47153 matches found
[USN-2497-1] NTP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2497-1 February 09, 2015 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability
================================================================================ REWTERZ-20140101 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk SQL Injection Vulnerability Product: ServiceDesk Plus...
[SECURITY] [DSA 3120-1] mantis security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3120-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 06, 2015 http://www.debian.org/security/faq -...
APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 are now available and include the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1: https://support.apple.com/en-us/HT659...
[ MDVSA-2014:221 ] php-smarty
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:221 http://www.mandriva.com/en/support/security/ Package : php-smarty Date : November 21, 2014 Affected: Business Server 1.0 Problem Description: References: https://vulners.com/cve/CVE-2012-4437...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[USN-2394-1] Linux kernel (Trusty HWE) vulnerabilities
========================================================================== Ubuntu Security Notice USN-2394-1 October 30, 2014 linux-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!
Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found a serious security vulnerability in the Slideshow Gallery plugin. This bug allows an attacker to upload any php file remotely to the vulnerable website administrator by default. I have tested and verified that having the current version of the...
CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request
Exploit Details ------------------ Senkas Kolibri WebServer 2.0 available at http://www.senkas.com/kolibri/download.php is vulnerable to RCE via an overly long POST request. Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the...
CUPS unauthorized files access
Unauthorized access to RSS files...
CodeIgniter <= 2.1.4 Session Decoding Vulnerability
Class Weak encryption Remote Yes Published 6th June 2014 Credit Robin Bailey of Dionach [email protected] Vulnerable CodeIgniter = 2.1.4 Session cookies created by the CodeIgniter PHP framework contain a number of variables in a serialized PHP array. To prevent users from tampering with this cook...
Sendy 1.1.9.1 - SQL Injection Vulnerability
Sendy contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the /send-to script not properly sanitizing user-supplied input to the "c" parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the...
CVE-2014-5795 - Database Credentials Leak in Oracle Demantra
Vulnerability title: Database Credentials Leak in Oracle Demantra CVE: CVE-2014-5795 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: Oracle Demantra version 12.2.1 has a backend function that allows anyone to retrieve the...
[slackware-security] php (SSA:2014-111-02)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2014-111-02 New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
[SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2887-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq -...
[ MDVSA-2013:256 ] apache-mod_fcgid
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:256 http://www.mandriva.com/en/support/security/ Package : apache-modfcgid Date : October 18, 2013 Affected: Business Server 1.0 Problem Description: Updated apache-modfcgid package fixes security...
Vulnerability in Pydio/AjaXplorer <= 5.0.3
Vulnerability in Pydio/AjaXplorer = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is an unrestricted upload capability, in one of the plugins that is...
[USN-2049-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2049-1 December 07, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
PuTTY / WinSCP security vulnerabilities
SSH handshake heap buffer overflow, protection bypass, information leakage...
[security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03880910 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03880910 Version: 1 HPSBHF02912 rev....
Multiple Vulnerabilities in Kasseler CMS
Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...
[ MDVSA-2013:194 ] kernel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:194 http://www.mandriva.com/en/support/security/ Package : kernel Date : July 11, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...
[KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability
------------------------------------------------------------------ Joomla! = 3.0.3 remember.php PHP Object Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://www.joomla.org/ - Affected Versions: Version 3.0.3 and earlier 3.0.x...
CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL:...
Apple Mac OS X multiple security vulnerabilities
Crossite scripting, authentication bypass, buffer overflows and memory corruptions in graphics libraries, information leakage, protection bypass, PDF parsing memory corruptions, different packages security vulnerabilities...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows
CVE-2012-5641 Information disclosure via unescaped backslashes in URLs on Windows Affected Versions: All Windows-based releases of Apache CouchDB, up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable. Description: A specially crafted request could be used to access content directly that wou...
TomatoCart 1.x | Unrestricted File Creation
OVERVIEW TomatoCart 1.x versions are vulnerable to Unrestricted File Creation. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It is forked from osCommerce 3 as a separate project and is released under the GNU General...
Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro
---+ Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext, whic...
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...
ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-147 August 22, 2012 - -- CVE ID: CVE-2011-3897 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affecte...
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876)
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow MS12-037 / CVE-2012-1876 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by...
[Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities
Title: ====== eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=575 VL-ID: ===== 575 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...
VMSA-2012-0004 VMware View privilege escalation and cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0004 Synopsis: VMware View privilege escalation and cross-site scripting Issue date: 2012-03-15 Updated on: 2012-03-15 initial...
ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)
Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...
[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2279-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq -...
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-197 June 14, 2011 -- CVE ID: CVE-2011-1266 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft Interne...
[ MDVSA-2011:096 ] python
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:096 http://www.mandriva.com/security/ Package : python Date : May 22, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities have been identified an...
ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability
ZDI-11-104: Pwn2Own Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit --...
Symantec Antivirus Corporate Edition Alert Management Service code execution
It's possible to execute commands without authentication via TCP/38292 service...
CVE-2010-3700: Spring Security bypass of security constraints
CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...
ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability
ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-190 October 1, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell iManager --...
vBulletin 0-day Denial Of Service Exploit
========================================= vBulletin 0-day Denial Of Service Exploit ========================================= The largest Exploit Database in the world ! 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /'...
CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability 1. Advisory Information Title: Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability...
Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability
====================================================================== Secunia Research 20/10/2008 - HP SiteScope SNMP Trap Script Insertion - ====================================================================== Table of Contents Affected...
HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability
HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability Ghost Hacker , R-h Team , Real Hack We Will Be Back Soon : Found by : Ghost Hacker - R-H Team - |, .-. .-. ,| My Blog : http://gh0st10.wordpress.com | o/ o | My Email : [email protected] |/ / | Name Script : HIOX Browser...
[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...
TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
Dear users of TYPO3, It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library feadminlib.inc allows Cross Site Scripting XSS. === Component Type === TYPO3 Core === Affected...
Linux distributives OpenSSH / OpenSSL weak random generator
Weak random generation in Debian-based distributives Debian, Ubuntu...