47153 matches found
Layton Helpbox 4.4.0 Multiple Security Issues
Layton Helpbox 4.4.0 Multiple Security Issues: Layton Helpbox 4.4.0 Multiple SQL Injection Points CVE-2012-4971 http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability CVE-2012-4975...
SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass
SEC Consult Vulnerability Lab Security Advisory 20121017-0 ======================================================================= title: ModSecurity multipart/invalid part ruleset bypass product: ModSecurity vulnerable version: = 2.6.8 fixed version: 2.7.0 CVE number: - impact: Depends what you...
Google Chrome 19 metro_driver.dll mishandling
Security Advisory - Google Chrome 19 metrodriver.dll mishandling ======================================================================== Summary : Google Chrome 19 is prone to unqualified DLL loading Date : 28 June 2012 Affected versions : Google Chrome v19.0.1084.21 up-to v20.0.1132.23 ID :...
ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-093 : Pwn2Own Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-093 June 12, 2012 - -- CVE ID: CVE-2012-1876 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-15-1 QuickTime 7.7.2 QuickTime 7.7.2 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application...
OpenSSL memory corruption
Memory corruption in asn1d2ireadbio/SMIMEreadPKCS7/SMIMEreadCMS...
Apache mod_proxy unauthorized internal network access
Invalid processing for URI with preceeding @ sign...
ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-002 : HP OpenView NNM ov.dll OVBuildPath Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-002 January 5, 2012 - -- CVE ID: CVE-2011-3167 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
Microsoft Windows multiple applications DLL hijacking
If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory...
AdaptCMS 2.x SQL Injection Vulnerability
========================================================================= AdaptCMS 2.x SQL Injection Vulnerability =========================================================================...
Mozilla Foundation Security Advisory 2011-49
Mozilla Foundation Security Advisory 2011-49 Title: Memory corruption while profiling using Firebug Impact: Critical Announced: November 8, 2011 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Marc...
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update iOS 5.0.1 Software Update is now available and addresses the following: CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch 3rd...
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC GMT +--------------------------------------------------------------------...
APPLE-SA-2011-08-03-1 QuickTime 7.7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-08-03-1 QuickTime 7.7 QuickTime 7.7 is now available and addresses the following: QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted pict file may...
Post Revolution 0.8.0c Multiple Remote Vulnerabilities
info ——————————— Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities Class: Design Error && Input Validation Error CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954 Remote: Yes Local: No Credit : Javier Bassi javierbassi at gmail dot com Vulnerable : All versions prior to and including...
About the security content of Safari 5.0.5
About the security content of Safari 5.0.5 Last Modified: April 14, 2011 Article: HT4596 Email this article Print this page Summary This document describes the security content of Safari 5.0.5. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until...
ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability
ZDI-11-119: Pwn2Own Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-119 April 12, 2011 -- CVE ID: CVE-2011-1345 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
Plaintext injection in STARTTLS (multiple implementations)
This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP Simple Mail Transfer Protocol over TLS Transport Layer Security including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is...
[SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The original report is 1. Tomcat is affected when accessing a form based security constrained page or any page that calls javax.servlet.ServletRequest.getLocale or javax.servlet.ServletRequest.getLocales. Work-arounds have been implemented in the...
[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2140-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 05, 2011 http://www.debian.org/security/faq -...
Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
============================================================================== Joomla! 1.0.x 1.0.15 | Cross Site Scripting XSS Vulnerability ============================================================================== 1. OVERVIEW The Joomla! 1.0.x series are currently vulnerable to Cross Site...
Path disclosure in KaiBB
Vulnerability ID: HTB22746 Reference: http://www.htbridge.ch/advisory/pathdisclosureinkaibb.html Product: KaiBB Vendor: Mi-Dia http://www.mi-dia.co.uk/ Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting...
n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.003 16-Nov-2010 Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP devices See HP advisory 3 for the complete list Vulnerability: Directory Traversal in PJL interface Risk: HIGH Vendor...
[ MDVSA-2010:226 ] dhcp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:226 http://www.mandriva.com/security/ Package : dhcp Date : November 10, 2010 Affected: 2009.1, 2010.0, 2010.1 Problem Description: A vulnerability was discovered and corrected in ISC dhcp: ISC DHCP server 4...
Microsoft Security Bulletin MS10-054 - Critical Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
Microsoft Security Bulletin MS10-054 - Critical Vulnerabilities in SMB Server Could Allow Remote Code Execution 982214 Published: August 10, 2010 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows. The...
Mozilla Foundation Security Advisory 2010-40
Mozilla Foundation Security Advisory 2010-40 Title: nsTreeSelection dangling pointer remote code execution vulnerability Impact: Critical Announced: July 20, 2010 Reporter: regenrecht via TippingPoint's Zero Day Initiative Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.7 Firefox...
