47153 matches found
[MATTA-2012-002] CVE-2012-1493; F5 BIG-IP remote root authentication bypass Vulnerability
Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date: 2012-February-16 Security risk: High...
Mictosoft Lync multiple security vulnerabilities
Font parsing vulnerabilities, unsafe DLL loading, crossite scripting...
APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update iOS 5.1.1 Software Update is now available and addresses the following: Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 3rd generation and later, iPad, iPad 2 Impact: A maliciously...
[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18
waraxe-2012-SA081 - Multiple Vulnerabilities in Coppermine 1.5.18 ============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-81.html Affected Software: Coppermine is a...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Advisory ID: cisco-sa-20120314-asa Revision 1.0 For Public Release 2012 March 14 16:00 UTC GMT...
ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-015 : 0Day HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-12-015 January 12, 2012 - -- CVE ID: CVE-2011-4788 - -- CVSS: 9, AV:N/AC:L/Au:N/C:C/I:P/A:P - -- Affecte...
Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability
Title : Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability Software : Oxide M0N0X1D3 HTTP Server Software Version : 20040223 Vendor: http://sourceforge.net/projects/oxide-ws/ Vulnerability Published : 2011-11-15 Vulnerability Update Time : Status : Impact : Medium Bug Description : Oxid...
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability tested against: Microsoft Windows 2k3 r2 sp2 Oracle Hyperion Performance Management and BI v11.1.2.1.0 download url of the Oracle Hyperion suite:...
ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code,Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-289 October 15, 2011 - -- CVE ID: CVE-2011-2000 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
CVE-2010-2404 | Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment - E-Business Suite
Advisory: Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment File Uploading Module- E-Business Suite CVE-2010-2404 Version Affected - 11.5.10.2, 12.0.6, 12.1.3 About: Oracle I-Recruitment Suite Oracle iRecruitment is a web based full-cycle recruiting solution that gives manager...
ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
ZDI-11-143formerly ZDI-CAN-965: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-143 April 28, 2011 -- CVE ID: CVE-2011-1610 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Cisco -- Affected Products: Cisco...
HTB22918: Path disclosure in phpCollab
Vulnerability ID: HTB22918 Reference: http://www.htbridge.ch/advisory/pathdisclosureinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Path disclosure Risk...
VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0004 Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bin...
[DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method
ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting, File deleting Exploits: YES...
MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2010-007 MIT krb5 Security Advisory 2010-007 Original release: 2010-11-30 Last update: 2010-11-30 Topic: Multiple checksum handling vulnerabilities CVE-2010-1324 krb5 GSS-API applications may accept unkeyed checksums krb5 application servic...
[security bulletin] HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02507909 Version: 2 HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should b...
SQL injection vulnerability in TCMS
Vulnerability ID: HTB22576 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityintcms2.html Product: TCMS Vendor: Target CMS http://targetcms.com/ Vulnerable Version: 100728 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Type: SQL Injection Status: N...
Oracle / Sun applications multiple security vulneraebilities
Quarterly update fixed 59 different vulnerabilities...
US-CERT Technical Cyber Security Alert TA10-162A -- Adobe Flash and AIR Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-162A Adobe Flash and AIR Vulnerabilities Original release date: June 11, 2010 Last revised: -- Source: US-CERT Systems Affected Adobe Flash Player 10.0.45.2 and earlier 10.x versions Adob...
Microsoft IIS memory corruption
Memory corruption if Extended Protection for Authentication is enabled...
Security update available for Shockwave Player
Security update available for Shockwave Player Release date: May 11, 2010 Vulnerability identifier: APSB10-12 CVE number: CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130, CVE-2010-0986, CVE-2010-0987, CVE-2010-1280, CVE-2010-1281, CVE-2010-1282, CVE-2010-1283, CVE-2010-1284,...
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Advisory ID: cisco-sa-20100303-cucm Revision 1.0 For Public Release 2010 March 3 1600 UTC GMT...
FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities
Hi all; It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. As always, we highly...
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
Digital Security Research Group DSecRG Advisory DSECRG-09-010 http://dsecrg.com/pages/vul/show.php?id=110 Application: Oracle Database 10G Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 29.01.2008 Vend...
Linux kernel multiple security vulnerabilities
Multiple DoS conditions, information leaks...
Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege 970953 Published: July 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Internet...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities. An advisory by EnableSecurity. Trustwave published a joint advisory named TWSL2009-001 ID: ES-20090500 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt Affected Versions: versions prior...
Joomla component beamospetition 1.0.12 Sql Injection
Joomla component beamospetition 1.0.12 Sql Injection / Xss Author : vdss Dork : "Powered by beamospetition 1.0.12" Dl : http://joomlacode.org/gf/project/beamospetition/ Xss : http://site/?option=combeamospetition&func=sign&pet='scriptalert'Xss'/script Sql Injection :...
Microsoft Security Bulletin MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
Microsoft Security Bulletin MS08-072 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution 957173 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves eight privately reported vulnerabilities in Microsoft Offi...
Two XSS Flaws in PrestaShop 1.1.0.3
Affects PrestaShop 1.1.0.3 product: homepage: http://prestashop.com This is XSS in the URI of PrestaShop. Trust no one, not even your $SERVERPHPSELF . http://10.1.1.155/prestashop1.1.0.3/admin/login.php/223Cscript3Ealert13C/script3E Add an item to the shoping cart and then vist this url:...
