47153 matches found
HP Integrated Lights-Out information leakage
No description provided...
[security bulletin] HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03589863 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03589863 Version: 1 HPSB3C02831...
IBM Director code execution
It's possible to load DLL from any location...
F5 FirePass SSL VPN information leakage
CitrixAuth.php local files inclusion...
FreeSSHD / FreeFTPD authentication bypass
Authentication results are not checked then client starts ssh session...
Nagios XI security vulnerabilities
Commands injection, SQL injection...
TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor: TVMOBiLi Vulnerable Versions: 2.1.0.3557 and probably prior version Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits Vendor Notification: October 15, 2012 Vendor Patch: November 21, 2012 Public Disclosure: December 5, 2012...
n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2012.004 19-Nov-2012 Vendors: Splunk Inc., http://www.splunk.com Product: Splunk 4.0 - 4.3.4 Vulnerability: Unauthenticated remote denial of service against splunkd Tracking IDs: SPL-55521 Vendor communication: 2012/09/03 Reported the...
TVMOBiLi media server buffer overflow
Buffer overflow while processing TCP/30888 GET request, multiple DoS conditions...
splunk DoS
Crash on malcrafted packet...
[security bulletin] HPSBMU02816 SSRT100949 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03507416 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03507416 Version: 1 HPSBMU02816...
[security bulletin] HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03464042 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03464042 Version: 1 HPSBPI02807...
IBM System Director Remote System Level Exploit (CVE-2009-0880 extended zeroday)
IBM System Director Remote System Level Exploit CVE-2009-0880 extended zeroday Copyright C 2012 Kingcope IBM System Director has the port 6988 open. By using a special request to a vulnerable server, the attacker can force to load a dll remotely from a WebDAV share. The following exploit will loa...
NGS000196 Technical Advisory: Nagios XI Network Monitor OS Command Injection
======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton [email protected] Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status...
python keyring weak cryptography
Insecure cipher initializaton...
SonicWALL Continues Data Protection multiple security vulnerabilities
Multiple web interface vulnerabilities...
Centrify Deployment Manager v2.1.0.283
Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in /tmp. I was able to overwrite /etc/shadow with the contents of adcheckDMoutput. I am sure there are more vulnerabilities to be exploit, maybe a local root - but being this is a...
SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion
SEC Consult Vulnerability Lab Security Advisory 20121203-0 ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7 impact: Critical homepage:...
HP Network Node Manager I unauthorized access
No description provided...
HP LaserJet Pro 400 MFP unauthorized access
No description provided...
HP Intelligent Management Center User Access Manager unauthorized access
uam.exe buffer overflow...
[security bulletin] HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03556108 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03556108 Version: 1 HPSBPI02828...
[security bulletin] HPSBHF02821 SSRT100934 rev.1 - HP Integrated Lights-Out iLO3 and iLO4, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03515413 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03515413 Version: 1 HPSBHF02821...
NGS000194 Technical Advisory: Nagios XI Network Monitor Blind SQL Injection
======= Summary ======= Name: Nagios XI Network Monitor - Blind SQL Injection Release Date: 30 November 2012 Reference: NGS00194 Discoverer: Daniel Compton [email protected] Vendor: Nagios Vendor Reference: 0000282 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status:...
xen multiple security vulnerabilities
Multiple DoS conditions...
[SECURITY] [DSA 2582-1] xen security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2582-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 07, 2012 http://www.debian.org/security/faq -...
TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor: TVMOBiLi Vulnerable Versions: 2.1.0.3557 and probably prior version Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits Vendor Notification: October 15, 2012 Vendor Patch: November 21, 2012 Public Disclosure: December 5, 2012...
Apache Tomcat multiple security vulnerabilities
Protection bypass, DoS...
libtiff library DoS
Crash on malformed DOTRANGE tag...
MySQL Local/Remote FAST Account Password Cracking
FAST Cracking of MySQL account passwords locally or over the network post-auth to the maintainers: you don't need to patch this, looks alot like a minor bug, prolly documented :D I found a method to crack mysql user passwords locally or over the network pretty efficiently. During Tests it was...
CVE-2012-4534 Apache Tomcat denial of service
CVE-2012-4534 Apache Tomcat denial of service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.27 - Tomcat 6.0.0 to 6.0.35 Description: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading...
CVE-2012-3546 Apache Tomcat Bypass of security constraints
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3546 Apache Tomcat Bypass of security constraints Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.35 Earlier unsupported versions may also be affected Descriptio...
[USN-1655-1] LibTIFF vulnerability
========================================================================== Ubuntu Security Notice USN-1655-1 December 05, 2012 tiff vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CUPS privilege escalation
Weak permissions for configuration files...
[USN-1654-1] CUPS vulnerability
========================================================================== Ubuntu Security Notice USN-1654-1 December 05, 2012 cups, cupsys vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.31 - - Tomcat 6.0.0 to 6.0.35 Description: The CSRF prevention filter could be bypassed ...
MySQL multiple security vulnerabilities
Buffer overflows, information leakage, privilege escalation, DoS...
ISC bind DoS
Crash on malcrafted request processing if DNS64 option is enabled...
CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux
-----BEGIN PGP SIGNED MESSAGE----- CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux Issued: December 5, 2012 CA Technologies Support is alerting customers to a potential risk with CA XCOM Data Transport. A vulnerability exists that can allow a remote attacker to execute...
libxml2 buffer overflow
Heap buffer overflow in xmlParseAttValueComplex...
CA XCOM code execution
No description provided...
Safend Data Protector information leakage
Private key is logged into user readable file...
EMC Smarts Network Configuration Manager security vulnerabilities
Hardcoded ecnryption key, default unauthenticated connections...
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...
ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities
ESA-2012-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-057 CVE Identifier: CVE-2012-4614 CVE Identifier: CVE-2012-4615 Severity Rating: CVSS v2 Base Score: See below for individual...
rssh security vulnerabilities
Multiple environment limitation bypass possibilities...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, buffer overflows, privilege escalations and protection bypass...
Forescout NAC multiple vulnerabilities
Forescout NAC Network Access Control multiple vulnerabilities: Forescout NAC 6.3.4.1 Cross-Site Redirection Vulnerability CVE-2012-4982 The Forescout NAC device is vulnerable to cross-site redirection and could be used to redirect a targetted victim to a malicious site. The 'a' parameter is...
VUPEN Security Research - Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Free Vulnerability
VUPEN Security Research - Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Free Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser and coordinated by Mozilla Corporati...
RSA Adaptive Authentication crossite scripting
No description provided...