47153 matches found
Microsoft Security Bulletin MS03-010: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks 331953 Date: 26 March 2003 Software: Microsoftr Windowsr NT 4.0, Windows 2000, or Windows XP Impact: denial of servi...
Re: [VSA0304] Half-Life Client remote hole via Adminmod plugin
Dear VOID.AT Security, This bug is not related to adminmod, but is rather the bug in Half Life itself. At least absolutely same problem is in amx plugin. amxpsay ssss causes same trouble. So this is a bug in HalfLife client and may be exploited by malicious server operator including remote one wi...
Simple Web Server protected files access
URL http://server.com///secret/file allows protected file access...
Minor IE vulnerability: about: URLs
Zone spoofing? Oh yes, that reminds me. Here's another one. Affected: Internet Explorer under Windows, up to version 6 Risk: Low Workaround: Disable scripting in the Internet Zone Problem: If an unknown 'about:' name is used, IE echos the string exactly to the page. So 'about:foo' results in an...
Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability "THE KING IS THE NEXT RELEASE" USSR Advisory Code: USSR-2000049 Release Date: July 10, 2000 Systems Affected: WircSrv Irc Server v5.07s THE PROBLEM The Ussr Labs team has recently discovered...
CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine
Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...
vfront-0.99.2 CSRF & Persistent XSS
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt Vendor: ============== www.vfront.org Product: =================================================================================== vfront-0.99.2 is a PHP web...
Arbitrary file deletion and multiple XSS vulnerabilities in pfSense
Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015 Public Disclosure: March 25, 2015...
[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3
CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link: http://piwigo.org/basics/downloads...
[ MDVSA-2015:022 ] wireshark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:022 http://www.mandriva.com/en/support/security/ Package : wireshark Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated wireshark packages fix security vulnerabilities: The DE...
APPLE-SA-2014-11-17-3 Apple TV 7.0.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-3 Apple TV 7.0.2 Apple TV 7.0.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may cause an unexpected application...
Improper Access Control in ArticleFR
Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014 Public Disclosure: July 30, 2014 Vulnerability Type:...
Microsoft SQL Server multiple security vulnerabilities
XSS, stack overrun...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
file / PHP multiple security vulnerabilities
Memroy corruptions, DoS, information leakage...
[USN-2209-1] libvirt vulnerabilities
========================================================================== Ubuntu Security Notice USN-2209-1 May 07, 2014 libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0
Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6233...
CVE-2014-2383 - Arbitrary file read in dompdf
Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is present on dompdf.php file that allows remote or local...
[USN-2173-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2173-1 April 26, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Microsoft Internet Explorer multiple security vulnerabilities
Multiple memory corruptions...
[CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7
Advisory Information Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-6235 CVSS v2 Base Score:...
[USN-2075-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2075-1 January 03, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability
Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...
[SECURITY] [DSA 2776-1] drupal6 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2776-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 11, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2741-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2741-1 [email protected] http://www.debian.org/security/ Michael Gilbert August 25, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2736-1] putty security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2736-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 11, 2013 http://www.debian.org/security/faq -...
SQL Injection Vulnerability in Symphony
Advisory ID: HTB23148 Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Versions: 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
Multiple XSS vulnerabilities in Events Manager WordPress plugin
Advisory ID: HTB23139 Product: Events Manager WordPress plugin Vendor: Marcus Sykes Vulnerable Versions: 5.3.3 and probably prior Tested Version: 5.3.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: Cross-Site Scripting...
Fwd: SQL injection
Product: FOOT Gestion Version: - Vendor: Winsoft Vendor site:http://www.footgestion.ch Status: fixed Level: High ========= Description ========= FOOT Gestion is a soccer team management CMS. The solution is based on a software and a CMS website. The website module is affected by a SQL injection...
Apple iOS multiple security vulnerabilities
Large number of vulnerabilities in different components...
Cross-Site Scripting (XSS) in Redaxo
Advisory ID: HTB23098 Product: Redaxo Vendor: Redaxo team Vulnerable Versions: 4.4 and probably prior Tested Version: 4.4 Vendor Notification: 4 July 2012 Vendor Patch: 23 July 2012 Public Disclosure: 25 July 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-3869 CVSSv2 Ba...
NDTV Cross Site Scripting Vulnerabilitiy
Exploit Title : NDTV Cross Site Scripting Vulnerabilitiy Author : Iranian Security & Research Team Discovered By : zilli0o0n Home : sec-lab.ir Contact : research at sec-lab dot ir Software Link : www.ndtv.com DorK : "Copyright NDTV Convergence Limited 2012"...
[SECURITY] [DSA 2506-1] libapache-mod-security security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...
Mozilla Foundation Security Advisory 2011-49
Mozilla Foundation Security Advisory 2011-49 Title: Memory corruption while profiling using Firebug Impact: Critical Announced: November 8, 2011 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Marc...
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update iOS 5.0.1 Software Update is now available and addresses the following: CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch 3rd...
TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN function)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes Authentication to Database Server is needed Credits: This vulnerability was discovered a...
[security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03058866Version: 1 HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon a...
Loop (ricetta.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Loop ricetta.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.loopmm.com/ Persian Gulf 4 Ever! Dork : "Loop - creazioni multimediali" "inurl:ricetta.php?id="...
APPLE-SA-2011-08-03-1 QuickTime 7.7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-08-03-1 QuickTime 7.7 QuickTime 7.7 is now available and addresses the following: QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted pict file may...
Videcon Viola DVR VIO-4/1000 directory traversal
Directory traversal in Web interface...
Plaintext injection in STARTTLS (multiple implementations)
This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP Simple Mail Transfer Protocol over TLS Transport Layer Security including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is...
iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability
iDefense Security Advisory 03.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 01, 2011 I. BACKGROUND The Alcatel-Lucent OmniPCX Enterprise Communication Server CS is a communication server platform that provides multimedia call processing for both Alcatel-Lucent and third-party...
iDefense Security Advisory 02.08.11: Adobe Flash Player ActionScript Memory Corruption Vulnerability
iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash lets you put animation and movies on a...
[USN-1042-1] PHP vulnerabilities
=========================================================== Ubuntu Security Notice USN-1042-1 January 11, 2011 php5 vulnerabilities CVE-2009-5016, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645...
Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
============================================================================== Joomla! 1.0.x 1.0.15 | Cross Site Scripting XSS Vulnerability ============================================================================== 1. OVERVIEW The Joomla! 1.0.x series are currently vulnerable to Cross Site...
[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2140-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 05, 2011 http://www.debian.org/security/faq -...
Path disclosure in KaiBB
Vulnerability ID: HTB22746 Reference: http://www.htbridge.ch/advisory/pathdisclosureinkaibb.html Product: KaiBB Vendor: Mi-Dia http://www.mi-dia.co.uk/ Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting...
n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.003 16-Nov-2010 Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP devices See HP advisory 3 for the complete list Vulnerability: Directory Traversal in PJL interface Risk: HIGH Vendor...
[eVuln.com] Multiple XSS in MCG GuestBook
New eVuln Advisory: Multiple XSS in MCG GuestBook Summary: http://evuln.com/vulns/144/summary.html Details: http://evuln.com/vulns/144/description.html -----------Summary----------- eVuln ID: EV0144 Software: MCG GuestBook Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site Scripti...
[ MDVSA-2010:226 ] dhcp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:226 http://www.mandriva.com/security/ Package : dhcp Date : November 10, 2010 Affected: 2009.1, 2010.0, 2010.1 Problem Description: A vulnerability was discovered and corrected in ISC dhcp: ISC DHCP server 4...