47153 matches found
Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability
========================================================================================== Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability ========================================================================================== Software: Alt-N MDaemon v13.0.3...
NetGear DGN2200 multiple security vulnerabilities
XSS, code execution, information leakage...
Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability
================================================================== Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability ================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: Remote Code...
FreeBSD Security Advisory FreeBSD-SA-13:02.libc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:02.libc Security Advisory The FreeBSD Project Topic: glob3 related resource exhaustion Category: core Module: libc Announced: 2013-02-19 Affects: All supported...
Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability
====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...
OSEC-2013-01: nagios metacharacter filtering omission
Exploit Title: Wordpress pretty-link plugin XSS in SWF Release Date: 20/02/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip Vendor Homepage: http://prettylinkpro.com/ Tested on:...
Samsung Galaxy S3 screenlock bypass
Voice commands are available in locked state...
Alt-N MDaemon multiple security vulnerabilities
Multiple web interface vulnerabilities...
[IA47] Photodex ProShow Producer v5.0.3297 PXT File title Value Handling Buffer Overflow
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2013-02-16 Date published: 2013-02-16 CVSSv2 Score: 6,8 AV:N/AC:M/Au:N/C:P/I:P/A:P...
Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability
===================================================================================== Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability ===================================================================================== Software: Alt-N MDaemon v13.0.3 and prior...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager Resource Manager February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remot...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager dBClone February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...
TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CVE-2013-0352)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Cross Site Scripting in XDBResource cancelURL parameter February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7,...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (streams queue) (CVE-2013-0373)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager streams queue February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...
Samsung Galaxy S3 partial screen-lock bypass
MTI Technology – Vulnerability Research Team www.mti.com ukpentestinfo"at"mti.com Samsung Galaxy S3 – partial screen-lock bypass Date found: 17th Feb 2012 Vendor Notified: 20th Feb 2012 Vendor Affected: Samsung Device: Galaxy S3 Model: GT-19300 OS: Android 4.1.2 Kernel Version: 3.0.31-742798...
[CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF‏
Exploit Title: Wordpress pretty-link plugin XSS in SWF Release Date: 20/02/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip Vendor Homepage: http://prettylinkpro.com/ Tested on:...
Multiple Vulnerabilities in Netgear DGN2200B
Device Name: DGN2200B Vendor: Netgear ============ Vulnerable Firmware Releases: ============ Hardwareversion DGN2200B Firmwareversion V1.0.0.367.0.36 - 04/01/2011 ============ Device Description: ============ Infos: http://www.netgear.com/home/products/wirelessrouters/work-and-play/dgn2200.aspx...
[USN-1727-1] Boost vulnerability
========================================================================== Ubuntu Security Notice USN-1727-1 February 18, 2013 boost1.49 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
Multiple Cross-Site Scripting (XSS) in glFusion
Advisory ID: HTB23142 Product: glFusion Vendor: http://www.glfusion.org/ Vulnerable Versions: 1.2.2 and probably prior Tested Version: 1.2.2 Vendor Notification: January 30, 2013 Vendor Patch: January 30, 2013 Public Disclosure: February 20, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CV...
Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability
Exploit Title : Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 18/02/13 software link: http://wordpress.org/extend/plugins/marekkis-watermark/ CVE Assigned - CVE-2013-1758 Marekkis...
Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability
Exploit Title : Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 18/02/13 software link: http://wordpress.org/extend/plugins/responsive-logo-slideshow/ CVE Assigned - CVE-2013-1759...
SAP Netweaver Message Server multiple security vulnerabilities
Code execution, DoS...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, https response spoofing, information leakage, protection bypass, DoS...
[USN-1733-1] Ruby vulnerabilities
========================================================================== Ubuntu Security Notice USN-1733-1 February 21, 2013 ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...
Ruby multiple security vulnerabilities
Crossite scripting, protection bypass...
[USN-1739-1] Linux kernel vulnerability
========================================================================== Ubuntu Security Notice USN-1739-1 February 22, 2013 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager advReplicationAdmin February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits:...
[IA46] Photodex ProShow Producer v5.0.3297 ColorPickerProc() Memory Corruption
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Improper Restriction of Operations within the Bounds of a Memory BufferCWE-119 Date found: 2013-02-14 Date published: 2013-02-14...
Atmel crypto co-processors information leakage
Keys may be leaked via JTAG interface...
Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities
Title: ====== Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities Date: ===== 2013-02-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=786 VL-ID: ===== 786 Common Vulnerability Scoring System: ==================================== 5.2 Introduction: ============...
Multiple Vulnerabilities in Edimax EW-7206-APg and EW-7209APg
Device Name: EW-7206APg / EW-7209APg Vendor: Edimax ============ Vulnerable Firmware Releases: ============ Device: EW-7206APg Hardware Version Rev. A Runtime Code Version v1.32 Runtime Code Version V1.33 Device: EW-7209APg Hardware Version Rev. A Runtime Code Version 1.21 Runtime Code Version 1....
[USN-1723-1] Qt vulnerabilities
========================================================================== Ubuntu Security Notice USN-1723-1 February 14, 2013 qt4-x11 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
Multiple Vulnerabilities in Linksys WAG200G
Device Name: Linksys WAG200G Vendor: Linksys/Cisco ============ Device Description: ============ The WAG200G is a Linksys Wireless-G ADSL Home Gateway which has a high-speed ADSL2+ modem that gives you a fast connection to the Internet. Source:...
gnome screensaver protection bypass
Screensaver doesn't start automatically...
Multiple Vulnerabilities in Linksys WRT160Nv2
Device Name: Linksys WRT160Nv2 Vendor: Linksys/Cisco ============ Device Description: ============ Best For: Delivers plenty of speed and coverage, so large groups of users can go online, transfer large files, print, and stream stored media Features: Fast Wireless-N connectivity frees you to do...
[slackware-security] pidgin (SSA:2013-044-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security pidgin SSA:2013-044-01 New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...
Pidgin multiple security vulnerabilities
Different vulnerabilities in MXit and IPnP implementations...
CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino
Hello 3APA3A! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Domino. At 30th of November IBM released the advisory concerning these vulnerabilities. CVE ID: CVE-2012-4842, CVE-2012-4844. SecurityVulns ID: 12789. IBM Security Bulletin for Ope...
[USN-1716-1] gnome-screensaver vulnerability
========================================================================== Ubuntu Security Notice USN-1716-1 February 12, 2013 gnome-screensaver vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability
Title: ====== Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: ===== 2013-02-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=789 9984: Investigate Vulnerability Lab issues this ticket included tracking the creation of our DBI shim to error on semi-col...
Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack
The Atmel AT91SAM7XC series of microprocessors contain a crypto co-processor which is DES and AES capable. They include a write-only memory for key storage and multiple physical security measures to prevent decapping etc. However, due to poor memory management, in certain circumstances it is...
[USN-1722-1] jQuery vulnerability
========================================================================== Ubuntu Security Notice USN-1722-1 February 13, 2013 jquery vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Cisco Linksys routers multiple security vulnerabilities
Directory traversals, code execution, etc...
[SECURITY] [DSA 2623-1] openconnect security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2623-1 [email protected] http://www.debian.org/security/ Florian Weimer February 14, 2013 http://www.debian.org/security/faq -...
Edimax access points multiple security vulnerabilities
Multiple web interface vulnerabilities...
TP-Link access points multiple security vulnereabilities
Multiple web interface vulnerabilities...
Dell Sonicwall Scrutinizer multiple security vulnerabilities
Multiple web interface vulnerabilities...
IBM Lotus Domino crossite scripting and open redirect
IBM Lotus Domino Web Server crossite scripting and open redirection...
I Read It Somewhere (IRIS) citations management tool <= v1.3 (post auth) Remote Command Execution
A vulnerability exists in IRIS citations management tool which allows a low privileged attacker to execute arbitrary commands. Details can be found on my blog: https://infosecabsurdity.wordpress.com/2013/02/09/iris-citations-management-tool-post-auth-remote-command-execution/ PoC:...
Qt multiple security vulnerabilities
Information leakage, incalid SSL error messages...