Multiple SQL Injection Vulnerabilities in Elite Bulletin Board

Advisory ID: HTB23133 Product: Elite Bulletin Board Vendor: elite-board.us Vulnerable Versions: 2.1.21 and probably prior Tested Version: 2.1.21 Vendor Notification: November 28, 2012 Vendor Patch: December 6, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: SQL Injection CWE-89 CVE...

CA20121220-01: Security Notice for CA IdentityMinder

CA20121220-01: Security Notice for CA IdentityMinder Issued: December 20, 2012 CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder formerly known as CA Identity Manager. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands,...

Oracle VirtualBox DoS

Incorrect interrupt handling...

VMSA-2012-0018 VMware security updates for vCSA and ESXi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VMware Security Advisory Advisory ID: VMSA-2012-0018 Synopsis: VMware security updates for vCSA and ESXi Issue date: 2012-12-20 Updated on: 2012-12-20 initial advisory CVE numbers: ------------- vCSA --------------- CVE-2012-6324, CVE-2012-6325...

Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root

/Local root exploit for Centrify Deployment Manager v2.1.0.283 local root, Centrify released a fix very quickly - nice vendor response. http://vapid.dhs.org/exploits/centrifylocalr00t.c CVE-2012-6348 12/17/2012 http://vapid.dhs.org/advisories/centrifydeploymentmanagerinsecuretmp2.html Greetings...

Multiple vulnerabilities in multiple themes for WordPress

Hello 3APA3A! Some time ago, when I've found vulnerabilities in plugin BuddyPress for WordPress particularly in Affinity BuddyPress theme for it with Rokbox, which I disclosed earlier, I also found multiple vulnerable themes for WP with Rokbox. So I want to warn you about multiple vulnerabilities...

[SECURITY] [DSA 2596-1] mediawiki-extensions security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2596-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire December 30, 2012 http://www.debian.org/security/faq -...

[USN-1676-1] AppArmor update

========================================================================== Ubuntu Security Notice USN-1676-1 December 19, 2012 AppArmor update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

EMC Data Protection Advisor information leakage

It's possible to access files remotely...

CubeCart 3.0.20 (3.0.x) and lower | Arbitrary File Upload

OVERVIEW CubeCart 3.0.20 and lower versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful...

CS and XSS vulnerabilities in BuddyPress for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin BuddyPress for WordPress. I've disclosed vulnerabilities in JW Player in June and August including in commercial version JW Player Pro and disclosed vulnerabilities in Rokbox in December. And BuddyPress uses this...

[USN-1677-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-1677-1 December 20, 2012 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

EMC Avamar: World writable cache files

Product: Avamar backup client for Linux Proberly also Unix but not tested Vendor: EMC http://www.emc.com Tested version: 6.1.100-402 Latest Vendor Notification: December 17, 2012 Vender Patch: None Vender Workaround: quoteworkaround is to run a script at the end of each backup which set the files...

ESA-2012-060: EMC Data Protection Advisor Information Disclosure Vulnerability.

ESA-2012-060.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-060: EMC Data Protection Advisor Information Disclosure Vulnerability. EMC Identifier: ESA-2012-060 CVE Identifier: CVE-2012-4616 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected Products: EMC Data...

GnuPG memory corruption

Memory corruption on keyring file import...

Charybdis IRC server DoS

assert on client capabilities negotiation...

Centrify Deployment Manager symbolic links vulnerability

Insecure temporary files creation...

[SECURITY] [DSA 2592-1] elinks security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2592-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 28, 2012 http://www.debian.org/security/faq -...

Persistent XSS vulnerability in WP-UserOnline

Hello 3APA3A! in 2010 I've disclosed multiple vulnerabilities Cross-Site Scripting and Full path disclosure in WordPress plugin WP-UserOnline http://securityvulns.ru/Ydocument162.html, http://seclists.org/fulldisclosure/2010/Jul/8. And recently I've disclosed the exploit for persistent XSS...

CubeCart 4.4.6 and lower | Multiple Cross Site Scripting Vulnerabilities

OVERVIEW CubeCart 4.4.6 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...

CubeCart 4.4.6 and lower | Cross Site Request Forgery (CSRF) Vulnerability

OVERVIEW CubeCart 4.4.6 and lower versions are vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a...

Polycom HDX Video End Points crossite scripting

Crossite scripting in web management interface...

Firefly MediaServer Multiple Remote DoS Vulnerabilities

Advisory ID: HTB23129 Product: FireFly Mediaserver Vendor: FireFly Vulnerable Versions: 1.0.0.1359 and probably prior Tested Version: 1.0.0.1359 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: NULL Pointer Dereference CWE-476 CVE...

