47153 matches found
Mozilla Foundation Security Advisory 2012-06
Mozilla Foundation Security Advisory 2012-06 Title: Uninitialized memory appended when encoding icon images may cause information disclosure Impact: High Announced: January 31, 2012 Reporter: Tim Abraldes Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 10.0 Thunderbird 10.0 SeaMonkey...
[ MDVSA-2012:009 ] perl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:009 http://www.mandriva.com/security/ Package : perl Date : January 18, 2012 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in perl: Eval injection in the...
Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability
Title : Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability Software : Oxide M0N0X1D3 HTTP Server Software Version : 20040223 Vendor: http://sourceforge.net/projects/oxide-ws/ Vulnerability Published : 2011-11-15 Vulnerability Update Time : Status : Impact : Medium Bug Description : Oxid...
Valid tiny-erp <= 1.6 SQL Injection Vulnerability
Dear all, I have found a SQL injection vulnerability in Valid tiny-erp = 1.6. It seems to be version 1.6 as you can see in the 'project' section of www.valid.gr. Anyway there is not any specific number version in the sourceforge page. I reported the vulnerability to the vendor but no response as...
Mozilla Foundation Security Advisory 2011-52
Mozilla Foundation Security Advisory 2011-52 Title: Code execution via NoWaiverWrapper Impact: Critical Announced: November 8, 2011 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Mozilla security researcher mozbugra4 reported that an internal...
ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability
ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-307 October 26, 2011 -- CVE ID: CVE-2011-3545 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle...
CVE-2011-2731: Spring Security privilege escalation when using RunAsManager
CVE-2011-2731: Spring Security privilege escalation when using RunAsManager Severity: Moderate Versions Affected: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Spring Security provides a mechanism RunAsManager to allow particular operations to run with a differe...
ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability
ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-273 August 23, 2011 -- CVE ID: CVE-2011-2735 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: EMC -- Affected Products: EMC AutoStart -- TippingPointTM...
ZDI-11-244: (0day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability
ZDI-11-244: 0day FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-244 July 28, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Flexera Software -- Affected Products: Flexera Software FlexNet License Serv...
Avon Groups (search_result.php?cid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Avon Groups searchresult.php?cid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.avongroups.in/it/ Persian Gulf 4 Ever! Dork : "Powered By: Avon Enterprises Pvt. Ltd. "...
Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web items.php?&catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web" "inurl:items.ph...
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-195 June 14, 2011 -- CVE ID: CVE-2011-1261 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Interne...
Mozilla Foundation Security Advisory 2011-13
Mozilla Foundation Security Advisory 2011-13 Title: Multiple dangling pointer vulnerabilities Impact: Critical Announced: April 28, 2011 Reporter: regenrecht Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 Description Security researcher regenrecht reported...
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability CVE-2011-1344 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser,...
HTB22924: Arbitrary Command Execution in phpAlbum.net
Vulnerability ID: HTB22924 Reference: http://www.htbridge.ch/advisory/arbitrarycommandexecutioninphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: Arbitrary Command Executio...
HTB22917: XSS vulnerabilities in phpCollab
Vulnerability ID: HTB22917 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Stored XSS Cross...
VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0004 Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bin...
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-051 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for this...
[DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method
ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting, File deleting Exploits: YES...
[DSECRG-11-008] Open Edge RDBMS - Multiple architecture vulnerabilities (UNPATCHED)
Digital Security Research Group DSecRG Advisory DSECRG-11-008 Application: Progress OpenEdge Enterprise RDBMS Versions Affected: 10.2A and maybe others Vendor URL: http://web.progress.com Bug: Authentication bypass, UserID enumerate Exploits: YES Reported: 13.10.2009 Vendor response: 13.10.2009...
[DSECRG-00145] SAP Crystal Reports 2008 - Directory Traversal
DSECRG-11-003 Internal DSECRG-00145 SAP Crystal Report Server 2008 - Directory Traversal Directory traversal vulnerability discovered in the module PerformanceManagement application SAP Crystal Report Server 2008, which allows you to read any file on the OS. Application: SAP Crystal Report Server...
US-CERT Technical Cyber Security Alert TA10-162A -- Adobe Flash and AIR Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-162A Adobe Flash and AIR Vulnerabilities Original release date: June 11, 2010 Last revised: -- Source: US-CERT Systems Affected Adobe Flash Player 10.0.45.2 and earlier 10.x versions Adob...
GVI-2010-01 Multiple vulnerabilities in Kapitalist/capitalist
GVI-2010-01 : Multiple vulnerabilities in Kapitalist/capitalist Overview ----------- Quote from http://kapitalist.sourceforge.net/ "Kapitalist is a Monopoly®-like board game for 2-8 players. Walk around the board, buy properties, receive rent from your competitors, try to get monopolies to build...
Bonsai Information Security - OS Command Injection in Cacti <= 0.8.7e
OS Command Injection in Cacti ============================= http://www.bonsai-sec.com/en/research/vulnerability.php ============================= 1. Advisory Information Advisory ID: BONSAI-2010-0105 Date published: 2010-04-21 Vendors contacted: Cacti Release mode: Coordinated release 2...
Secunia Research: Pulse CMS Cross-Site Request Forgery
====================================================================== Secunia Research 08/04/2010 - Pulse CMS Cross-Site Request Forgery - ====================================================================== Table of Contents Affected Software......................................................
CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting (XSS) Vulnerability
CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting XSS Vulnerability ============================================================== Security Advisory 03.30.2010 I. BACKGROUND Apache ActiveMQ is the most popular and powerful open source messaging and Integration Patterns provider...
Pars CMS SQL Injection Vulnerability
================= IUT-CERT ================= Title: Pars CMS SQL Injection Vulnerability Vendor: www.parscms.com Dork: Design by Virtual Develop Co Type: Input.Validation.Vulnerability SQL Injection Fix: N/A ================== nsec.ir ================= Description: ------------------ Pars CMS is ...
[Full-disclosure] Windows SMB NTLM Authentication Weak Nonce Vulnerability
to get the scripts mentioned by this advisory please get the full version at http://www.hexale.org/advisories/OCHOA-2010-0209.txt; I did not include them here to reduce the size of this email Windows SMB NTLM Authentication Weak Nonce Vulnerability Security Advisory Hernan Ochoa [email protected] ...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities 1. Advisory Information Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing...
Vulnerability Note VU#261869
Vulnerability Note VU261869 Clientless SSL VPN products break web browser domain-based security models Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...
iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability
iDefense Security Advisory 07.28.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 28, 2009 I. BACKGROUND Microsoft's Component Object Model COM was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the programming...
Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution 969883 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service...
Mozilla Firefox, Thunderbird, SeaMonkey, NSS multiple security vulnerabilities
Certificate spoofing, buffer overflow, code execution...
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities. An advisory by EnableSecurity. Trustwave published a joint advisory named TWSL2009-001 ID: ES-20090500 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt Affected Versions: versions prior...
Mozilla Foundation Security Advisory 2009-13
Mozilla Foundation Security Advisory 2009-13 Title: Arbitrary code execution via XUL tree element Impact: Critical Announced: March 27, 2009 Reporter: Nils Products: Firefox Fixed in: Firefox 3.0.8 Description Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL...
[ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability
ECHOADV102$2009 ----------------------------------------------------------------------------------------- ECHOADV102$2009 BusinessSpace = 1.2 id Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni...
Mozilla Foundation Security Advisory 2009-05
Mozilla Foundation Security Advisory 2009-05 Title: XMLHttpRequest allows reading HTTPOnly cookies Impact: Low Announced: February 3, 2009 Reporter: Wladimir Palant Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.6 SeaMonkey 1.1.15 Description Developer and Mozilla community member Wladimir...
ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (ASPR #2009-01-27-1)
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2009-01-27-1 ------------------------------------------------------------------------- ASPR 2009-01-27-1: HTML Injection in BEA WebLogic Server Console...
[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues
MajorSecurity Advisory 56moziloWiki - Directory Traversal, XSS and SessionFixation Issues Details ======= Product: moziloWiki Security-Risk: High Remote-Exploit: yes Vendor-URL: http://www.mozilo.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...
iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability
iDefense Security Advisory 07.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 08, 2008 I. BACKGROUND SQL Server is Microsoft's database server product. It supports the restoration and inspection of backups via SQL statements. For more information see the vendor's website found at...
CORE-2008-0126: Multiple vulnerabilities in iCal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in iCal Advisory Information Title: Multiple vulnerabilities in iCal Advisory ID: CORE-2008-0126 Advisory URL:...
Microsoft Security Bulletin MS08-005 – Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Microsoft Security Bulletin MS08-005 – Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege 942831 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important update resolves a privately reported vulnerability in Internet...
BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include
Name : BLOG:CMS 4.2.1.c DIRPLUGINS Multiple Remote File Include Download From : http://dfn.dl.sourceforge.net/sourceforge/blogcms/blogcms.4.2.1.c.7z Or Here http://blogcms.com Found By : RoMaNcYxHaCkEr We Are H-T TeaM Houssamix - ToXiC Home Page : Not Yet : Tryag.cc/cc No-Hack.net V99x.com/vb...
Bitweaver source code disclosure, arbitrary file upload
WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...
b1gmail Cross Site Scripting
b1gmail Cross Site Scripting ============================ Version: 6.3.1 site: http://www.b1gmail.de Profile: Cross Site Scripting Method: POST location:hilfe.php strings: "+onmouseover=alert1898233298+ http://site.com/hilfe.php?chapter="+onmouseover=alert1898233298+ credits: malibu.r...
[ECHO_ADV_83$2007] PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability
ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...
Mozilla Foundation Security Advisory 2007-27
Mozilla Foundation Security Advisory 2007-27 Title: Unescaped URIs passed to external programs Impact: Critical Announced: July 30, 2007 Reporter: Jesper Johansson Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.6 Thunderbird 2.0.0.6 Thunderbird 1.5.0.13 SeaMonkey 1.1.4...
Ingres stack overflow in uuid_from_char function
======= Summary ======= Name: Stack overflow in uuidfromchar function Release Date: 25 June 2007 Reference: NGS00388 Discover: Chris Anley [email protected] Vendor: Ingres Vendor Reference: Ingres bug 115911, CVE-2007-3338, CAID 35452 Systems Affected: Ingres 2006 9.0.4 and prior Risk: High...