47153 matches found
Advisory for A1Stats
Advisory for A1Stats A1Stats is made by Drummond Miles Site: http://www.gadnet.com/a1stats by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0114 /-|=explanation=|- A1Stats is a CGI package to track website traffic. The package has a view files bug and also gives the...
CGI - nph-maillist.pl vulnerability...
Hello BuGReaders... Script: nph-maillist.plcgi Introduction: cat from source .................................................................... Created by: Matt Tourtillott URL: www.marketrends.net email [email protected] The email list generator is a web interfaced script that allows the...
[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability
CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable:...
[SECURITY] [DSA-001-1] ed symlink attack
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory 001-1 [email protected] http://www.debian.org/security/ Wichert Akkerman November 29, 2000 -...
Explanation Authentix Input Validation Error
Hi there, Yesterday I posted an advisory concerning a bug in Authentix that would allow users to bypass authentification. When I contacted the vendor about this they were very responsive and after some emails going here and there we agreed to postpone the bugtraq-posting for two weeks and give th...
Security Bulletin (MS00-067)
Microsoft Security Bulletin MS00-067 - --------------------------------------- Patch Available for "Windows 2000 Telnet Client NTLM Authentication" Vulnerability Originally posted: September 14, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the...
[EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com GoodTech's FTP Server vulnerable to a DoS RNTO ---------------------------------------------------------------------------- SUMMARY...
Security Bulletin (MS00-059)
Microsoft Security Bulletin MS00-059 - -------------------------------------- Patch Available for "Java VM Applet" Vulnerability Originally posted: August 21, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual machine Microsoft V...
Security Bulletin (MS00-041)
Microsoft Security Bulletin MS00-041 - -------------------------------------- Patch Available for "DTS Password" Vulnerability Originally posted: June 14, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoftr SQL...
Security Bulletin (MS00-040)
Patch Available for "Remote Registry Access Authentication" Vulnerability Originally posted: June 08, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Windows NT 4.0. Under certain conditions, the vulnerability could be used to cause a...
4ward:It's a blue world!
/off topic: please in the list disable or add filter to your auto-reply/ from:http://www.blueworld.com/blueworld/news/05.01.00-FM5Sec urity.html .../... The precise details of how to exploit these holes is minimized to prevent compromising the integrity of all current Internet-accessible FileMake...
Security Advisory: Cisco IOS Software TELNET Option Handling Vulnerability
Cisco IOS Software TELNET Option Handling Vulnerability Revision 1.0 For public release Thursday 2000/04/20 at 09:00 AM US/Eastern UTC-0400. --------------------------------------------------------------------------- Summary ======= A defect in multiple Cisco IOS software versions will cause a...
<Антивирус Касперского> получает сертификат Trojan Checkmark
Пресс Релиз Антивирус Касперского получает сертификат Trojan Checkmark Первый российский антивирус гарантированно защищает пользователей от Троянских коней! "Лаборатория Касперского" www.avp.ru, российский лидер в области разработки антивирусных систем безопасности, сообщает, что ее продукты для...
Interscan VirusWall NT 3.23/3.3 buffer overflow
A buffer overflow exists on the VirusWall smtp gateway - by sending a long HELO command you can overflow the buffer and execute arbitrary code. Example code has been written which will spawn a command prompt on a port you specify. Before you shrug this one off, take a look: Connected to...
TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391
Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : Cross-site Scripting Severity : Important Status :...
[SECURITY] [DSA 3369-1] zendframework security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3369-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 06, 2015 https://www.debian.org/security/faq -...
Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting
Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself. This is NOT the case, but...
[USN-2720-1] Django vulnerability
========================================================================== Ubuntu Security Notice USN-2720-1 August 18, 2015 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...
HotExBilling Manager Cross-site scripting (XSS) vulnerability
Title: ==== HotExBilling Manager – Cross-site scripting XSS vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-2781 Date: ==== 12-03-2015 dd/mm/yyyy Vendor: ====== Hotspot Express has been in the billing solution business sinc...
[SECURITY] [DSA 3238-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...
[USN-2590-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2590-1 April 30, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower
SEC Consult Vulnerability Lab Security Advisory 20150113-1 ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5 impact: high homepage:...
Alienvault OSSIM/USM Command Execution Vulnerability
Details ======= Product: Alienvault OSSIM/USM Vulnerability: Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: =4.14.X Fixed Version: 4.15.0 Summary ======= Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data. T...
[ MDVSA-2014:253 ] apache-mod_wsgi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:253 http://www.mandriva.com/en/support/security/ Package : apache-modwsgi Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated apache-modwsgi package fixes security...
