47153 matches found
[SECURITY] [DSA 3238-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...
[USN-2590-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2590-1 April 30, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] [DSA 3215-1] libgd2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3215-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini April 06, 2015 http://www.debian.org/security/faq -...
Two XSS Vulnerabilities in SupportCenter Plus
Advisory ID: HTB23247 Product: SupportCenter Plus Vendor: Zoho Corp. Vulnerable Versions: 7.9 and probably prior Tested Version: 7.9 Advisory Publication: January 7, 2015 without technical details Vendor Notification: January 7, 2015 Vendor Patch: January 23, 2015 Public Disclosure: January 28,...
Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385
Information ------------ Advisory by Netsparker Name: XSS Vulnerability in Blubrry PowerPress Affected Software : Blubrry PowerPress Affected Versions: 6.0 and possibly below Vendor Homepage : https://wordpress.org/plugins/powerpress/ Vulnerability Type : Cross-site Scripting Severity : Important...
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability
Document Title: =============== PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1358 Release Date: ============= 2014-12-18 Vulnerability Laboratory ID VL-ID: ==================================== 135...
[ MDVSA-2014:253 ] apache-mod_wsgi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:253 http://www.mandriva.com/en/support/security/ Package : apache-modwsgi Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated apache-modwsgi package fixes security...
CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM
Vulnerability title: Multiple SQL Injections in Dolibarr ERP & CRM CVE: CVE-2014-7137 Vendor: Dolibarr ERP & CRM Product: Dolibarr ERP & CRM Affected version: 3.5.3 Fixed version: 3.6.1 Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed within the software as an...
SAP Security Note 1908531 - XXE in BusinessObjects Explorer
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Untrusted XML input parsing possible in SBOP Explorer Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908531 0...
LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow
=== LSE Leading Security Experts GmbH - Security Advisory LSE-2014-06-10 === Perl CORE - Deep Recursion Stack Overflow ----------------------------------------- Affected Versions ================= Perl v5.20.1 and below Issue Overview ============== Vulnerability Type: Stack Overflow Technical...
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
ESA-2014-079.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-079 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE...
[USN-2289-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2289-1 July 17, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel
Advisory ID: HTB23200 Product: Seo Panel Vendor: www.seopanel.in Vulnerable Versions: 3.4.0 and probably prior Tested Version: 3.4.0 Advisory Publication: January 29, 2014 without technical details Vendor Notification: January 29, 2014 Vendor Patch: May 15, 2014 Public Disclosure: May 16, 2014...
Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga
Deutsche Telekom CERT Advisory DTC-A-20140324-003 Summary: Two vulnerabilities were found in icinga version 1.9.1. These vulnerabilities are: 1 several buffer overflows 2 Off-by-one memory access Recommendations: Updates available and need to be installed: - Icinga 1.10.2 Bug Fix Release - Icinga...
Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability
Deutsche Telekom CERT Advisory DTC-A-20140324-004 Summary: An Off-by-one memory access was found in the web gui of nagios. A patch was applied to the core master branch of nagios http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/. This resolution is announced ...
APPLE-SA-2014-04-22-2 iOS 7.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: An attacker in a privileged network positio...
Full Disclosure - Linksys EA2700, EA3500, E4200 and EA4500 - Authentication Bypass to Administrative Console
Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500 Vulnerability: Due to an unknown bug, which occurs by every indication during the installation and/or upgrade process, port 8083 will often open, allowing for direct bypass of authentication to the "classic Linksys GUI" administrative...
CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin
Vulnerability title: Remote Code Execution in Projoom NovaSFH Plugin CVE: CVE-2014-1214 Vendor: Projoom Product: NovaSFH Plugin Version: 3.0.3 Reported by: Yuri Kramarz Details: The PHP executable which is responsible for handling file upload functionality allows arbitrary files to be uploaded to...
[ MDVSA-2014:021 ] perl-Proc-Daemon
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:021 http://www.mandriva.com/en/support/security/ Package : perl-Proc-Daemon Date : January 24, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated perl-Proc-Daemon package...
CVE-2013-6430 Possible XSS when using Spring MVC
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...
[USN-2061-1] OpenStack Keystone vulnerability
========================================================================== Ubuntu Security Notice USN-2061-1 December 19, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA"
============================================= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6163...
