Microsoft Sharepoint multiple security vulnerabilities

Buffer oveflows, directory traversal, crossite scripting, code execution...

Microsoft OneNote information leakage

Information leakage on OneNote files parsing...

Privoxy information leakage

Proxy-Authenticate and Proxy-Authorization headers are not filtered, making it possible to hijack authentication information...

Microsoft Visio Viewer memory corruption

Memory corruption on Visio files prasing...

Microsoft Silverlight code execution

Memory corruption...

Kaspersky Internet Security DoS

Different DoS conditions on IPv6 processing...

[security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03684249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03684249 Version: 1 HPSBPI02851...

[PT-2013-17] Arbitrary Files Reading in mnoGoSearch

----------------------------------------------------------- PT-2013-17 Positive Technologies Security Advisory Arbitrary Files Reading in mnoGoSearch ----------------------------------------------------------- --- Vulnerable software mnoGoSearch Version: 3.3.12 and earlier Application link:...

Apache mod_dav_svn DoS

NULL pointer dereference on MKACTIVITY and PROPDINF requests processing...

rpi-update symlink vulnerability

Unsafe temp file creation...

Verax NMS multiple security vulnerabilities

Authentication bypass, replay attacks, hardcoded private key, information leakage...

Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header

STValloc | st != NULL Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Full panic message: Panic message: Assert error in STValloc, stevedore.c line 192:012 Conditionst != NULL not true. Summary: Varnish 2.1.5 crash and restart via...

Samsung TV buffer overflow

Buffer overflow on TCP/7676 SOAPACTION request processing...

[security bulletin] HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03689276 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03689276 Version: 1 HPSBGN02854...

WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS)

------------------ WordPress Count-Per-Day plugin 3.2.5. Type-1 reflected Cross Site Scripting XSS affected versions = 3.2.5. tested on 3.2.5, 3.2.3 impact: - code execution in browser context author: alejandr0.m0f0 1/ navigate to the page: /wordpress/wp-admin/?page=cpdmetaboxes 2/ bottom of the...

xen multiple security vulnerabilities

Different DoS conditions...

Samsung TV DoS (possible overflow) via SOAPACTION

!/bin/bash Samsung TV DoS possible overflow via SOAPACTION Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Verified for ue55es6800. Nope, it's different than http://www.exploit-db.com/exploits/18751/. havetelnet ? RCE : "vuln is DoS if not clever...

[SECURITY] [DSA 2638-1] openafs security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2638-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 04, 2013 http://www.debian.org/security/faq -...

CVE-2013-1413

COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2013-1413 CSNC ID: CSNC-2013-003 Product: i-doit Vendor: synetics Gesellschaft fьr Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...

Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND

Subversion MKACTIVITY Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 libsvnfs's svnfsfilelength fun tested on 1.6.17 and few others gdb where 0 0x00007f2595db9d60 in svnfsfilelength from /usr/lib/x8664-linux-gnu/libsvnfs-1.so.1 1 0x00007f25961f2d...

HP Intelligent Management Center multiple security vulnerabilities

Crossite scripting, code execution, information disclosure...

SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2)

SEC Consult Vulnerability Lab Security Advisory 20130308-1 ======================================================================= title: Multiple high risk vulnerabilities part 2 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...

[ MDVSA-2013:017 ] libxml2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:017 http://www.mandriva.com/security/ Package : libxml2 Date : March 5, 2013 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in libxml2: A denial of service...

[USN-1756-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1756-1 March 06, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CS and XSS vulnerabilities in SWFUpload

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in SWFUpload. This is very popular flash-file, which is used at tens millions of web sites and in hundreds of web applications such as WordPress, only this web application is used at more then 62 millions of web sit...

Exploit for D-Link DAP 1150

Hello! Here is exploit for D-Link DAP 1150. About vulnerabilities in it, which were used in this exploit, I've wrote in 2011. I've presented this exploit in my article "CSRF Attacks on Network Devices" in the magazine PenTest Extra 02/2012 http://pentestmag.com/pentestextra022012/, released in...

Verax NMS Authenication Bypass (CVE-2013-1350)

Verax NMS Authenication Bypass CVE-2013-1350 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...

