47153 matches found
ESA-2012-054: RSA ® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerabilities
ESA-2012-054.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-054: RSA ® Adaptive Authentication On-Premise Cross-Site Scripting Vulnerabilities EMC Identifier: ESA-2012-054 CVE Identifier: CVE-2012-4611 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected...
Safend Data Protector Multiple Vulnerabilities
Safend Data Protector Multiple Vulnerabilities Client software 3.4.5586.9772: Advisory Link: http://www.reactionpenetrationtesting.co.uk/safend-private-key-log-file.html Details CVE number: CVE-2012-4767 The private key data is in the securitylayer.log file in a directory called "logs.9772". This...
Re: rssh security announcement
All, Today I released rssh-2.3.4, which fixes an old issue, and a new issue: On Tue, May 08, 2012 at 01:14:26PM -0500, Derek Martin wrote: rssh is a shell for restricting SSH access to a machine to only scp, sftp, or a small set of similar applications. http://www.pizzashack.org/rssh/ Henrik...
MurmurHash algorythm vulnerabilities
It's easy to predict collisions...
lynx security vulnerabilities
Buffer oveflow, insufficient certificate check...
NGS000268 Technical Advisory: Symantec Messaging Gateway - Out-of-band stored-XSS delivered by email
======= Summary ======= Name: Symantec Messaging Gateway - Out-of-band stored-XSS delivered by email Release Date: 30 November 2012 Reference: NGS00268 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems Affected: Symantec Messaging Gateway 9.5.3-3 Risk:...
TrendMicro DataArmor / DriveArmor multiple security vulnerabilities
Restriction bypass, privilege escalation, encrypted data access...
NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator
======= Summary ======= Name: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator for example Release Date: 30 November 2012 Reference: NGS00263 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems Affected: Symantec Messaging Gateway...
APPLE-SA-2012-11-29-1 Apple TV 5.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-29-1 Apple TV 5.1.1 Apple TV 5.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Compromised applications may be able to determine addresses in the kernel Description: ...
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
Over 90 vulnerabilities in different applications are fixed by quarterly update...
[USN-1642-1] Lynx vulnerabilities
========================================================================== Ubuntu Security Notice USN-1642-1 November 29, 2012 lynx-cur vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...
[USN-1646-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1646-1 November 30, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Linux security vulnerabilities
Information leakage, DoS...
Symantec Messaging Gateway multiple security vulnerabilities
Information leakage, crossite scripting, crossite requests forgery...
NGS000193 Technical Advisory: DataArmor Full Disk Encryption Restricted Environment breakout
======= Summary ======= Name: DataArmor Full Disk Encryption - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Release Date: 30 November 2012 Reference: NGS00193 Discoverer: Stuart Passe [email protected] Vendor: Mobile Armor Vendor Reference: KB 1060043...
[SECURITY] [DSA 2579-1] apache2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2579-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 30, 2012 http://www.debian.org/security/faq -...
Apache security vulnerabilities
modproxyajp DoS vulnerabilities, TLS message length information leakage...
perl multiple security vulnerabilities
Buffer overflow in decodexs, Digest constructor buffer veorflow, x operator buffer overflow, CGI.pm headers injection...
[USN-1643-1] Perl vulnerabilities
========================================================================== Ubuntu Security Notice USN-1643-1 November 30, 2012 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
NGS000266 Technical Advisory: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL
======= Summary ======= Name: Symantec Messaging Gateway - Arbitrary file download is possible with a crafted URL authenticated Release Date: 30 November 2012 Reference: NGS00266 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems Affected: Symantec...
VUPEN Security Research - Mozilla Firefox "imgRequestProxy" Remote Use-After-Free Vulnerability
VUPEN Security Research - Mozilla Firefox "imgRequestProxy" Class Remote Use-After-Free Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser and coordinated by Mozilla Corporation...
Apple TV security vulnerabilities
Information leakage, code execution...
libssh multiple security vulnerabilities
Multiple memory corruptions...
NGS000107 Technical Advisory: Oracle Gridengine sgepasswd Buffer Overflow
======= Summary ======= Name: Oracle Gridengine sgepasswd Buffer Overflow Release Date: 30 November 2012 Reference: NGS00107 Discoverer: Edward Torkington [email protected] Vendor: Oracle Vendor Reference: Systems Affected: Multiple packages - version 62u7 Risk: High Status: Publish...
NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel
======= Summary ======= Name: Symantec Messaging Gateway - SSH with backdoor user account + privilege escalation to root due to very old Kernel Release Date: 30 November 2012 Reference: NGS00267 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems Affecte...
[ MDVSA-2012:175 ] libssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:175 http://www.mandriva.com/security/ Package : libssh Date : November 29, 2012 Affected: 2011. Problem Description: Multiple double free, buffer overflow, invalid free and improper overflow checks...
FreeBSD Security Advisory FreeBSD-SA-12:08.linux
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:08.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer input validation error Category: core Module: kernel Announced: 2012-11-22...
[ MDVSA-2012:172 ] libproxy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:172 http://www.mandriva.com/security/ Package : libproxy Date : November 19, 2012 Affected: 2011. Problem Description: A vulnerability has been discovered and corrected in libproxy: Stack-based buffer overfl...
Apache Tomcat multiple security vulnerabilities
Authentication bypass and replay attacks on Digest authentication, DoS...
libproxy buffer overflow
Integer overflow on Content-Length parsing leads to buffer overflow, buffer overflow on proxy.pac parsing...
libunity memory corruption
Memory corruption in hash tables handling...
trousers DoS
tcsd DoS...
Belkin wireless routers weak key
Firmware WPA2 key is generated by MAC address...
[SECURITY] [DSA 2576-1] trousers security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2576-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez November 23, 2012 http://www.debian.org/security/faq -...
TP-LINK TL-WR841N security vulnerabilities
Directory traversal and crossite scripting in web interface...
FreeBSD privilege escalation
Kernel memory overwrite via Linux compatibility subsystem...
FW: =| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |=
=| Security Advisory - TP-LINK TL-WR841N XSS Cross Site Scripting |= Issue: TL-WR841N 300Mbps Wireless N Router by "TP-LINK" Firmware Version: 3.13.9 Build 120201 Rel.54965n and Below Discovered Date: 17/11/2012 Author: Matan Azugi [email protected] Product Vendor:...
CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers
CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers I. Background Belkin ships many wireless routers with an encrypted wireless network configured by default. The network name ESSID and the seemingly random password is printed on a label at the bottom of the device...
[USN-1637-1] Tomcat vulnerabilities
========================================================================== Ubuntu Security Notice USN-1637-1 November 21, 2012 tomcat6 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
[USN-1635-1] libunity-webapps vulnerability
========================================================================== Ubuntu Security Notice USN-1635-1 November 21, 2012 libunity-webapps vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
[SECURITY] [DSA 2574-1] typo3-src security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2574-1 [email protected] http://www.debian.org/security/ November 15, 2012 http://www.debian.org/security/faq -...
Microsoft Internet Explorer multiple security vulnerabilities
Few different use-after-free vulnerabilities...
XSS vulnerability in web applications with swfupload: Dotclear, XenForo, InstantCMS, AionWeb, Dolphin
Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in WordPress CVE-2012-3414 and that this hole is available in many web applications. In previous letter I've wrote the information about different versions of...
[CVE-2012-5858] [CVE-2012-5859] DoS/Authorization Bypass - Kies Air
Name: CVE-2012-5858 CVE-2012-5859 DoS/Authorization Bypass - Kies Air Package: com.samsung.swift.app.kiesair Affected versions: 2.1.207051, 2.1.210161 Testing Device: Samsung S3 AT&T - SAMSUNG-SGH-I747 Android Version: 4.0.4/ Build Number: IMM76D.I747UCALH9 Vendor homepage:...
Microsoft Excel multiple security vulnerabilities
Bufer overflows, memory corruptions, use-after-free...
Microsoft Internet Information Services security vulnerabilities
log files information leakage, FTP STARTTLS session command injection...
Microsoft Windows security vulnerabilities
Windows Briefacese integer overflows, .Net protection bypass, information leakage and code execution, kernel drivers privilege escalations...
Media Player Classic security vulnerabilities
Built-in web server DoS and crossite scripting...
Samsung Kies Air security vulnerabilities
DoS, authentication bypass...
Applicure dotDefender format string vulnerability
Format specificators are not escaped on error message generation...