47153 matches found
Symantec Endpoint Protection Management security vulnerabilities
Executable planting, remote PHP code execution...
0day full - Free Monthly Websites v2.0 - Multiple Web Vulnerabilities
Title: ====== Free Monthly Websites v2.0 - Multiple Web Vulnerabilities Date: ===== 2013-02-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=851 VL-ID: ===== 851 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...
[USN-1710-1] OpenStack Glance vulnerability
========================================================================== Ubuntu Security Notice USN-1710-1 January 29, 2013 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
EMC AlphaStor buffer overfllow
Buffer overflow via device name...
libvirt DoS vulnerabilities
Few DoS conditions...
[IA33] Serva v2.0.0 DNS Server Remote Denial of Service
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Serva Vendor URL: www.vercot.com Type: Uncaught Exception CWE-248 Date found: 2012-07-08 Date published: 2013-01-14 CVSSv2 Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CVE: - 2. CREDITS ----------...
Multiple vulnerabilities in Chocolate WP theme for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in Chocolate WP theme for WordPress. This is commercial theme for WP. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. In 2011 I wrote about...
[SECURITY] [DSA 2613-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2613-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 29, 2013 http://www.debian.org/security/faq -...
D-Link IP cameras information leakage
It's possible to retrieve camera password...
Kohana Framework v2.3.3 - Directory Traversal Vulnerability
Title: ====== Kohana Framework v2.3.3 - Directory Traversal Vulnerability Date: ===== 2013-01-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=841 VL-ID: ===== 837 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: ============...
Re: Wordpress Pingback Port Scanner
Hi Chris! It's good that you've drew attention on possibility of port scanning and made nice software for abusing this WP feature. But I want to remind about another vulnerability in XML-RPC, which I've disclosed in 2012. The most important hole in WordPress XML-RPC is Brute Force...
Serva security vulnerabilities
DoS conditions on HTTP and DNS requests processing...
Apple iOS multiple security vulnerabilities
Information leakage, certificates vulnerabilities, multiple WebKit vulnerabilities...
WordPressSearch plugin SQL Injection Vulnerability
Exploit Title: WordPressSearch plugin SQL Injection Vulnerability Date: 2013-01-31 Author: Mo.BKaFeK HaCKeR Email: [email protected] Platform / Tested on: php/xp Dork: inurl:wp-content/plugins/RLSWordPressSearch/register.php?a= Code : SQL injection...
Unauthenticated remote access to D-Link DCS cameras
Unauthenticated remote access to D-Link DCS cameras =================================================== ADVISORY INFORMATION Title: Unauthenticated remote access to D-Link DCS cameras Discovery date: 20/06/2012 Release date: 28/01/2013 Credits: Roberto Paleari [email protected], twitter:...
[IA34] Serva v2.0.0 HTTP Server GET Remote Denial of Service
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Serva Vendor URL: www.vercot.com Type: Uncaught Exception CWE-248 Date found: 2012-12-07 Date published: 2013-01-14 CVSSv2 Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CVE: - 2. CREDITS ----------...
Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities
Title: ====== Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: ===== 2013-01-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=701 VL-ID: ===== 701 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-01-28-1 iOS 6.1 Software Update iOS 6.1 Software Update is now available and addresses the following: Identity Services Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: Authentication...
Buffalo TeraStation security vulnerabilities
Code execution, information leakage...
[security bulletin] HPSBST02839 SSRT101077 rev.1 - HP XP P9000 Command View Advanced Edition, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03650706 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03650706 Version: 1 HPSBST02839...
APPLE-SA-2013-01-28-2 Apple TV 5.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-01-28-2 Apple TV 5.2 Apple TV 5.2 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: A user-mode process may be able to access the first page of kernel memory Description: The...
XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget")
Hello dear XSS bored audience, the PHP based social networking engine Elgg 1, versions 1.8.12 and 1.7.16 and earlier, bears a persistent script injection vulnerability in its core module "Twitter widget", which allows for XSS attacks. On installations which have the Twitter widget activated...
HP XP P9000 Command View Advanced Edition DoS
No description provided...
libav / ffmpeg multiple security vulnerabilities
Multple memory corruptions on different formats handling...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability
ESA-2013-010.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability EMC Identifier: ESA-2013-010 EMC Identifier: NW147263 CVE Identifier: CVE-2013-0930 Severity Rating: CVSS v2 Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C Affected product: EMC...
