47153 matches found
[security bulletin] HPSBMU02816 SSRT100949 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03507416 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03507416 Version: 1 HPSBMU02816...
[SECURITY] [DSA 2582-1] xen security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2582-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 07, 2012 http://www.debian.org/security/faq -...
Centrify Deployment Manager v2.1.0.283
Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in /tmp. I was able to overwrite /etc/shadow with the contents of adcheckDMoutput. I am sure there are more vulnerabilities to be exploit, maybe a local root - but being this is a...
TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor: TVMOBiLi Vulnerable Versions: 2.1.0.3557 and probably prior version Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits Vendor Notification: October 15, 2012 Vendor Patch: November 21, 2012 Public Disclosure: December 5, 2012...
IBM System Director Remote System Level Exploit (CVE-2009-0880 extended zeroday)
IBM System Director Remote System Level Exploit CVE-2009-0880 extended zeroday Copyright C 2012 Kingcope IBM System Director has the port 6988 open. By using a special request to a vulnerable server, the attacker can force to load a dll remotely from a WebDAV share. The following exploit will loa...
TVMOBiLi media server buffer overflow
Buffer overflow while processing TCP/30888 GET request, multiple DoS conditions...
IBM Director code execution
It's possible to load DLL from any location...
HP Intelligent Management Center User Access Manager unauthorized access
uam.exe buffer overflow...
SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities
Title: ====== SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Date: ===== 2012-11-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=549 VL-ID: ===== 549 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
HP Integrated Lights-Out information leakage
No description provided...
[security bulletin] HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03556108 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03556108 Version: 1 HPSBPI02828...
[security bulletin] HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03589863 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03589863 Version: 1 HPSB3C02831...
FreeSSHD / FreeFTPD authentication bypass
Authentication results are not checked then client starts ssh session...
HP LaserJet Pro 400 MFP unauthorized access
No description provided...
python keyring weak cryptography
Insecure cipher initializaton...
SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion
SEC Consult Vulnerability Lab Security Advisory 20121203-0 ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7 impact: Critical homepage:...
SonicWALL Continues Data Protection multiple security vulnerabilities
Multiple web interface vulnerabilities...
NGS000196 Technical Advisory: Nagios XI Network Monitor OS Command Injection
======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton [email protected] Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status...
[security bulletin] HPSBHF02821 SSRT100934 rev.1 - HP Integrated Lights-Out iLO3 and iLO4, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03515413 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03515413 Version: 1 HPSBHF02821...
n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2012.004 19-Nov-2012 Vendors: Splunk Inc., http://www.splunk.com Product: Splunk 4.0 - 4.3.4 Vulnerability: Unauthenticated remote denial of service against splunkd Tracking IDs: SPL-55521 Vendor communication: 2012/09/03 Reported the...
Nagios XI security vulnerabilities
Commands injection, SQL injection...
[security bulletin] HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03464042 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03464042 Version: 1 HPSBPI02807...
NGS000194 Technical Advisory: Nagios XI Network Monitor Blind SQL Injection
======= Summary ======= Name: Nagios XI Network Monitor - Blind SQL Injection Release Date: 30 November 2012 Reference: NGS00194 Discoverer: Daniel Compton [email protected] Vendor: Nagios Vendor Reference: 0000282 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status:...
HP Network Node Manager I unauthorized access
No description provided...
TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor: TVMOBiLi Vulnerable Versions: 2.1.0.3557 and probably prior version Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits Vendor Notification: October 15, 2012 Vendor Patch: November 21, 2012 Public Disclosure: December 5, 2012...
xen multiple security vulnerabilities
Multiple DoS conditions...
F5 FirePass SSL VPN information leakage
CitrixAuth.php local files inclusion...
CUPS privilege escalation
Weak permissions for configuration files...
[USN-1655-1] LibTIFF vulnerability
========================================================================== Ubuntu Security Notice USN-1655-1 December 05, 2012 tiff vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CVE-2012-4534 Apache Tomcat denial of service
CVE-2012-4534 Apache Tomcat denial of service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.27 - Tomcat 6.0.0 to 6.0.35 Description: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading...
CVE-2012-3546 Apache Tomcat Bypass of security constraints
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3546 Apache Tomcat Bypass of security constraints Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.35 Earlier unsupported versions may also be affected Descriptio...
MySQL Local/Remote FAST Account Password Cracking
FAST Cracking of MySQL account passwords locally or over the network post-auth to the maintainers: you don't need to patch this, looks alot like a minor bug, prolly documented :D I found a method to crack mysql user passwords locally or over the network pretty efficiently. During Tests it was...
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.31 - - Tomcat 6.0.0 to 6.0.35 Description: The CSRF prevention filter could be bypassed ...
MySQL multiple security vulnerabilities
Buffer overflows, information leakage, privilege escalation, DoS...
[USN-1654-1] CUPS vulnerability
========================================================================== Ubuntu Security Notice USN-1654-1 December 05, 2012 cups, cupsys vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
Apache Tomcat multiple security vulnerabilities
Protection bypass, DoS...
libtiff library DoS
Crash on malformed DOTRANGE tag...
ISC bind DoS
Crash on malcrafted request processing if DNS64 option is enabled...
CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux
-----BEGIN PGP SIGNED MESSAGE----- CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux Issued: December 5, 2012 CA Technologies Support is alerting customers to a potential risk with CA XCOM Data Transport. A vulnerability exists that can allow a remote attacker to execute...
libxml2 buffer overflow
Heap buffer overflow in xmlParseAttValueComplex...
CA XCOM code execution
No description provided...
Safend Data Protector Multiple Vulnerabilities
Safend Data Protector Multiple Vulnerabilities Client software 3.4.5586.9772: Advisory Link: http://www.reactionpenetrationtesting.co.uk/safend-private-key-log-file.html Details CVE number: CVE-2012-4767 The private key data is in the securitylayer.log file in a directory called "logs.9772". This...
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...
rssh security vulnerabilities
Multiple environment limitation bypass possibilities...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, buffer overflows, privilege escalations and protection bypass...
MurmurHash algorythm vulnerabilities
It's easy to predict collisions...
Safend Data Protector information leakage
Private key is logged into user readable file...
RSA Adaptive Authentication crossite scripting
No description provided...
Forescout NAC multiple vulnerabilities
Forescout NAC Network Access Control multiple vulnerabilities: Forescout NAC 6.3.4.1 Cross-Site Redirection Vulnerability CVE-2012-4982 The Forescout NAC device is vulnerable to cross-site redirection and could be used to redirect a targetted victim to a malicious site. The 'a' parameter is...
ESA-2012-054: RSA ® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerabilities
ESA-2012-054.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-054: RSA ® Adaptive Authentication On-Premise Cross-Site Scripting Vulnerabilities EMC Identifier: ESA-2012-054 CVE Identifier: CVE-2012-4611 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected...