47153 matches found
[slackware-security] pidgin (SSA:2013-044-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security pidgin SSA:2013-044-01 New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...
[SECURITY] [DSA 2623-1] openconnect security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2623-1 [email protected] http://www.debian.org/security/ Florian Weimer February 14, 2013 http://www.debian.org/security/faq -...
Multiple Vulnerabilities in Edimax EW-7206-APg and EW-7209APg
Device Name: EW-7206APg / EW-7209APg Vendor: Edimax ============ Vulnerable Firmware Releases: ============ Device: EW-7206APg Hardware Version Rev. A Runtime Code Version v1.32 Runtime Code Version V1.33 Device: EW-7209APg Hardware Version Rev. A Runtime Code Version 1.21 Runtime Code Version 1....
[USN-1722-1] jQuery vulnerability
========================================================================== Ubuntu Security Notice USN-1722-1 February 13, 2013 jquery vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability
Title: ====== Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: ===== 2013-02-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=789 9984: Investigate Vulnerability Lab issues this ticket included tracking the creation of our DBI shim to error on semi-col...
Microsoft Exchange / FAST Search Server code execution
Code execution on Outlook Web Access document viewing / Advanced Filter Pack because of Oracle Outside In technology vulnerability...
[USN-1720-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1720-1 February 12, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Microsoft Windows Server NFS server DoS
NULL pointer dereference...
Microsoft Internet Explorer multiple security vulnerabilities
Information leakage, multiple use-after-free vulnerabilities, VML memory corruption...
Adobe Shockwave Player code execution
Few code execution possibilities...
[SECURITY] [DSA 2622-1] polarssl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2622-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 13, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2616-1] nagios3 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2616-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire February 03, 2013 http://www.debian.org/security/faq -...
Mathematica9.0.1 on Linux /tmp/MathLink vulnerability
The problem reported for Mathematica is present still at version 9.0.1, both for the GUI and for the command-line interface. Cheers, Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia ---...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities
ESA-2013-002.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities EMC Identifier: ESA-2013-002 CVE Identifier: CVE-2012-2293, CVE-2012-2292, CVE-2012-1064, CVE-2012-2294 Severity Rating: See below for scores for individual issues Affected...
0day full - Free Monthly Websites v2.0 - Multiple Web Vulnerabilities
Title: ====== Free Monthly Websites v2.0 - Multiple Web Vulnerabilities Date: ===== 2013-02-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=851 VL-ID: ===== 851 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...
cURL buffer overflow
Buffer overflow in SASL DIGEST-MD5 implementation...
SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin
Advisory ID: HTB23140 Product: Wysija Newsletters WordPress plugin Vendor: Wysija Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Vendor Notification: January 16, 2013 Vendor Patch: January 18, 2013 Public Disclosure: February 6, 2013 Vulnerability Type: SQL Injection CWE-89 CVE...
[USN-1714-1] QXL graphics driver vulnerability
========================================================================== Ubuntu Security Notice USN-1714-1 February 05, 2013 xserver-xorg-video-qxl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Symantec Enterprise Security Manager privilege escalation
Privilege escalation via executable planting...
Lorex IP cameras authenticaiton bypass
It's possible to access camera without authentication...
Sony Playstation Vita addressbar spoofing
Adress bar spoofing via window.open...
Cisco ATA 187 unauthorized access
Unauthorized access via TCP/7870 port...
Broadcom chipset routers format string vulnerability
UPnP stack implementation format string vulnerability...
HP LeftHand Virtual SAN Appliance code execution
No description provided...
Oracle Automated Service Manager symbolic links vulnerability
Symbolic links vulnerability during installation process...
[USN-1715-1] OpenStack Keystone vulnerability
========================================================================== Ubuntu Security Notice USN-1715-1 February 05, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Directory Traversal - EasyITSP <= 2.0.7
Directory Traversal - EasyITSP = 2.0.7 EasyITSP - Telephone System VoIP http://blaszczakm.blogspot.com Michal Blaszczak Search/Read/Delete filetype .txt Search/Play/Delete filetype .wav - Voicemail file: voicemail.php line: 220 foreach glob"$vmdir/$SESSIONphone/$vmfolder/.txt" as $filename file:...
NGS00315 Patch Notification: Symantec Enterprise Security Management Agent Privilege Escalation
Medium Risk Vulnerability in Symantec Enterprise Security Management 04 February 2013 Gavin Jones of NCC Group has discovered a Medium risk vulnerability in Symantec Enterprise Security Management 9.0.1 Agent version 9.0.1153.20001 Impact: Privilege escalation Versions affected: Symantec Enterpri...
[slackware-security] curl (SSA:2013-038-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security curl SSA:2013-038-01 New curl packages are available for Slackware 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...
