47153 matches found
[USN-2035-1] Ruby vulnerabilities
========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013 ruby1.8, ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
[ MDVSA-2013:213 ] xymon
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:213 http://www.mandriva.com/en/support/security/ Package : xymon Date : August 13, 2013 Affected: Business Server 1.0 Problem Description: Updated xymon package fixes security vulnerability: A security...
PuTTY / WinSCP security vulnerabilities
SSH handshake heap buffer overflow, protection bypass, information leakage...
Multiple Vulnerabilities in Kasseler CMS
Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...
[USN-1801-1] curl vulnerability
========================================================================== Ubuntu Security Notice USN-1801-1 April 16, 2013 curl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Multiple XSS vulnerabilities in IBM Lotus Domino
Hello 3APA3A! I want to warn you about multiple Cross-Site Scripting vulnerabilities in IBM Lotus Domino. Last year I've announced multiple vulnerabilities in IBM software and after IBM fixed many of them, I've disclosed them. These are new vulnerabilities in Domino, which I've found at 03.05.201...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-010A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: January 10, 2013 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including Java Platform...
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...
[SECURITY] [DSA 2579-1] apache2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2579-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 30, 2012 http://www.debian.org/security/faq -...
[USN-1595-1] libxslt vulnerabilities
========================================================================== Ubuntu Security Notice USN-1595-1 October 04, 2012 libxslt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-147 August 22, 2012 - -- CVE ID: CVE-2011-3897 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affecte...
ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-141 August 17, 2012 - -- CVE ID: CVE-2012-1855 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
Social Engine 4 Persistent XSS & Non-Persistent XSS
===================================================== Social Engine 4 Persistent XSS & Non-Persistent XSS ===================================================== :------------------------------------------------------------------------------------------ ---------------------------------------------...
Two Remote Code Execution Vulnerabilities in Internet Explorer
Vulnerability 1: Internet Explorer Select Element Remote Code Execution Original advisory: http://ifsec.blogspot.com/2011/10/internet-explorer-select-element-remote.html I. OVERVIEW There is a vulnerability in Internet Explorer which enables execution of arbitrary code if the user visits a web pa...
Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Listendifferent prodotto.php?IDprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.listendifferent.com/ Persian Gulf 4 Ever! Dork : "Concept and Designed by...
[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2279-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq -...
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-196 June 14, 2011 -- CVE ID: CVE-2011-1262 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
[SECURITY] [DSA 2251-1] subversion security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2251-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 02, 2011 http://www.debian.org/security/faq -...
[SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability
CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: An attacker can build a simple html page containing a hidden Image...
[ MDVSA-2011:096 ] python
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:096 http://www.mandriva.com/security/ Package : python Date : May 22, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities have been identified an...
PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager)
PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage Insight Manager Vulnerability found: 6th June 2010 Date Published 20th May 2011 Severity: Medium Description: XSS vulnerabilities have been found within HP System Management; Arisin...
ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability
ZDI-11-104: Pwn2Own Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit --...
ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability
ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-106 March 18, 2011 -- CVE ID: CVE-2010-4228 -- CVSS: 9, AV:N/AC:L/Au:S/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell Netware -- TippingPointTM I...
Symantec Antivirus Corporate Edition Alert Management Service code execution
It's possible to execute commands without authentication via TCP/38292 service...
CVE-2010-3700: Spring Security bypass of security constraints
CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...
Mozilla Foundation Security Advisory 2010-70
Mozilla Foundation Security Advisory 2010-70 Title: SSL wildcard certificate matching IP addresses Impact: Moderate Announced: October 19, 2010 Reporter: Richard Moore Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.11 Firefox 3.5.14 Thunderbird 3.1.5 Thunderbird 3.0.9 SeaMonkey...
ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability
ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-190 October 1, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell iManager --...
Mozilla Foundation Security Advisory 2010-58
Mozilla Foundation Security Advisory 2010-58 Title: Crash on Mac using fuzzed font in data: URL Impact: Critical Announced: September 7, 2010 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird 3.0.7 SeaMonkey...
[security bulletin] HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02282388 Version: 1 HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery CSRF, Cross Sit...