CubeCart 4.x/5.x | Setup Re-installation Privilege Escalation Vulnerability

OVERVIEW CubeCart 4.x and 5.x versions are vulnerable to Setup Re-installation Privilege Escalation. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup...

Polycom® HDX® Video End Points Web Management Cross Site Scripting (XSS) vulnerability

Polycom® HDX® Video End Points Web Management Cross Site Scripting XSS vulnerability: - CVE: CVE-2012-4970 - Deloitte Argentina Advisory Code: DTTAR-20120001 - Vendor Status: CONFIRMED - Public Disclosure Date: December, 23rd, 2012. - Vendors Affected: Polycom - http://www.polycom.com/ - Systems...

elinks authentication relaing

Incorrect user credentials delegation in GSS...

Comodo Internet Security authentication bypass

It's possible to access settings without enteing password if desktop widget is enabled...

[USN-1680-1] MoinMoin vulnerabilities

========================================================================== Ubuntu Security Notice USN-1680-1 December 30, 2012 moin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

SonicWall Email Security 7.4.1.x - Persistent Web Vulnerability

Title: ====== SonicWall Email Security 7.4.1.x - Persistent Web Vulnerability Date: ===== 2012-12-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=768 VL-ID: ===== 768 Common Vulnerability Scoring System: ==================================== 4.1 Introduction:...

Multiple vulnerabilities in Banana Dance

Advisory ID: HTB23118 Product: Banana Dance Vendor: bananadance.org Vulnerable Versions: B.2.6 and probably prior Tested Version: B.2.6 Vendor Notification: October 3, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: PHP File Inclusion CWE-98, Improper Access Control CWE-284, SQL...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

CA IdentityMinder security vulnerabilities

Code execution, privilege escalation...

Microsoft Internet Explorer stack overflow

Stack overrun on malformed tags sequence...

Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability

Title: ====== Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability Date: ===== 2012-12-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=792 Vendor:...

CubeCart 4.4.6 and lower | Local File Inclusion Vulnerability

OVERVIEW CubeCart 4.4.6 and lower versions are vulnerable to Local File Inclusion. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability

OVERVIEW Open-Realty CMS 3.x versions are vulnerable to Persistent Cross Site Scripting XSS. 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site...

CubeCart 5.0.7 and lower | Open URL Redirection Vulnerability

OVERVIEW CubeCart 5.0.7 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...

Firefly MediaServer DoS

Crash on TCP/9999 request parsing...

Open-Realty CMS 3.x | Cross Site Request Forgery (CSRF) Vulnerability

OVERVIEW Open-Realty CMS 3.x versions are vulnerable to Cross Site Request Forgery. 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site...

SonicWall Email Security crossite scripting

Crossite scripting in Web administration interface...

Charybdis: Improper assumptions in the server handshake code may lead to a remote crash

Access vector: network Access complexity: low Authentication requirement: none Confidentiality impact: none Integrity impact: none Availability impact: complete CVSSv2 temporal score: 6.4 Exploitability: functional exploit exists Remediation level: official fix Report confidence: confirmed Summar...

Siemens SIMATIC S7-1200 controllers DoS

Malformed data to TCP/102 port causes device to crash...

CubeCart 5.0.7 and lower versions | Insecure Backup File Handling

OVERVIEW CubeCart 5.0.7 and lower versions are vulnerable to Insecure Backup File Handling which leads to the disclosure of the application configuration file. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that...

Cerberus FTP Server crossite scripting

Crossite scripting in administration interface...

GnuPG 1.4.12 and lower - memory access errors and keyring database corruption

Versions of GnuPG = 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults or has other memory access violations when importing the key. The key m...

DoS vulnerability in Siemens S7-1200 PLCs

Hi all, I have found a DoS vulnerability in the Siemens S7-1200 PLCs. It is present in firmware versions 2 and 3. After an exchange of specially crafted packets to TCP port 102 the PLC shuts down. The red, green and yellow status LEDs start flashing. All outputs are shut off. The device stops...

CubeCart 3.0.20 (3.0.x) and lower | Multiple SQL Injection Vulnerabilities

OVERVIEW The CubeCart 3.0.20 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...

BF, CSRF, AoF and IAA vulnerabilities in MODx Revolution

Hello 3APA3A! I want to warn you about multiple vulnerabilities in MODx Revolution. These are Brute Force, Cross-Site Request Forgery, Abuse of Functionality and Insufficient Anti-automation vulnerabilities in MODx. It's about 2.x Revolution versions of MODx. In 0.x and 1.x Evolution versions of...

[SECURITY] [DSA 2594-1] virtualbox-ose security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2594-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 30, 2012 http://www.debian.org/security/faq -...

CubeCart 4.4.6 and lower | Multiple SQL Injection Vulnerabilities

OVERVIEW The CubeCart 4.4.6 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...