47153 matches found
Microsoft Visio Viewer memory corruption
Memory corruption on Visio files prasing...
Microsoft Outlook for Mac information leakage
External content is requested during message parsing...
Microsoft OneNote information leakage
Information leakage on OneNote files parsing...
Privoxy information leakage
Proxy-Authenticate and Proxy-Authorization headers are not filtered, making it possible to hijack authentication information...
Microsoft Silverlight code execution
Memory corruption...
CVE-2013-1413
COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2013-1413 CSNC ID: CSNC-2013-003 Product: i-doit Vendor: synetics Gesellschaft fьr Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
US-CERT Alert TA13-064A: Oracle Java Contains Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System TA13-064A: Oracle Java Contains Multiple Vulnerabilities Original release date: March 05, 2013 Systems Affected Any system using Oracle Java 7, 6, 5 1.7, 1.6, 1.5 including Java Platform Standard Edition 7 Java SE 7 Jav...
[security bulletin] HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution,
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03689276 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03689276 Version: 1 HPSBGN02854...
Verax NMS Authenication Bypass (CVE-2013-1350)
Verax NMS Authenication Bypass CVE-2013-1350 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...
Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header
VRYCreate | q == ',' Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions affected: 3.0.3 2.1.5 Summary: Varnish 2.1.5 and 3.0.3 crash and restart via assert while parsing Vary header backend response. This could be used if attacker gained...
xen multiple security vulnerabilities
Different DoS conditions...
[CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability
CVE-REQUEST Foscam = 11.37.2.48 path traversal vulnerability Summary: Foscam firmware = 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface. The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials. Details: GET...
Exploit for D-Link DAP 1150
Hello! Here is exploit for D-Link DAP 1150. About vulnerabilities in it, which were used in this exploit, I've wrote in 2011. I've presented this exploit in my article "CSRF Attacks on Network Devices" in the magazine PenTest Extra 02/2012 http://pentestmag.com/pentestextra022012/, released in...
SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1)
SEC Consult Vulnerability Lab Security Advisory 20130308-0 ======================================================================= title: Multiple critical vulnerabilities part 1 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...
[SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples
CVE-2013-0248 Apache Commons FileUpload - Insecure examples Severity: Low Vendor: The Apache Software Foundation Versions Affected: - Commons FileUpload 1.0 to 1.2.2 Description: Commons FileUpload provides file upload capability for Servlets and web applications. During the upload process,...
WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS)
------------------ WordPress Count-Per-Day plugin 3.2.5. Type-1 reflected Cross Site Scripting XSS affected versions = 3.2.5. tested on 3.2.5, 3.2.3 impact: - code execution in browser context author: alejandr0.m0f0 1/ navigate to the page: /wordpress/wp-admin/?page=cpdmetaboxes 2/ bottom of the...
Verax NMS Password Disclosure (CVE-2013-1631)
Verax NMS Password Disclosure CVE-2013-1631 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...
Samsung TV buffer overflow
Buffer overflow on TCP/7676 SOAPACTION request processing...
Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header
STValloc | st != NULL Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Full panic message: Panic message: Assert error in STValloc, stevedore.c line 192:012 Conditionst != NULL not true. Summary: Varnish 2.1.5 crash and restart via...
[SECURITY] [DSA 2636-1] xen security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2636-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 01, 2013 http://www.debian.org/security/faq -...
Varnish multiple security vulnerabilities
Different DoS conditions on HTTP headers parsing...
SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2)
SEC Consult Vulnerability Lab Security Advisory 20130308-1 ======================================================================= title: Multiple high risk vulnerabilities part 2 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...
CS and XSS vulnerabilities in SWFUpload
Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in SWFUpload. This is very popular flash-file, which is used at tens millions of web sites and in hundreds of web applications such as WordPress, only this web application is used at more then 62 millions of web sit...
Multiple XSS vulnerabilities in Events Manager WordPress plugin
Advisory ID: HTB23139 Product: Events Manager WordPress plugin Vendor: Marcus Sykes Vulnerable Versions: 5.3.3 and probably prior Tested Version: 5.3.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: Cross-Site Scripting...