Apple TV security vulnerabilities
Information leakage, DoS...
libssh DoS
Crash on connection engotiation...
[USN-1707-1] libssh vulnerability
========================================================================== Ubuntu Security Notice USN-1707-1 January 28, 2013 libssh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-1709-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1709-1 January 29, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Multiple vulnerabilities in Flash News theme for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in Flash News theme for WordPress. This is commercial theme for WP from WooThemes. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary File Upload and Information Leakage...
Buffalo TeraStation TS-Series multiple vulnerabilities
Title: Buffalo TeraStation TS-Series multiple vulnerabilities Version affected: firmware version = 1.5.7 Vendor: http://www.buffalotech.com/products/network-storage Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched...
DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
DefenseCode Security Advisory http://www.defensecode.com/ Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory ID: DC-2013-01-003 Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory URL: http://www.defensecode.com/subcategory/advisories-28...
FortiNet FortiMail security vulnerabilities
Different vulnerabilities in Web interface...
[USN-1705-1] Libav vulnerabilities
========================================================================== Ubuntu Security Notice USN-1705-1 January 28, 2013 libav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Vulnerabilities in WordPress Attack Scanner for WordPress
Hello 3APA3A! I want to warn you about security vulnerabilities in WordPress Attack Scanner plugin for WordPress. These are Information Leakage vulnerabilities. This is security plugin. In my 63 advisories about different vulnerabilities in WordPress plugins http://websecurity.com.ua/3397/ I've...
nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities
Title: ====== nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities Date: ===== 2013-01-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=795 nCircle Tracking ID: 20130117-US11337 VL-ID: ===== 795 Common Vulnerability Scoring System:...
[USN-1708-1] libvirt vulnerabilities
========================================================================== Ubuntu Security Notice USN-1708-1 January 29, 2013 libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ • Software Link: http://dleviet.com/ • Affected Version: 9.7 only. • Vulnerability Description: Th...
SQL Injection Vulnerability in ImageCMS
Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
Wordpress Valums Uploader - File Upload Vulnerability
Title: ====== Wordpress Valums Uploader - File Upload Vulnerability Date: ===== 2013-01-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=817 VL-ID: ===== 817 Common Vulnerability Scoring System: ==================================== 7.5 Abstract: ========= The...
Wordpress Developer Formatter CSRF Vulnerability
==================================================================================================================== Exploit Title: Wordpress Developer Formatter CSRF Vulnerability Date: 21/01/13 Author: Junaid Hussain - illSecure Research Group - Contact: [email protected] | Website:...
CVE-2013-0805 / CSNC-2013-001
COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2013-0805 CSNC ID: CSNC-2013-001 Product: iTop Vendor: Combodo Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer stephan.rickauer at csnc.ch Date: January 23rd 2013 Introduction:...
Cross-Site Scripting (XSS) vulnerability in gpEasy
Advisory ID: HTB23137 Product: gpEasy Vendor: gpeasy Vulnerable Versions: 3.5.2 and probably prior Tested Version: 3.5.2 Vendor Notification: January 2, 2013 Vendor Patch: January 2, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...
[SECURITY] [DSA 2610-1] ganglia security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2610-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez January 21, 2013 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability
Product: DigiLIBE Management Console Vendor: Digitiliti Version: 3.4 - ? Tested Version: 3.4 Vendor Notified Date: October 09, 2012 Release Date: January 18, 2013 Risk: High Authentication: None required Remote: Yes Description: Execution After Redirect vulnerabilities exist in DigiLIBE Managemen...
WordPress SolveMedia 1.1.0 CSRF Vulnerability
Exploit Title: WordPress SolveMedia 1.1.0 CSRF Vulnerability Release Date: 24/01/13 Author: Junaid Hussain - illSecure Research Group - Contact: [email protected] | Website: http://illSecure.com Software Link: http://downloads.wordpress.org/plugin/solvemedia.1.1.0.zip Vendor Homepage:...
[SECURITY] [DSA 2611-1] movabletype-opensource security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2611-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez January 22, 2013 http://www.debian.org/security/faq -...
Cisco Wireless LAN Controller multiple security vulnerabilities
DoS via IP packet processing in IPS, DoS via SIP packet, SNMP unauthorized access, HTTP Profiling code execution...