47153 matches found
Apache Tomcat security vulnerabilities
DoS, session fixation, information leakage...
Fujitsu notebooks privilege escalation
Untrusted path to executables...
ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability
ESA-2013-037.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability EMC Identifier: ESA-2013-037 EMC Identifier: NW150511 CVE Identifier: CVE-2013-0946 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected product: • EMC...
[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request submitted...
DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities
Title ----- DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities Severity -------- High Date Discovered --------------- March 19, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Dennis Lavrinenko, Bobby Lockett, and r@b13$ 1. Actuate...
Cisco Unified Customer Voice Portal multiple security vulnerabilities
DoS, privilege escalation code execution, files access...
[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2067 Session fixation with FORM authenticator Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.32 - - Tomcat 6.0.21 to 6.0.36 Description: FORM authentication associates the most recent...
ESA-2013-021: EMC Documentum Multiple Vulnerabilities
ESA-2013-021.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-021: EMC Documentum Multiple Vulnerabilities EMC Identifier: ESA-2013-021 CVE Identifier: CVE-2013-0937, CVE-2013-0938, CVE-2013-0939 Severity Rating: See below for individual scores Affected products: • EMC Documentum Webtop...
telepathy-idle insufficient certificate check
Server certificate is not checked...
ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting (XSS) Vulnerability
ESA-2013-031.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting XSS Vulnerability EMC Identifier: ESA-2013-031 CVE Identifier: CVE-2013-0942 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected Products: RSA®...
Vulnerability in "Fujitsu Desktop Update" (for Windows)
Hi @ll, Fujitsu's update utility "Fujitsu Desktop Update" see http://support.ts.fujitsu.com/DeskUpdate/Index.asp, which is factory-preinstalled on every Fujitsu Siemens PC with Windows, has a vulnerability which allows the execution of a rogue program in the security context of the current user...
EMC Documentum multiple security vulnerabilities
Session fixation, crossite scripting...
Vulnerabilities in multiple web applications with VideoJS
Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple web applications with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites and ...
Vulnerabilities in VideoJS
Hello 3APA3A! I want to inform you about vulnerabilities in VideoJS. This is popular video and audio player, which is used at hundreds thousands of web sites and in multiple web applications. This is Cross-Site Scripting vulnerability in VideoJS. There is also DoS hole related to this player, whi...
CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.39 Description: Bug 54178 described a scenario where elements of a previo...
EMC AlphaStor buffer overflow
Buffer overflow on commands parsing in AlphaStor Library Control Program...
EMC RSA Authentication Agent crossite scripting
No description provided...
Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
On Sunday, May 05, 2013 10:13 PM I wrote: Hi @ll, Fujitsus http://www.fsc-pc.de/ factory preinstallation as found on a Fujitsu Lifebook A512 purchased a month ago of Windows 8 Professional x64 I'm VERY confident that other variants of Fujitsu's Windows 8 factory installation are just the like has...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Cross-Site Request Forgery (CSRF) in UMI.CMS
Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference: CVE-2013-275...
[USN-1821-1] telepathy-idle vulnerability
========================================================================== Ubuntu Security Notice USN-1821-1 May 09, 2013 telepathy-idle vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
[USN-1817-1] libxml2 vulnerability
========================================================================== Ubuntu Security Notice USN-1817-1 May 07, 2013 libxml2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[ MDVSA-2013:163 ] glibc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:163 http://www.mandriva.com/en/support/security/ Package : glibc Date : May 7, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in glibc:...
GNU glibc security vulnerabilities
Buffer overflow in regexec, buffer overflow in getaddrinfo...
Cisco Prime Data Center Network Manager code execution
TCP/1099 and TCP/9099 services code execution...
gpsd memory corruption
Memory corruption on request processing...
[2.0 Update] Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability Advisory ID: cisco-sa-20121031-dcnm Revision 2.0 Last Updated 2013 May 08 16:00 UTC GMT For Public Release 2012 October 31 16:00 UTC GMT...
Mesa / WebGL / libgl buffer overflow
Heap overflow...
[USN-1818-1] Mesa vulnerability
========================================================================== Ubuntu Security Notice USN-1818-1 May 07, 2013 mesa vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
[USN-1820-1] gpsd vulnerability
========================================================================== Ubuntu Security Notice USN-1820-1 May 08, 2013 gpsd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
libxml security vulnerabilities
Multiple use-after-free vulnerabilities...
D-Link DSL-320B unauthorized access
It's possible to access configuration files without authentication...
3CX Phone outdated libraries
Outdated versions of OpenSSL and FFmpeg/FFdshow are used...
Multiple Vulnerabilities in KrisonAV CMS
Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...
Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS
Advisory ID: HTB23141 Product: GetSimple CMS Vendor: get-simple.info Vulnerable Versions: 3.1.2 and probably prior Tested Version: 3.1.2 Vendor Notification: January 23, 2013 Vendor Patch: April 26, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...
XSS and CS vulnerabilities in Dotclear
Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...
[security bulletin] HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03737200 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03737200 Version: 1 HPSBPI02868...
ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities
ESA-2013-015.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities EMC Identifier: ESA-2013-015 CVE Identifier: CVE-2013-0932, CVE-2013-0933, CVE-2013-0934 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: RS...
Microsoft Antimalware privilege escalation
It's possible to execute code with local system rights...
Cisco Unified Computing System multiple security vulnerabilities
Buffer overflow, information leakage, authentication bypass, DoS...
[ MDVSA-2013:160 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:160 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : May 3, 2013 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerabilities: In some...
Multiple vulnerabilities in Colormix theme for WordPress
Hello 3APA3A! Last year I've disclosed vulnerabilities in JW Player and in RokBox. Which were fixed by the developers - JW Player developers fixed one hole and promised to fix others later and RokBox fixed all holes but it was questionable how they fixed holes related to JW Player. In December I'...
hornbill supportworks SQL injection
Summary SQL Injection Vulnerability in ITSM component of Hornbill Supportworks Application CVE number: CVE-2013-2594 Impact: High Vendor homepage: http://www.hornbill.com Vendor notified: 19/11/2012 Vendor response: This issue has reportedly been fixed but the vendor refused to give version...
Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability
Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 6.4,...
[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics
============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...
WordPress podPress Plugin XSS in SWF
Exploit Title: WordPress podPress Plugin XSS in SWF Release Date: 28/03/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/podpress.8.8.10.17.zip Tested on: XPsp3 Affected version: 8.8.10.13 before Goog...
Curl Ruby Gem Remote command execution
Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl cookiesstore browsertype @setupparams ref "url" " 132 if @debug 133 puts cmd.red 134 end 135 result =...
Oracle Java / IBM Java protection bypass
Sandbox protection bypass via Reflaction API...
HP Managed Printing Administration crossite scripting
No description provided...
SynConnect PMS SQL Injection Vulnerability
Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ====== Synchroweb Technology is a provider of application...