US-CERT Alert TA13-064A: Oracle Java Contains Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System TA13-064A: Oracle Java Contains Multiple Vulnerabilities Original release date: March 05, 2013 Systems Affected Any system using Oracle Java 7, 6, 5 1.7, 1.6, 1.5 including Java Platform Standard Edition 7 Java SE 7 Jav...

Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header

httpGetHdr | l == strlenhdr + 1 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.0.3, 2.1.5 Summary: It's possible to crash Varnish via assertion if the single header within the Vary header is longer then 127 bytes. The 'l' cachehttp.c2...

[SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples

CVE-2013-0248 Apache Commons FileUpload - Insecure examples Severity: Low Vendor: The Apache Software Foundation Versions Affected: - Commons FileUpload 1.0 to 1.2.2 Description: Commons FileUpload provides file upload capability for Servlets and web applications. During the upload process,...

[CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability

CVE-REQUEST Foscam = 11.37.2.48 path traversal vulnerability Summary: Foscam firmware = 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface. The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials. Details: GET...

SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2

SIP Witch 0.7.4 w/libosip2-4.0.0 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 DoS by the NULL pointer derefence in libosip2. True, found in the ancient version of sipwitch default in BT5 but the problem lies in the library used by it and may...

Verax NMS Password Disclosure (CVE-2013-1631)

Verax NMS Password Disclosure CVE-2013-1631 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...

Multiple XSS vulnerabilities in Events Manager WordPress plugin

Advisory ID: HTB23139 Product: Events Manager WordPress plugin Vendor: Marcus Sykes Vulnerable Versions: 5.3.3 and probably prior Tested Version: 5.3.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: Cross-Site Scripting...

[security bulletin] HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03680085 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03680085 Version: 1 HPSBMU02849...

Stored XSS in Terillion Reviews Wordpress Plugin

CVE Assigned-CVE-2013-2501 Exploit Title : Stored XSS in Terillion Reviews Plugin Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 08/03/13 Software link: http://wordpress.org/extend/plugins/terillion-reviews/ The Terillion Reviews Plugin in Wordpress...

libosip2 / SIP Witch DoS

NULL pointer dereference...

Varnish multiple security vulnerabilities

Different DoS conditions on HTTP headers parsing...

[SECURITY] [DSA 2636-1] xen security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2636-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 01, 2013 http://www.debian.org/security/faq -...

Re: rpi-update tmpfile vulnerability

Hello everyone, I took a closer look at this vulnerability here is my exploit to share: 45 cat /tmp/updateScript.sh EOF -- if we own it first, wait for IMODIFY and inject our malicious code 46 !/bin/bash 47 if mv "$tempFileName" "$0"; then 48 rm -- "$0" 49 exec env UPDATESELF=0 /bin/bash "$0"...

HP ServiceCenter DoS

No description provided...

DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion

Title ----- DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion Severity -------- High Date Discovered --------------- February 14, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: 0x00string, Ryan Oliver and r@b13$ Vulnerability Description...

Verax NMS Hardcoded Private Key (CVE-2013-1352)

Verax NMS Hardcoded Private Key CVE-2013-1352 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...

AoF, IAA and CSRF vulnerabilities in Question2Answer

Hello 3APA3A! These are Abuse of Functionality, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the second part of vulnerabilities in this web application. ------------------------- Affected products: ------------------------- Vulnerable are...

OpenAFS buffer overflow

Few different buffer overflows...

Verax NMS Password Replay Attack (CVE-2013-1351)

Verax NMS Password Replay Attack CVE-2013-1351 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducin...

Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header

VRYCreate | q == ',' Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions affected: 3.0.3 2.1.5 Summary: Varnish 2.1.5 and 3.0.3 crash and restart via assert while parsing Vary header backend response. This could be used if attacker gained...

OS Command Injection in CosCms

Advisory ID: HTB23145 Product: CosCms Vendor: http://www.coscms.org Vulnerable Versions: 1.721 and probably prior Tested Version: 1.721 Vendor Notification: February 13, 2013 Vendor Patch: February 13, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: OS Command Injection CWE-78 CVE...

Remote system freeze thanks to Kaspersky Internet Security 2013

I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 and any other Kaspersky product which includes the firewall...

Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header

fetchstraight | uintmaxtcl == cll Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Summary It is possible to crash via assert varnish child processes by sending invalid Content-Length reponse header. Panic message: Assert error in...