[USN-1632-1] Django vulnerability

========================================================================== Ubuntu Security Notice USN-1632-1 November 15, 2012 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)

Advisory ID: HTB23123 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: v0.1.2 and probably prior Tested Version: v0.1.2 Vendor Notification: October 24, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: OS Command Injection CWE-78, SQL Injection...

Media Player Classic security vulnerabilities

Built-in web server DoS and crossite scripting...

Samsung Kies Air security vulnerabilities

DoS, authentication bypass...

Microsoft Windows security vulnerabilities

Windows Briefacese integer overflows, .Net protection bypass, information leakage and code execution, kernel drivers privilege escalations...

MPC (Media Player Classic) WebServer Multiple Vulnerabilities

========================================================================================== MPC Media Player Classic WebServer Multiple Vulnerabilities ==========================================================================================...

iDev Rentals v1.0 - Multiple Web Vulnerabilities

Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

Multiple vulnerabilities in BabyGekko

Advisory ID: HTB23122 Product: BabyGekko Vendor: babygekko.com Vulnerable Versions: 1.2.2e and probably prior Tested Version: 1.2.2e Vendor Notification: October 24, 2012 Vendor Patch: November 4, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: SQL Injection CWE-89, PHP File Inclusi...

Microsoft Internet Information Services security vulnerabilities

log files information leakage, FTP STARTTLS session command injection...

XSS vulnerability in web applications with swfupload: Dotclear, XenForo, InstantCMS, AionWeb, Dolphin

Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in WordPress CVE-2012-3414 and that this hole is available in many web applications. In previous letter I've wrote the information about different versions of...

Security advisory for Bugzilla 4.4rc1, 4.2.4, 4.0.9 and 3.6.12

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: Confidential product and component names can be disclosed to unauthorized users if they are used to control the visibility of a...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Huawei weak passwords encryption

Passwords are stored in reversible encryption...

[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection

OpenVAS Security Advisory OVSA20121112 Date: 12th November 2012 Product: OpenVAS Manager 3.0.4 and 4.0+beta4 Vendor: OpenVAS http://www.openvas.org/ Risk: Medium Summary It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied...

ESA-2012-055: RSA® Data Protection Manager Multiple Vulnerabilities

ESA-2012-055.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-055: RSA® Data Protection Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-055 CVE Identifier: CVE-2012-4612, CVE-2012-4613 Severity Rating: See below for individual scores and refer vendor advisories for component...

Eventy CMS v1.8 Plus - Multiple Web Vulnerablities

Title: ====== Eventy CMS v1.8 Plus - Multiple Web Vulnerablities Date: ===== 2012-11-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=756 VL-ID: ===== 756 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ============= Publish...

BananaDance Wiki b2.2 - Multiple Web Vulnerabilities

Title: ====== BananaDance Wiki b2.2 - Multiple Web Vulnerabilities Date: ===== 2012-11-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=745 VL-ID: ===== 745 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: ============= Banan...

[DC-2012-11-001] DefenseCode ThunderScan PHP Advisory: Wordpress WP e-Commerce Plugin Multiple Security Vulnerabilities

DefenseCode ThunderScan PHP Advisory: Wordpress WP E-Commerce Plugin Multiple Security Vulnerabilities Advisory ID: DC-2012-11-001 Advisory Title: Wordpress WP E-Commerce Plugin Multiple Vulnerabilities Advisory URL:...

Reflective XSS in uk cookie plugin

The plugin uk-cookie has a reflective XSS injection possible while using it. http://wordpress.org/extend/plugins/uk-cookie/ Script Used- scriptalert'hacked'/script CVE-2012-5856...

OpenVAS Manager code execution

Unescaped shell characters on OMP request processing...

EMC RSA Data Protection Manager security vulnerabilities

Crossite scripting, restrictions bypass...