Verax NMS Password Replay Attack (CVE-2013-1351)
Verax NMS Password Replay Attack CVE-2013-1351 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducin...
OS Command Injection in CosCms
Advisory ID: HTB23145 Product: CosCms Vendor: http://www.coscms.org Vulnerable Versions: 1.721 and probably prior Tested Version: 1.721 Vendor Notification: February 13, 2013 Vendor Patch: February 13, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: OS Command Injection CWE-78 CVE...
HP LaserJet Pro printers unauthorized access
No description provided...
[SECURITY] [DSA 2638-1] openafs security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2638-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 04, 2013 http://www.debian.org/security/faq -...
Re: rpi-update tmpfile vulnerability
Hello everyone, I took a closer look at this vulnerability here is my exploit to share: 45 cat /tmp/updateScript.sh EOF -- if we own it first, wait for IMODIFY and inject our malicious code 46 !/bin/bash 47 if mv "$tempFileName" "$0"; then 48 rm -- "$0" 49 exec env UPDATESELF=0 /bin/bash "$0"...
Kaspersky Internet Security DoS
Different DoS conditions on IPv6 processing...
Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header
fetchstraight | uintmaxtcl == cll Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Summary It is possible to crash via assert varnish child processes by sending invalid Content-Length reponse header. Panic message: Assert error in...
DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion
Title ----- DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion Severity -------- High Date Discovered --------------- February 14, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: 0x00string, Ryan Oliver and r@b13$ Vulnerability Description...
HP Intelligent Management Center multiple security vulnerabilities
Crossite scripting, code execution, information disclosure...
OpenAFS buffer overflow
Few different buffer overflows...
rpi-update symlink vulnerability
Unsafe temp file creation...
Verax NMS Hardcoded Private Key (CVE-2013-1352)
Verax NMS Hardcoded Private Key CVE-2013-1352 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...
SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2
SIP Witch 0.7.4 w/libosip2-4.0.0 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 DoS by the NULL pointer derefence in libosip2. True, found in the ancient version of sipwitch default in BT5 but the problem lies in the library used by it and may...
rpi-update tmpfile vulnerability
Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a 10th Feb commit Vulnerability 1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create the...
[security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03684249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03684249 Version: 1 HPSBPI02851...
[PT-2013-17] Arbitrary Files Reading in mnoGoSearch
----------------------------------------------------------- PT-2013-17 Positive Technologies Security Advisory Arbitrary Files Reading in mnoGoSearch ----------------------------------------------------------- --- Vulnerable software mnoGoSearch Version: 3.3.12 and earlier Application link:...
Remote system freeze thanks to Kaspersky Internet Security 2013
I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 and any other Kaspersky product which includes the firewall...
Stored XSS in Terillion Reviews Wordpress Plugin
CVE Assigned-CVE-2013-2501 Exploit Title : Stored XSS in Terillion Reviews Plugin Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 08/03/13 Software link: http://wordpress.org/extend/plugins/terillion-reviews/ The Terillion Reviews Plugin in Wordpress...
AoF, IAA and CSRF vulnerabilities in Question2Answer
Hello 3APA3A! These are Abuse of Functionality, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the second part of vulnerabilities in this web application. ------------------------- Affected products: ------------------------- Vulnerable are...
APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 o...
HP ServiceCenter DoS
No description provided...
Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND
Subversion MKACTIVITY Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 libsvnfs's svnfsfilelength fun tested on 1.6.17 and few others gdb where 0 0x00007f2595db9d60 in svnfsfilelength from /usr/lib/x8664-linux-gnu/libsvnfs-1.so.1 1 0x00007f25961f2d...
libosip2 / SIP Witch DoS
NULL pointer dereference...
Apache mod_dav_svn DoS
NULL pointer dereference on MKACTIVITY and PROPDINF requests processing...
Samsung TV DoS (possible overflow) via SOAPACTION
!/bin/bash Samsung TV DoS possible overflow via SOAPACTION Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Verified for ue55es6800. Nope, it's different than http://www.exploit-db.com/exploits/18751/. havetelnet ? RCE : "vuln is DoS if not clever...