RSA Archer GRC multiple security vulnerabilities
Directory traversal, clickjacking, crossite access, crossite scripting...
NGS00336 Patch Notification: Symantec Network Access Control Privilege Escalation
Medium Risk Vulnerability in Symantec Network Access Control 04 February 2013 Gavin Jones of NCC Group has discovered a Medium risk vulnerability in Symantec Endpoint Protection Version 12.1.1000.157.105 Impact: Privilege escalation Versions affected: Symantec Network Access Control v12.1 and...
[KIS-2013-02] CubeCart <= 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability
------------------------------------------------------------------------- CubeCart = 5.2.0 cubecart.class.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.cubecart.com/ - Affected Versions: All versions fr...
[CVE-2013-1463]Wordpress wp-table-reloaded‏ plugin XSS in SWF
Exploit Title: Wordpress wp-table-reloaded plugin XSS in SWF Release Date: 24/01/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/wp-table-reloaded.latest-stable.zip Vendor Homepage:...
[CVE-2013-1464]Wordpress Audio Player Plugin XSS in SWF‏‏
Exploit Title: Wordpress Audio Player Plugin XSS in SWF Release Date: 31/01/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip Vendor Homepage: http://wpaudioplayer.com/ Tested...
[SECURITY] [DSA 2618-1] ircd-hybrid security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2618-1 [email protected] http://www.debian.org/security/ Luciano Bello February 07, 2013 http://www.debian.org/security/faq -...
Oracle Automated Service Manager 1.3 & Auto Service Request 4.3 local root during install
Oracle Automated Service Manager 1.3 local root during install Larry W. Cashdollar 1/29/2013 @larry0 SUNWsasm-1.3.1-20110815093723 https://updates.oracle.com/Orion/Services/download?type=readme&aru=15864534 From the README: "Oracle Automated Service Manager 1.3.1 Oracle Automated Service Manager ...
DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up
A few weeks ago, we have announced remote preauth root access exploit for Cisco Linksys http://www.youtube.com/watch?v=cv-MbL7KFKE. Vulnerability details were disclosed here: http://www.defensecode.com/public/DefenseCodeBroadcomSecurityAdvisory.pdf During further research, we have discovered that...
[PT-2012-53] Privilege Gaining in DataLife Engine
----------------------------------------------------------- PT-2012-53 Positive Technologies Security Advisory Privilege Gaining in DataLife Engine ----------------------------------------------------------- --- Vulnerable software DataLife Engine Version: 9.7 and earlier Application link:...
[security bulletin] HPSBST02846 SSRT100798 rev.1 - HP LeftHand Virtual SAN Appliance hydra, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03661318 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03661318 Version: 1 HPSBST02846...
[security bulletin] HPSBMU02842 SSRT100909 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03652323 Version: 1 HPSBMU02842 SSRT100909 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security...
QXL driver DoS
Crash on connection termination...
IRCD-Hybrid DoS
No description provided...
Multiple Vulnerabilities in D'Link DIR-600 and DIR-300 (rev B)
Device Name: DIR-600 / DIR 300 - HW rev B1 Vendor: D-Link ============ Vulnerable Firmware Releases - DIR-300: ============ Firmware Version : 2.12 - 18.01.2012 Firmware Version : 2.13 - 07.11.2012 ============ Vulnerable Firmware Releases - DIR-600: ============ Firmware-Version : 2.12b02 -...
HP Network Node Manager I crossite scripting
No description provided...
[MajorSecurity-SA-2013-014] Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing
MajorSecurity-SA-2013-014Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing Details ============= Product: Sony Playstation Vita Browser - firmware 2.05 CVE-ID: CVE-2013-XXXX Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://de.playstation.com/psvita/ Advisory-Status...
CVE-2012-6451 Authentication Bypass in LOREX IP Cameras
Product: Lorex LNC116 and LNC104 IP Cameras Vendor: LOREX Technology Inc. Vulnerability Type: Authentication Bypass Vulnerable Firmware Versions: 030312 and earlier Tested Firmware Version: 030312 Fixed Firmware Version: 030405 Solution Status: Fixed by Vendor Vendor Notification: December 22, 20...
Multiple Vulnerabilities in Linksys E1500/E2500
Device Name: Linksys E1500 / E2500 Vendor: Linksys ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E1500 to sha...
Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin
Advisory ID: HTB23138 Product: CommentLuv WordPress plugin Vendor: Andy Bailey Vulnerable Versions: 2.92.3 and probably prior Tested Version: 2.92.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: February 6, 2013 Vulnerability Type: Cross-Site Scripting...
Symantec Endpoint Protection Management security vulnerabilities
Executable planting, remote PHP code execution...