Weak password encryption on Huawei products

Weak password encryption on Huawei products =========================================== ADVISORY INFORMATION Title: Weak password encryption on Huawei products Release date: 13/11/2012 Credits: Roberto Paleari, Emaze Networks [email protected] Ivan Speziale, Emaze Networks...

Sophos / Cisco Ironport products security vulnerabilities

Different vulnerabilities, including remote code execution...

radsecproxy protection bypass

It's possible to bypass SSL certificate check under some conditions...

[SECURITY] [DSA 2573-1] radsecproxy security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2573-1 [email protected] http://www.debian.org/security/ Luciano Bello November 10, 2012 http://www.debian.org/security/faq -...

Cisco Secure Access Control System authentication bypass

Insufficient password check if TACACS+ authentication is used with LDAP...

IcedTea-Web memory corruption

No description provided...

[USN-1625-1] Icedtea-Web vulnerability

========================================================================= Ubuntu Security Notice USN-1625-1 November 07, 2012 icedtea-web vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

Glance unauthorized images deletion

Insufficient access control validation...

APPLE-SA-2012-11-07-1 QuickTime 7.7.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application...

Cross-Site Request Forgery (CSRF) in CMS Made Simple

Advisory ID: HTB23121 Product: CMS Made Simple Vendor: cmsmadesimple.org Vulnerable Versions: 1.11.2 and probably prior Tested Version: 1.11.2 Vendor Notification: October 17, 2012 Public Disclosure: November 7, 2012 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference:...

Sql injection in AJAX post Search wordpress plugin

Exploit Title : SQl INJECTION AJAX Post Search --- wordpress plugin--- Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 10/12/12 version: 1.1 software link: http://wordpress.org/extend/plugins/cardoza-ajax-search/ AJAX Post Search wordpress plugin description This plugin will allow your...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

[USN-1626-1] Glance vulnerability

========================================================================== Ubuntu Security Notice USN-1626-1 November 08, 2012 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Apple QuickTime multiple security vulnerabilities

Multiple memory corruptions on different file formats and server responses parsing and in ActiveX components...

Cisco Nexus 1000V protection bypass

Under some conditions devices with invalid licenses and disabled protection do not display valid status...

Vulnerability Report on AWCM 2.2

Vulnerability Report AWCM 2.2 CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438 Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts DB records. Author: Sooel Son sonpostman at gmail dot com Source Code: http://sourceforge.net/projects/awcm/ 1. Details: CVE-2012-2437 Withou...

Mesa code execution

Invalid arrays handling...

[SECURITY] [DSA 2571-1] libproxy security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2571-1 [email protected] http://www.debian.org/security/ Raphael Geissert November 04, 2012 http://www.debian.org/security/faq -...

Ubuntu Remote Login Services information leakage

Context information is purged insufficiently on user account switching...

AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities

========================================================================================== AwAuctionScript Aw Auction Script - Market Place for WebMasters Multiple Vulnerabilities ==========================================================================================...

[USN-1624-1] Remote Login Service vulnerability

========================================================================== Ubuntu Security Notice USN-1624-1 November 05, 2012 remote-login-service vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

[CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability

Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 09/19/12 version: 1.1 software link:http://wordpress.org/extend/plugins/answer-my-question/ Answer my question plugin description This plugi...

[USN-1623-1] Mesa vulnerability

========================================================================== Ubuntu Security Notice USN-1623-1 November 05, 2012 mesa vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-1622-1] Munin vulnerabilities

========================================================================== Ubuntu Security Notice USN-1622-1 November 05, 2012 munin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

XSS in answer my question plugin

Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 09/19/12 version: 1.1 software link:http://wordpress.org/extend/plugins/answer-my-question/ Answer my question plugin description This plugi...

multiple critical vulnerabilities in sophos products

List, I've completed the second paper in my series analyzing Sophos Antivirus internals, titled "Practical Attacks against Sophos Antivirus". As the name suggests, this paper describes realistic attacks against networks using Sophos products. The paper includes a working pre-authentication remote...

Munin security vulnerabilities

Symbolic links vulnerability, code execution...