47153 matches found
Linux news 22.09.00
2.4.0-test9-pre5 kernel released Вышла новая тестовая версия 2.4.0 кернела test9-pre5. Она включает в себя множество исправлений. Так же продолжен процесс синхронизации драйверов между 2.2 и 2.4 ветками Подробнее: http://balrog.ruwr.ru/tmp/test9-pre5.txt Роботы под Linux Как оказалось, на...
Boolean-based SQL injection Vulnerability in K2 Platforms
Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 About the Product: K2 smartforms ca...
CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine
Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...
APPLE-SA-2015-10-21-7 Xcode 7.1
APPLE-SA-2015-10-21-7 Xcode 7.1 Xcode 7.1 is now available and addresses the following: Swift Available for: OS X Yosemite v10.10.5 or later Impact: Swift programs performing certain type conversions may receive unexpected values Description: A type conversion issue existed that could lead to...
CSRF vulnerabilities in Callisto 821+R3 ADSL Router
Hello 3APA3A! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devic...
APPLE-SA-2015-10-21-3 Safari 9.0.1
APPLE-SA-2015-10-21-3 Safari 9.0.1 Safari 9.0.1 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple...
[USN-2722-1] GDK-PixBuf vulnerability
========================================================================== Ubuntu Security Notice USN-2722-1 August 26, 2015 gdk-pixbuf vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
HAProxy information disclosure
Under some conditions, data from previous request can be obtained...
PHP multiple security vulnerabilities
Code execution, DoS conditions, poisoned NULL byte vulnereability, information disclosure...
APPLE-SA-2015-06-30-6 iTunes 12.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-6 iTunes 12.2 iTunes 12.2 is now available and addresses the following: WebKit Available for: Windows 8 and Windows 7 Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected...
[SECURITY] [DSA 3290-1] linux security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3290-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 18, 2015 https://www.debian.org/security/faq -...
[USN-2634-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2634-1 June 10, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability
Exploit Title: AnimaGallery 2.6 theme and lang cookie parameter Local File Include Vulnerability Date: 2015/06/07 Vendor Homepage: http://dg.no.sapo.pt/ Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip Version: 2.6 Tested on: Centos 6.5,php 5.3.2,magicquotesgpc=off Category: webapps...
vfront-0.99.2 CSRF & Persistent XSS
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt Vendor: ============== www.vfront.org Product: =================================================================================== vfront-0.99.2 is a PHP web...
Reflected XSS Vulnerability in XSS In Manage Engine Device Expert
=============================================================================== Reflected XSS Vulnerability in XSS In Manage Engine Device Expert =============================================================================== . contents:: Table Of Content Overview ======== Title :Reflected XSS...
Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17
Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03-29...
[USN-2412-1] Ruby vulnerability
========================================================================== Ubuntu Security Notice USN-2412-1 November 20, 2014 ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 vulnerability ========================================================================== A security issue affects these releases of...
[SECURITY] [DSA 3059-1] dokuwiki security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3059-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 29, 2014 http://www.debian.org/security/faq -...
APPLE-SA-2014-10-16-4 OS X Server v3.2.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-4 OS X Server v3.2.2 OS X Server v3.2.2 is now available and addresses the following: Server Available for: OS X Mavericks v10.9.5 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are kno...
Cross-Site Request Forgery (CSRF) in Kanboard
Advisory ID: HTB23217 Product: Kanboard Vendor: http://kanboard.net/ Vulnerable Versions: 1.0.5 and probably prior Tested Version: 1.0.5 Advisory Publication: May 28, 2014 without technical details Vendor Notification: May 28, 2014 Vendor Patch: June 30, 2014 Public Disclosure: July 2, 2014...
[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]
Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...
[ MDVSA-2014:182 ] zarafa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:182 http://www.mandriva.com/en/support/security/ Package : zarafa Date : September 24, 2014 Affected: Business Server 1.0 Problem Description: Updated zarafa packages fix security vulnerabilities: Robert...
[ MDVSA-2014:159 ] wireshark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:159 http://www.mandriva.com/en/support/security/ Package : wireshark Date : August 8, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...
[oss-security] CVE Request: iodine: authentication bypass by client
Hi oss-security, iodine 0.7.0 has just been released, which fixes an authentication bypass issue discovered by Oscar Reparaz. The fix is here: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850 and the new release is available at the homepage:...
[USN-2105-1] MAAS vulnerabilities
========================================================================== Ubuntu Security Notice USN-2105-1 February 13, 2014 maas vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0
Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6233...
[SECURITY] [DSA 2913-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2913-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 25, 2014 http://www.debian.org/security/faq -...
[security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04249113 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04249113 Version: 2 HPSBMU03009 rev....
[CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7
Advisory Information Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-6235 CVSS v2 Base Score:...
Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability
Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...
OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption
OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...
[SECURITY] [DSA 2736-1] putty security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2736-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 11, 2013 http://www.debian.org/security/faq -...
[CVE-2013-1814] Apache Rave exposes User over API
CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...
QlikView integer overflow
Integer overflow on .qvw files parsing...
[USN-1720-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1720-1 February 12, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Layton Helpbox 4.4.0 Multiple Security Issues
Layton Helpbox 4.4.0 Multiple Security Issues: Layton Helpbox 4.4.0 Multiple SQL Injection Points CVE-2012-4971 http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability CVE-2012-4975...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-15-1 QuickTime 7.7.2 QuickTime 7.7.2 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application...
OpenSSL memory corruption
Memory corruption in asn1d2ireadbio/SMIMEreadPKCS7/SMIMEreadCMS...
Apache mod_proxy unauthorized internal network access
Invalid processing for URI with preceeding @ sign...
ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-002 : HP OpenView NNM ov.dll OVBuildPath Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-002 January 5, 2012 - -- CVE ID: CVE-2011-3167 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
Microsoft Office multiple security vulnerabilities
Privilege escalation, use-after-free, insecure DLL loading, memory corruption...
Mozilla Foundation Security Advisory 2011-49
Mozilla Foundation Security Advisory 2011-49 Title: Memory corruption while profiling using Firebug Impact: Critical Announced: November 8, 2011 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Marc...
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update iOS 5.0.1 Software Update is now available and addresses the following: CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch 3rd...
ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient Type Checking Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-288 October 15, 2011 - - -- CVE ID: CVE-2011-1999 - - -- CVSS: 7.5,...
Loop (ricetta.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Loop ricetta.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.loopmm.com/ Persian Gulf 4 Ever! Dork : "Loop - creazioni multimediali" "inurl:ricetta.php?id="...
Post Revolution 0.8.0c Multiple Remote Vulnerabilities
info ——————————— Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities Class: Design Error && Input Validation Error CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954 Remote: Yes Local: No Credit : Javier Bassi javierbassi at gmail dot com Vulnerable : All versions prior to and including...
ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability
ZDI-11-119: Pwn2Own Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-119 April 12, 2011 -- CVE ID: CVE-2011-1345 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
Plaintext injection in STARTTLS (multiple implementations)
This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP Simple Mail Transfer Protocol over TLS Transport Layer Security including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is...
[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2140-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 05, 2011 http://www.debian.org/security/faq -...