Multiple Vulnerabilities in Gnew
Advisory ID: HTB23171 Product: Gnew Vendor: Raoul Proenca Vulnerable Versions: 2013.1 and probably prior Tested Version: 2013.1 Advisory Publication: August 28, 2013 without technical details Vendor Notification: August 28, 2013 Public Disclosure: October 2, 2013 Vulnerability Type: PHP File...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
USN-1976-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1976-1 September 30, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
FreeBSD Security Advisory FreeBSD-SA-13:06.mmap [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:06.mmap Security Advisory The FreeBSD Project Topic: Privilege escalation via mmap Category: core Module: kernel Announced: 2013-06-18 Credits: Konstantin...
[USN-1831-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1831-1 May 16, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-05-22-1 QuickTime 7.7.4 QuickTime 7.7.4 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted TeXML file may lead to an unexpected application...
Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21
Hello All, We wanted to add the following information to our yesterday post. We've learned that RedHat's Bugzilla associates CVE-2013-1537 1 with the RMI issue allowing for a remote loading and execution of arbitrary Java code on servers 2. It looks that Oracle has finally patched RMI vulnerabili...
[CVE-2013-1464]Wordpress Audio Player Plugin XSS in SWF‏‏
Exploit Title: Wordpress Audio Player Plugin XSS in SWF Release Date: 31/01/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip Vendor Homepage: http://wpaudioplayer.com/ Tested...
SQL Injection Vulnerability in ImageCMS
Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability
Product: DigiLIBE Management Console Vendor: Digitiliti Version: 3.4 - ? Tested Version: 3.4 Vendor Notified Date: October 09, 2012 Release Date: January 18, 2013 Risk: High Authentication: None required Remote: Yes Description: Execution After Redirect vulnerabilities exist in DigiLIBE Managemen...
Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin
Exploit Title : Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 01/21/13 version: 34.05 software link:http://wordpress.org/extend/plugins/cardoza-wordpress-poll/ Wordpress Poll plugin description Wordpress Poll is...
CubeCart 4.4.6 and lower | Local File Inclusion Vulnerability
OVERVIEW CubeCart 4.4.6 and lower versions are vulnerable to Local File Inclusion. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...
NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel
======= Summary ======= Name: Symantec Messaging Gateway - SSH with backdoor user account + privilege escalation to root due to very old Kernel Release Date: 30 November 2012 Reference: NGS00267 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems Affecte...
Fortigate UTM WAF Appliance - Cross Site Vulnerabilities
Title: ====== Fortigate UTM WAF Appliance - Cross Site Vulnerabilities Date: ===== 2012-09-07 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=559 VL-ID: ===== 559 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= T...
ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-151 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Oracle - --...
ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-148 August 22, 2012 - -- CVE ID: CVE-2012-0232 - -- CVSS: 9.4,...
ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-156 August 22, 2012 - -- CVE ID: CVE-2012-2493 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -...
[USN-1531-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1531-1 August 10, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
IIS 6.0/7.5 Vulnerabilities [moderate risk] - ISOWAREZ BDAY RELEASE
THIS IS A GENUINE ISOWAREZ RELEASE ------------------------------------------------------------------------------------------------------------------------------------------------------------ Title: Microsoft IIS 6.0 with PHP installed Authentication Bypass Affected software: Microsoft IIS 6.0 wi...
[USN-1436-1] Libtasn1 vulnerability
========================================================================== Ubuntu Security Notice USN-1436-1 May 02, 2012 libtasn1-3 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] [DSA 2466-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2466-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 09, 2012 http://www.debian.org/security/faq -...
Opera / Mozilla / Internet Explorer DoS
Large number of nested tags leads to buffer overflow...
[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0
waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE:...
Specially crafted Json service request allows full control over a Liferay portal instance
Specially crafted Json service request allows full control over a Liferay portal instance Description: Liferay Portal is an enterprise portal written in Java By doing a single http request you can reconfigure Liferay to use a remote Memcached cache instead of it's own cache...
VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773)
VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability APSB12-07 / CVE-2012-0773 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based...
Matthew1471s ASP BlogX - XSS Vulnerabilities
Title: Matthew1471s ASP BlogX - XSS Vulnerabilities Software : Matthew1471s ASP BlogX Software Version : 12 August 2008 Vendor: http://blogx.co.uk/ Vulnerability Published : 2012-03-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:P/I:N/A:N Bug Description...
Minify and related plugins DOM-Based XSS Vulnerability
+-------------------------------------------------------------------------------------------+ Title : Minify and related plugins DOM-Based XSS Vulnerability Version : 2.1.3 & 2.1.4-Beta Credit : Ayoub Aboukir, Independent Security Researcher Contact : ay.aboukir at gmail d0t com Software Link :...
FrameJammer DOM based XSS
Software:FrameJammer Author:Hal Pawluk Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste...