47153 matches found
VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability
VUPEN Security Research - Microsoft Windows OLE Automation Remote Code Execution Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems and graphical user interfaces produced b...
RSA Authentication Agent protection bypass
In some cases only PIN is requested insted of full authentication sequence...
cfingerd buffer overflow
Buffer overflow on request parsing...
[SECURITY] [DSA 2635-1] cfingerd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2635-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 1, 2013 http://www.debian.org/security/faq -...
[ MDVSA-2013:016 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:016 http://www.mandriva.com/security/ Package : php Date : February 28, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php: PHP...
dbus-glib privilege escalation
NameOwnerChanged signale processing privilege escalation...
Microsoft Windows multiple security vulnerabilities
Quartz.dll memory corruption, .Net privilege escalation, multiple kernel race conditions, CSRSS privilege escalation, TCP/IP DoS...
[USN-1754-1] Sudo vulnerability
========================================================================== Ubuntu Security Notice USN-1754-1 February 28, 2013 sudo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SE-2012-01] New security issues affecting Oracle's Java SE 7u15
Hello All, We had yet another look into Oracle's Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues numbered 54 and 55, which when combined together can be successfully used to gain a complete Java security sandbox bypass i...
Apache security vulnerabilities
modinfo, modstatus, modimagemap, modldap, modproxyftp, modproxybalancer crossite scripting...
[ MDVSA-2013:015 ] apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:015 http://www.mandriva.com/security/ Package : apache Date : February 26, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in apache ASF...
War FTP Daemon memory corruption
Memory corruption on logging...
[USN-1753-1] DBus-GLib vulnerability
========================================================================== Ubuntu Security Notice USN-1753-1 February 27, 2013 dbus-glib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
[USN-1750-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1750-1 February 26, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Unauthenticated remote access to D-Link DIR-645 devices
Unauthenticated remote access to D-Link DIR-645 devices ======================================================= ADVISORY INFORMATION Title: Unauthenticated remote access to D-Link DIR-645 devices Discovery date: 20/02/2013 Release date: 27/02/2013 Credits: Roberto Paleari [email protected],...
[IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Uncontrolled Search Path Element CWE-427 Date found: 2013-02-23 Date published: 2013-02-23 CVSSv2 Score: 4,4...
OpenSSL / PolarSSL / GnuTLS security vulnerabilities
Timing attacks, DoS...
Linux kernel security vulnerabilities
Privilege escalation, information leak...
[USN-1747-1] Transmission vulnerability
========================================================================== Ubuntu Security Notice USN-1747-1 February 25, 2013 transmission vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-site scripting in Oracle Enterprise Manager advReplicationAdmin TeamSHATTER Security Advisory February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes...
PHP-Fusion 7.02.05 SQL Injection
SQL Injection vulnerability exists in releases since 7.02.01 till 7.02.05 of PHP-Fusion CMS. The vulnerability allows the attacker to authenticate as an arbitrary user and act with its rights which might lead to the code execution. Because of exploitation simplicity, the potential risk is very...
TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle 11g Stealth Password Cracking Vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Database Server version 11gR1, 11gR2 Remote exploitable: Yes No authentication to Database Server is needed...
XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS
Hello 3APA3A! After my previous list of vulnerable software with ZeroClipboard.swf, here is a list of software with ZeroClipboard10.swf. These are Cross-Site Scripting vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS. Earlier I've wrote about Cross-Site Scripting...
SQLi found in Kodak Insite
Hello ... While investigating a recent installation of Kodak's Insite Creative Workflow System for my current employer, an SQL Injection vulnerability was discovered in its "Forgot Your Password?" page. An example of this application can be seen on the Kodak site...
CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date...
squid cachemanager DoS
cachemgr.cgi resources exhaustion...
[ MDVSA-2013:013 ] squid
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:013 http://www.mandriva.com/security/ Package : squid Date : February 20, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in squid...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (SCPLBL_COLLECTED parameters) (CVE-2013-0353)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager SCPLBLCOLLECTED parameters February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes...
TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Alter FBA Table February 20, 2013 Risk Level: High Affected versions: Oracle Database Enterprise Edition 11.1, 11.2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched...
TeamSHATTER Security Advisory: HTTP Response Splitting in Oracle EM (policyViewSettings) (CVE-2013-0354)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager policyViewSettings February 20, 2013 Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Y...
[SECURITY] [DSA 2628-1] nss-pam-ldapd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2628-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 18, 2013 http://www.debian.org/security/faq -...
nss-pam-ldapd fd_set overflow
FDSET structure overflow...
HP ArcSight multiple security vulnerabilities
Information leakage, code execution, crossite scripting...
Boost library protection bypass
Invalid UTF-8 sequences validation...
Alt-N MDaemon Email Body HTML/JS Injection Vulnerability
============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...
[SECURITY] [DSA 2625-1] wireshark security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2625-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 17, 2013 http://www.debian.org/security/faq -...
Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro.
---+ Security Alert: Code injection vulnerability in MAKETEXT macro This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext 1, which Foswiki uses to provide translations when...
[USN-1731-1] OpenStack Cinder vulnerability
========================================================================== Ubuntu Security Notice USN-1731-1 February 21, 2013 cinder vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-1734-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a relatively minor issue, hence no embargo. Michael Scherer [email protected] of Red Hat found: Looking for incorrect /tmp/ usage, I found the following piece of code in /usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb...
US-CERT Alert TA13-051A - Oracle Java Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-051A Oracle Java Multiple Vulnerabilities Original release date: February 20, 2013 Last revised: -- Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 13 and earlier JDK and...
Alt-N MDaemon's WorldClient Username Enumeration Vulnerability
==================================================================== Alt-N MDaemon's WorldClient Username Enumeration Vulnerability ==================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...
TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-2012-3219)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Segment Advisor Arbitrary URL redirection/phishing vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5,...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
XSS vulnerabilities in ZeroClipboard
Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in ZeroClipboard. Last week I've made my research of these vulnerabilities and informed all developers previous and current of ZeroClipboard. When I've downloaded ZeroClipboard in September 2011, when I was writing my article Attacks vi...
XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery
Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in YAML, MultiProject extension for Trac, UserCollections extension for Piwigo, TAO and TableTools plugin for DataTables plugin for jQuery with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in...
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
Over 85 of different vulnerabilites are fixed in CPU...
[USN-1730-1] OpenStack Keystone vulnerabilities
========================================================================== Ubuntu Security Notice USN-1730-1 February 20, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...
[security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03606700 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03606700 Version: 1 HPSBMU02836...
TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Database GeoRaster API overflow February 20, 2013 Risk Level: High Affected versions: Oracle Database 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability w...