US-CERT Technical Cyber Security Alert TA10-159A -- Adobe Flash, Reader, and Acrobat Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-159A Adobe Flash, Reader, and Acrobat Vulnerability Original release date: June 08, 2010 Last revised: -- Source: US-CERT Systems Affected Adobe Flash Player 10.0.45.2 and earlier 10.x...
Secunia Research: VMWare VMnc Codec HexTile Encoding Buffer Overflow
====================================================================== Secunia Research 09/04/2009 - VMWare VMnc Codec HexTile Encoding Buffer Overflow - ====================================================================== Table of Contents Affected...
Mozilla Foundation Security Advisory 2010-22
Mozilla Foundation Security Advisory 2010-22 Title: Update NSS to support TLS renegotiation indication Impact: Low Announced: March 30, 2010 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.2 Firefox 3.5.9 Thunderbird 3.0.4 SeaMonkey 2.0.4...
ZDI-10-033: Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability
ZDI-10-033: Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-033 April 2, 2010 -- CVE ID: CVE-2010-0492 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPointTM IPS Customer...
DynPG CMS Multiple Remote File Inclusion Vulnerability
fucking the Web Apps attack edition / / / / L /' / , / / /' , / /' /' / /' / / / / / / L / / / // // // ///////////L // ////// // // Hack0wn! Security Project / /&...
Chaton <= 1.5.2 Local File Include Vulnerability
================================================ Chaton = 1.5.2 Local File Include Vulnerability ================================================ + Chaton = 1.5.2 Local File Include Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,...
TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility
=================================================================== TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility =================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution 975539 Published: December 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microso...
VUPEN Security - Adobe Shockwave Player Multiple Code Execution Vulnerabilities
VUPEN Vulnerability Research - Adobe Shockwave Player Multiple Code Execution Vulnerabilities I. BACKGROUND --------------------- "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer including...
squidGuard 1.3 & 1.4 : buffer overflow
Advisory -------- Date 2009-10-26 Program squidGuard URL http://squidguard.org/ Found by Matthieu BOUTHORS Application description ------------------------ SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast an...
Microsoft Security Bulletin MS09-036 - Important Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
Microsoft Security Bulletin MS09-036 - Important Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service 970957 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update addresses a privately reported Denial of Service vulnerability in...
Cisco WLC 4402 Denial-of-Service vulnerability
======================================= Vulnerable Product: Cisco WLC 4402 most likely among many others Vulnerability discovered: January 2009 Reported to vendor: Jan 01, 2009 Fix available: not yet ======================================= TIMELINE:...
HPSBMA02427 SSRT090069 rev.1 - HP Remote Graphics Software (RGS) Sender Running Easy Login, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01731970 Version: 1 HPSBMA02427 SSRT090069 rev.1 - HP Remote Graphics Software RGS Sender Running Easy Login, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should b...
Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege 959454 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The...
PayPal resource exhaustion
Vulnerability: malicious Web site can cause Denial of Service by forcing user into spending money from his PayPal account to buy different unnecessary things, leading to situation of resource consumption where user can not obtain his daily bread on this day. Workaround: put more money into PayPal...
FreeSSHD buffer overflow
sftp post authentication buffer overflow...
New vulnerabilities in Power Phlogger
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting и Abuse of Functionality уязвимостях в Power Phlogger. XSS: Это reflected и persistent XSS. http://site/edCss.php?action=create+new&fields5Bcss5D=3Cscript3Ealertdocument.cookie3C/script3E Код в дальнейшем исполняется при...
phpMyID can act as a redirector and as headers injector
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: phpMyID can act as a redirector and as headers injector Credits: Raphael Geissert [email protected] Release date: 2008-10-27 Affects: v0.9 23-Jul-2008 Resources: Homepage: http://siege.org/projects/phpMyID/ Demo: http://phpmyid.com Background...
rPSA-2008-0286-1 mono
rPath Security Advisory: 2008-0286-1 Published: 2008-09-29 Products: rPath Linux 2 Rating: Major Exposure Level Classification: Remote User Deterministic Vulnerability Updated Versions: mono=conary.rpath.com@rpl:2/1.2.6-5-0.1 References: https://vulners.com/cve/CVE-2008-3906 Description: Previous...
Mozilla Foundation Security Advisory 2008-41
Mozilla Foundation Security Advisory 2008-41 Title: Privilege escalation via XPCnativeWrapper pollution Impact: Critical Announced: September 23, 2008 Reporter: mozbugra4, Olli Pettay Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey...
Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution 924090 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves five privately reported vulnerabilities. These...
[USN-634-1] OpenLDAP vulnerability
=========================================================== Ubuntu Security Notice USN-634-1 August 01, 2008 openldap2.2, openldap2.3 vulnerability CVE-2008-2952 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS...
PCPIN Chat 6: potential XSS vulnerability in URL redirection script
All PCPIN Chat 6 versions prior to 6.11 are affected by the potential XSS vulnerability in URL redirection script. The vulnerability is caused by insufficient protocol scheme validation in file /inc/urlredirection.inc.php More info and patch here:...