 Author: Luigi Auriemm...
European Security Services GPS v1.0 - Multiple Vulnerabilities
Title: ====== European Security Services GPS 1.x - Multiple Vulnerabilities Date: ===== 2011-09-28 VL-ID: ===== 63 Reference: ========== http://www.vulnerability-lab.com/getcontent.php?id=63 Introduction: ============= Fur eine geringe Ortungsgebuhr erhalten Sie einen Zugang zu unserem Online...
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose (by ERPScan)
DSECRG-11-032 SAP NetWeaver ipcpricing - information disclose com.sap.ipc.webapp.ipcpricing application has information disclose vulnerability Digital Security Research Group DSecRG Advisory DSECRG-11-032 Internal DSecRG-00197 Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL...
Dexanet Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Dexanet AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.dexanet.com/ Persian Gulf 4 Ever! Dork : "inurl:competenzeprodotti.asp?id=" Exploite:...
Funnel Web (pages.php?page) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web pages.php?page AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web"...
ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability
ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-229 June 29, 2011 -- CVE ID: CVE-2011-0209 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...
VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...
[SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability
CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: An attacker can build a simple html page containing a hidden Image...
ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability
ZDI-11-104: Pwn2Own Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit --...
[PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel
PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2011-03 Released on: 13 Apr 2011 Last updated on: 13 Apr 2011 Affected product: Linux Kernel 2.4 and 2.6 Impact: denial-of-service Origin: storage devices Credit: Timo Warns PRESENSE Technologies GmbH CVE Identifier:...
phplist: cross site request forgery (CSRF), CVE-2011-0748
phplist: cross site request forgery CSRF, CVE-2011-0748 References https://vulners.com/cve/CVE-2011-2748 http://int21.de/cve/CVE-2011-0748-phplist.html Description phplist is a mailing list software written in PHP. Up to version 2.10.12, it provided no protection against cross site request forger...
ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability
ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-106 March 18, 2011 -- CVE ID: CVE-2010-4228 -- CVSS: 9, AV:N/AC:L/Au:S/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell Netware -- TippingPointTM I...
Symantec Antivirus Corporate Edition Alert Management Service code execution
It's possible to execute commands without authentication via TCP/38292 service...
[security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02699143 Version: 1 HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon ...
SQL injection vulnerability in TCMS
Vulnerability ID: HTB22577 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityintcms3.html Product: TCMS Vendor: Target CMS http://targetcms.com/ Vulnerable Version: 100728 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Type: SQL Injection Status: N...
[security bulletin] HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02027185 Version: 1 HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting XSS, Cross Site Request Forgery CSRF, Privilege...
Microsoft Security Bulletin MS09-061 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
Microsoft Security Bulletin MS09-061 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution 974378 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves three privately reported...
[ MDVSA-2009:248 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:248 http://www.mandriva.com/security/ Package : php Date : September 25, 2009 Affected: 2009.1 Problem Description: Multiple vulnerabilities was discovered and corrected in php: The...
ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability
ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...
OpenBSD pf DoS
Null pointer dereferenceon malformed IPv4 packet with ICMPv6 data...
Microsoft Security Bulletin MS09-015 – Moderate Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
Microsoft Security Bulletin MS09-015 – Moderate Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege 959426 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Windows...
AdaptBB 1.0 Beta Multiple Remote Vulnerabilities
Salvatore "drosophila" Fresta + Application: AdaptBB + Version: 1.0 Beta + Website: http://sourceforge.net/projects/adaptbb/ + Bugs: A Multiple Blind SQL Injection B Multiple Dynamic Code Execution C Arbitrary File Upload + Exploitation: Remote + Date: 09 Apr 2009 + Discovered by: Salvatore...
Microsoft Security Bulletin MS09-008 – Important Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
Microsoft Security Bulletin MS09-008 – Important Vulnerabilities in DNS and WINS Server Could Allow Spoofing 962238 Published: March 10, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities and two publicly disclosed...
Mozilla Foundation Security Advisory 2008-68
Mozilla Foundation Security Advisory 2008-68 Title: XSS and JavaScript privilege escalation Impact: Critical Announced: December 16, 2008 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.5 Firefox 2.0.0.19 Thunderbird 2.0.0.19 SeaMonkey 1.1.14 Description Mozill...
Mozilla Foundation Security Advisory 2008-44
Mozilla Foundation Security Advisory 2008-44 Title: resource: traversal vulnerabilities Impact: Moderate Announced: September 23, 2008 Reporter: Boris Zbarsky, Georgi Guninski Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey 1.1.12...
Microsoft Security Bulletin MS08-022 – Critical Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
Microsoft Security Bulletin MS08-022 – Critical Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution 944338 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in the...