47153 matches found
VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability
VUPEN Security Research - Microsoft Windows OLE Automation Remote Code Execution Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems and graphical user interfaces produced b...
RSA Authentication Agent protection bypass
In some cases only PIN is requested insted of full authentication sequence...
cfingerd buffer overflow
Buffer overflow on request parsing...
[SECURITY] [DSA 2635-1] cfingerd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2635-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 1, 2013 http://www.debian.org/security/faq -...
dbus-glib privilege escalation
NameOwnerChanged signale processing privilege escalation...
Microsoft Windows multiple security vulnerabilities
Quartz.dll memory corruption, .Net privilege escalation, multiple kernel race conditions, CSRSS privilege escalation, TCP/IP DoS...
Apache security vulnerabilities
modinfo, modstatus, modimagemap, modldap, modproxyftp, modproxybalancer crossite scripting...
[ MDVSA-2013:015 ] apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:015 http://www.mandriva.com/security/ Package : apache Date : February 26, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in apache ASF...
War FTP Daemon memory corruption
Memory corruption on logging...
[USN-1753-1] DBus-GLib vulnerability
========================================================================== Ubuntu Security Notice USN-1753-1 February 27, 2013 dbus-glib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
[USN-1750-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1750-1 February 26, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Uncontrolled Search Path Element CWE-427 Date found: 2013-02-23 Date published: 2013-02-23 CVSSv2 Score: 4,4...
[USN-1754-1] Sudo vulnerability
========================================================================== Ubuntu Security Notice USN-1754-1 February 28, 2013 sudo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Unauthenticated remote access to D-Link DIR-645 devices
Unauthenticated remote access to D-Link DIR-645 devices ======================================================= ADVISORY INFORMATION Title: Unauthenticated remote access to D-Link DIR-645 devices Discovery date: 20/02/2013 Release date: 27/02/2013 Credits: Roberto Paleari [email protected],...
[ MDVSA-2013:016 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:016 http://www.mandriva.com/security/ Package : php Date : February 28, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php: PHP...
[USN-1747-1] Transmission vulnerability
========================================================================== Ubuntu Security Notice USN-1747-1 February 25, 2013 transmission vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
Linux kernel security vulnerabilities
Privilege escalation, information leak...
OpenSSL / PolarSSL / GnuTLS security vulnerabilities
Timing attacks, DoS...
[SE-2012-01] New security issues affecting Oracle's Java SE 7u15
Hello All, We had yet another look into Oracle's Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues numbered 54 and 55, which when combined together can be successfully used to gain a complete Java security sandbox bypass i...
TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-site scripting in Oracle Enterprise Manager advReplicationAdmin TeamSHATTER Security Advisory February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes...
TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle 11g Stealth Password Cracking Vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Database Server version 11gR1, 11gR2 Remote exploitable: Yes No authentication to Database Server is needed...
XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS
Hello 3APA3A! After my previous list of vulnerable software with ZeroClipboard.swf, here is a list of software with ZeroClipboard10.swf. These are Cross-Site Scripting vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS. Earlier I've wrote about Cross-Site Scripting...
CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date...
squid cachemanager DoS
cachemgr.cgi resources exhaustion...
[ MDVSA-2013:013 ] squid
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:013 http://www.mandriva.com/security/ Package : squid Date : February 20, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in squid...
TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Alter FBA Table February 20, 2013 Risk Level: High Affected versions: Oracle Database Enterprise Edition 11.1, 11.2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched...
TeamSHATTER Security Advisory: HTTP Response Splitting in Oracle EM (policyViewSettings) (CVE-2013-0354)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager policyViewSettings February 20, 2013 Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Y...
[SECURITY] [DSA 2628-1] nss-pam-ldapd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2628-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 18, 2013 http://www.debian.org/security/faq -...
HP ArcSight multiple security vulnerabilities
Information leakage, code execution, crossite scripting...
Boost library protection bypass
Invalid UTF-8 sequences validation...
Alt-N MDaemon Email Body HTML/JS Injection Vulnerability
============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...
[SECURITY] [DSA 2625-1] wireshark security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2625-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 17, 2013 http://www.debian.org/security/faq -...
Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro.
---+ Security Alert: Code injection vulnerability in MAKETEXT macro This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext 1, which Foswiki uses to provide translations when...
[USN-1734-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a relatively minor issue, hence no embargo. Michael Scherer [email protected] of Red Hat found: Looking for incorrect /tmp/ usage, I found the following piece of code in /usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb...
US-CERT Alert TA13-051A - Oracle Java Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-051A Oracle Java Multiple Vulnerabilities Original release date: February 20, 2013 Last revised: -- Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 13 and earlier JDK and...
TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-2012-3219)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Segment Advisor Arbitrary URL redirection/phishing vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5,...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
XSS vulnerabilities in ZeroClipboard
Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in ZeroClipboard. Last week I've made my research of these vulnerabilities and informed all developers previous and current of ZeroClipboard. When I've downloaded ZeroClipboard in September 2011, when I was writing my article Attacks vi...
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
Over 85 of different vulnerabilites are fixed in CPU...
[security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03606700 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03606700 Version: 1 HPSBMU02836...
TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Database GeoRaster API overflow February 20, 2013 Risk Level: High Affected versions: Oracle Database 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability w...
Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability
========================================================================================== Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability ========================================================================================== Software: Alt-N MDaemon v13.0.3...
NetGear DGN2200 multiple security vulnerabilities
XSS, code execution, information leakage...
FreeBSD Security Advisory FreeBSD-SA-13:02.libc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:02.libc Security Advisory The FreeBSD Project Topic: glob3 related resource exhaustion Category: core Module: libc Announced: 2013-02-19 Affects: All supported...
Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability
====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...
OSEC-2013-01: nagios metacharacter filtering omission
Exploit Title: Wordpress pretty-link plugin XSS in SWF Release Date: 20/02/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip Vendor Homepage: http://prettylinkpro.com/ Tested on:...
Samsung Galaxy S3 screenlock bypass
Voice commands are available in locked state...
Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability
===================================================================================== Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability ===================================================================================== Software: Alt-N MDaemon v13.0.3 and prior...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager dBClone February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...