Pligg Installation File XSS Vulnerability
Title: Pligg Installation File XSS Vulnerability Vendor: Pligg Product: Pligg CMS Tested Version: 1.0.4 Threat Class: XSS Severity: Medium Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== Pligg is prone to a XSS vulnerability in the installation file:...
[security bulletin] HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02027185 Version: 1 HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting XSS, Cross Site Request Forgery CSRF, Privilege...
[Advisory]PBBoard <=2.0.2 Full Path Disclosure
AdvisoryPBBoard =2.0.2 - Full Path Disclosure Details ======= Product: PHP = PBBoard Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.pbboard.com Credits ============ Discovered by: rUnViRuS site: http://www.sec-area.com Affected Products: ---------------------------- test on...
osTicket v1.6 RC4 Admin Login Blind SQLi
nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-007 osTicket Admin Login Blind SQL Injection Application: osTicket v1.6 RC4 Vendor: osTicket Vendor website: http://www.osticket.com Author: Adam Baldwin [email protected] I. BACKGROUND "osTicket is a widely-us...
ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability
ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...
Microsoft Security Bulletin MS09-015 – Moderate Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
Microsoft Security Bulletin MS09-015 – Moderate Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege 959426 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Windows...
Microsoft Security Bulletin MS09-008 – Important Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
Microsoft Security Bulletin MS09-008 – Important Vulnerabilities in DNS and WINS Server Could Allow Spoofing 962238 Published: March 10, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities and two publicly disclosed...
Mozilla Foundation Security Advisory 2008-68
Mozilla Foundation Security Advisory 2008-68 Title: XSS and JavaScript privilege escalation Impact: Critical Announced: December 16, 2008 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.5 Firefox 2.0.0.19 Thunderbird 2.0.0.19 SeaMonkey 1.1.14 Description Mozill...
Mozilla Foundation Security Advisory 2008-44
Mozilla Foundation Security Advisory 2008-44 Title: resource: traversal vulnerabilities Impact: Moderate Announced: September 23, 2008 Reporter: Boris Zbarsky, Georgi Guninski Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey 1.1.12...
[ GLSA 200809-02 ] dnsmasq: Denial of Service and DNS spoofing
Gentoo Linux Security Advisory GLSA 200809-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
[SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1605-1 [email protected] http://www.debian.org/security/ Florian Weimer July 08, 2008 http://www.debian.org/security/faq -...
Linux distributives OpenSSH / OpenSSL weak random generator
Weak random generation in Debian-based distributives Debian, Ubuntu...
Microsoft Security Bulletin MS08-022 – Critical Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
Microsoft Security Bulletin MS08-022 – Critical Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution 944338 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in the...
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability by NBBN Founed: December 2007 Type: Cross-Site Request Forgery Code: html head /head body onLoad="javascript:document.it.submit" form action="http://localhost/xampp/wbb2/modcp.php" method="post" name="it" input type="hidden"...
[Full-disclosure] TPTI-07-21: Adobe Flash Player JPG Processing Heap Overflow Vulnerability
TPTI-07-21: Adobe Flash Player JPG Processing Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-21 December 19, 2007 -- CVE ID: CVE-2007-6242 -- Affected Vendor: Adobe -- Affected Products: Flash Player -- TippingPointTM IPS Customer Protection: TippingPoint IPS customer...
[Full-disclosure] CVE-2007-6244: Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability
CVE-2007-6244 Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability 19 December 2007 == Summary == Affected Vendor: Adobe Affected Products: Flash Player ActiveX Control for Internet Explorer Affected Versions: Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlie...
Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer (942615)
Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer 942615 Published: December 11, 2007 Version: 1.0 General Information Executive Summary This critical security update resolves four privately reported vulnerabilities. The most serious security impact...
[Full-disclosure] [ GLSA 200711-25 ] MySQL: Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
[security bulletin] HPSBMA02275 SSRT071445 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01183597 Version: 1 HPSBMA02275 SSRT071445 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin shoul...
[scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting
SiteScape forum prior 7.3 Cross Site Scripting scip AG Vulnerability ID 3159 07/13/2007 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3159 I. INTRODUCTION SiteScape forum is a commercial web forum. It uses presence to connect teams through phone, IM, chat, SMS and email, as well as voice- and...