[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser
Hi, This is the 6th part of the ManageOwnage series. For previous parts see 1. This time we have two 0 day vulns CVE-2014-6038 and 6039 that can be abused to dump information from the database and obtain the superuser credentials for Windows and AS/400 hosts which are managed by EventLog Analyzer...
Lime Survey 2-05+ Multiple Vulnerabilities
Lime Survey Multiple Vulnerabilities ======================================================================= ADVISORY INFORMATION Title: Lime Survey Multiple Vulnerabilities Discovery date: 02/07/2014 Release date: 03/07/2014 Vendor Homepage: www.limesurvey.org Version: Lime Survey 2.05+ Build...
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
ESA-2014-079.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-079 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE...
[USN-2289-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2289-1 July 17, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel
Advisory ID: HTB23200 Product: Seo Panel Vendor: www.seopanel.in Vulnerable Versions: 3.4.0 and probably prior Tested Version: 3.4.0 Advisory Publication: January 29, 2014 without technical details Vendor Notification: January 29, 2014 Vendor Patch: May 15, 2014 Public Disclosure: May 16, 2014...
CS and XSS vulnerabilities in DZS Video Gallery for WordPress
Hello 3APA3A! There are Content Spoofing and Cross-Site Scripting vulnerabilities in plugin DZS Video Gallery for WordPress. After I announced multiple vulnerabilities in DZS Video Gallery at 08.05.2014 and informed developers, they ignored it, so the second advisory is going directly to full...
Full Disclosure - Linksys EA2700, EA3500, E4200 and EA4500 - Authentication Bypass to Administrative Console
Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500 Vulnerability: Due to an unknown bug, which occurs by every indication during the installation and/or upgrade process, port 8083 will often open, allowing for direct bypass of authentication to the "classic Linksys GUI" administrative...
CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin
Vulnerability title: Remote Code Execution in Projoom NovaSFH Plugin CVE: CVE-2014-1214 Vendor: Projoom Product: NovaSFH Plugin Version: 3.0.3 Reported by: Yuri Kramarz Details: The PHP executable which is responsible for handling file upload functionality allows arbitrary files to be uploaded to...
[ MDVSA-2014:021 ] perl-Proc-Daemon
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:021 http://www.mandriva.com/en/support/security/ Package : perl-Proc-Daemon Date : January 24, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated perl-Proc-Daemon package...
CVE-2013-6430 Possible XSS when using Spring MVC
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...
[USN-2061-1] OpenStack Keystone vulnerability
========================================================================== Ubuntu Security Notice USN-2061-1 December 19, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Multiple Vulnerabilities in Gnew
Advisory ID: HTB23171 Product: Gnew Vendor: Raoul Proenca Vulnerable Versions: 2013.1 and probably prior Tested Version: 2013.1 Advisory Publication: August 28, 2013 without technical details Vendor Notification: August 28, 2013 Public Disclosure: October 2, 2013 Vulnerability Type: PHP File...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
USN-1976-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1976-1 September 30, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities
The Wordpress videowhisper-live-streaming-integration Plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities Author : Iranian Exploit...
[USN-1831-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1831-1 May 16, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21
Hello All, We wanted to add the following information to our yesterday post. We've learned that RedHat's Bugzilla associates CVE-2013-1537 1 with the RMI issue allowing for a remote loading and execution of arbitrary Java code on servers 2. It looks that Oracle has finally patched RMI vulnerabili...
APPLE-SA-2013-03-14-2 Safari 6.0.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-2 Safari 6.0.3 Safari 6.0.3 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to an...
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free MS13-021 / CVE-2013-0087 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and includ...
Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro.
---+ Security Alert: Code injection vulnerability in MAKETEXT macro This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext 1, which Foswiki uses to provide translations when...
SQL Injection Vulnerability in ImageCMS
Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability
Product: DigiLIBE Management Console Vendor: Digitiliti Version: 3.4 - ? Tested Version: 3.4 Vendor Notified Date: October 09, 2012 Release Date: January 18, 2013 Risk: High Authentication: None required Remote: Yes Description: Execution After Redirect vulnerabilities exist in DigiLIBE Managemen...
CubeCart 4.4.6 and lower | Local File Inclusion Vulnerability
OVERVIEW CubeCart 4.4.6 and lower versions are vulnerable to Local File Inclusion. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...
NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel
======= Summary ======= Name: Symantec Messaging Gateway - SSH with backdoor user account + privilege escalation to root due to very old Kernel Release Date: 30 November 2012 Reference: NGS00267 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems Affecte...
Fortigate UTM WAF Appliance - Cross Site Vulnerabilities
Title: ====== Fortigate UTM WAF Appliance - Cross Site Vulnerabilities Date: ===== 2012-09-07 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=559 VL-ID: ===== 559 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= T...