Linux kernel multiple security vulnerabilities
Multiple local DoS conditions, sndseqosssynthmakeinfo information leaks, integer overflows in DCCP and SCTPAUTHKEY...
VBZooM <=V1.11 "reply.php" SQL Injection Vulnerability
================================================= Discovered By: CrAzY CrAcKeR Email: Cr4zY.CrAcKeRathotmaildotcom Script : VBZooM V1.11 ================================================ Search: POWERED BY: VBZooM V1.11 http://www.example.com/vb1/reply.php?UserID=SQL...
IBM Rational ClearQuest Web Multiple XSS Vulnerabilities
IBM Rational ClearQuest Web Multiple XSS CVE-2007-4592 Discovered on 07-24-07 by sasquatch of SecureState - www.securestate.com Multiple cross site scripting vulnerabilities exist within IBM's Rational ClearQuest Web interface. VULNERABLE VARIABLES: ===================== contextid query string...
Microsoft Security Bulletin MS08-005 – Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Microsoft Security Bulletin MS08-005 – Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege 942831 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important update resolves a privately reported vulnerability in Internet...
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities
Syhunt: HFS HTTP File Server Template Cross-Site Scripting and Information Disclosure Vulnerabilities Advisory-ID: 200801161 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 2.0 to and including 2.3Beta Build 174 Non-Affected Applications: HFS 1.6a and earlier versions...
LiveCart Multiple Cross-Site Scripting Vulnerabilities
HSC LiveCart Multiple Cross-Site Scripting Vulnerabilities LiveCart is a new PHP/MySQL powered shopping cart software developed by Integry Systems. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site...
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability
SnIper-sa.com SSSSS nnn nn ii ppppppp eeeeeeeee rrrrr ss nn nn nn ii pp p ee rr rr s nn nn nn ii pp p ee rr r ss nn nn nn ii ppppppp ee rr rr sssss nn nn nn ii pp eeeeee rrrr ss nn nn nn ii pp ee rrrr s nn nn nn ii pp ee rr rr ss nn nnn ii pp ee rr rr sssss nn nnn ii pp eeeeeeeeee rr rr VerY-SecR...
[Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Alert Oracle Database Buffer overflow vulnerability in procedure DBMSAQADMSYS.DBLINKINFO October 29, 2007 Risk Level: Medium Affected versions: Oracle Database Server versions 9iR1, 9iR2 9.2.0.7 and previous patchsets and 10gR1...
Sisplet CMS <= 05.10 (site_path) Remote File Inclusion Vulnerability
Sisplet CMS Found by kezzap66345 Script Download:http://www.sisplet.org/uploadi/editor/Sisplet0504.tar.bz2 https://sourceforge.net/project/showfiles.php?groupid=111881 ERROR1: File:main/forum/komentar.php require$sitepath.'main/forum/class.php'; rfi coded RFI1:...
Aruba Mobility Controller multiple security vulnerabilities
Unauthorized access to management interface thorugh wireless network. Buffer overflow...
Microsoft Security Advisory (932114) Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution
Microsoft Security Advisory 932114 Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution Published: January 26, 2007 Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried ou...
Aigaion Web Interface remote file inclusion
Software:Web based bibliography management system Download link: http://sourceforge.net/projects/aigaion/ script:basicfunctions.php author: navairum...
[Full-disclosure] iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities
IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities iDefense Security Advisory 11.08.06 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 08, 2006 I. BACKGROUND IBM Lotus Domino is a software suite designed to facilitate collaboration between co-workers. More information can be found at...
Lou Portail 1.4.1 Remote|Local File Include Vulnerability
Lou Portail 1.4.1 Class: Remote|Local File Include Vulnerability Patch: Unavailable Published 2006/10/18 Remote: Yes Local: No Type: High Site: http://louportail.free.fr/ Author: MP Contact: [email protected] Vuln Code admin/adminmodule.php: ?... include "$gadminrep/adminutils.$gext"; ...? Vuln 1...
Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability
C Y BE R - W A R R i O R T I M mambo commambelfish Component mosConfigabsolutepath Remote File Inclusion Vulnerabilities Author: mdx Class : Remote cont@ct: bilkopatathotmaildotcom Code: mambelfish.class.php?, line 28 requireonce...
[Full-disclosure] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
Apache HTTP Server 2.2.3 Released The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.2.3 of the Apache HTTP Server "Apache". This version of Apache is principally a bug and security fix release. The following potential security flaws...
FreeSSHd / FreeFTPd / wodSSHServer / FortressSSH SSH servers buffer overflow
Buffer overflow on cryptographic keys exchange...
[Full-disclosure] URL filter bypass in Fortinet
URL filter bypass in Fortinet Severity: Low Impact: Bypass Fortinet web filter Vulnerabilty type: Design error Affected products: FortiGate v2.8 CVE reference: CAN-2005-3058 Vulnerability Description: ------------------------- It is possible to bypass Fortinet URL blocker by making special HTTP...
Pioneers game server DoS
Oversized chat message causes game server to crash...