47153 matches found
PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls
ProCheckUp Research http://procheckup.com/procheckup-labs/pr11-07.aspx PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls Vulnerability found: 3rd May 2011 Vendor informed: 20th July 2011 Vulnerability fixed: 16th...
multiple critical vulnerabilities in sophos products
List, I've completed the second paper in my series analyzing Sophos Antivirus internals, titled "Practical Attacks against Sophos Antivirus". As the name suggests, this paper describes realistic attacks against networks using Sophos products. The paper includes a working pre-authentication remote...
APPLE-SA-2012-11-01-1 iOS 6.0.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-01-1 iOS 6.0.1 iOS 6.0.1 is now available and addresses the following: Kernel Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: Maliciously crafted or compromised iOS applications may b...
Apple iOS 6.0 multiple security vulnerabilities
Information leakage, protection bypass, memory corruption, race conditions...
HP Performance Insight with Sybase DoS
No description provided...
APPLE-SA-2012-11-01-2 Safari 6.0.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-01-2 Safari 6.0.2 Safari 6.0.2 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to an...
[security bulletin] HPSBMU02827 SSRT100924 rev.1 - HP Performance Insight with Sybase, Remote Denial of Service (DoS) and Loss of Data
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03555488 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03555488 Version: 1 HPSBMU02827...
[CVE-2012-5692] Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution Vulnerability
------------------------------------------------------------------------------ Invision Power Board = 3.3.4 "unserialize" PHP Code Execution Vulnerability ------------------------------------------------------------------------------ author..............: Egidio Romano aka EgiX...
Cisco Unified MeetingPlace Web Conferencing security vulnerabilities
Buffer overflow, SQL injection...
Multiple Vulnerabilities in LibreOffice
Advisory ID: HTB23106 Product: LibreOffice Suite Vendor: LibreOffice Vulnerable Versions: 3.5.5.3 and probably prior Tested Version: 3.5.5.3 Vendor Notification: July 26, 2012 Public Disclosure: October 31, 2012 Vulnerability Type: NULL Pointer Dereference CWE-476 CVE Reference: CVE-2012-4233...
OpenOffice / LibreOffice DoS
NULL pointer dereference on different formats parsing...
PrestaShop <= 1.5.1 Persistent XSS
PrestaShop = 1.5.1 Persistent XSS Tested under: Firefox, Chrome and Safari latest versions Discover Credits: David Sopas - [email protected] | @dsopas | davidsopas.com/labs Original link: http://davidsopas.com/labs/prestashopxss.txt Description: PrestaShop is the most reliable and flexible...
NetCat CMS v5.0.1 - Multiple Web Vulnerabilities
Title: ====== NetCat CMS v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-10-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=738 VL-ID: ===== 738 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============= Vendor...
XSS in dokeos 2.1.1
Exploit Title : Dokeos 2.1.1 Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 10/17/12 version: 2.1.1 software link:www.dokeos.com Dokeos description Dokeos is an open source e-learning platform programmed in PHP, Javascript and HTML which...
PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities
Title: ====== PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities Date: ===== 2012-10-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=736 VL-ID: ===== 736 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...
VaM Shop v1.69 - Multiple Web Vulnerabilities
Title: ====== VaM Shop v1.69 - Multiple Web Vulnerabilities Date: ===== 2012-10-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=730 VL-ID: ===== 730 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: ============= Vendor...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Konqueror memory corruptions
Few different memory corruptions...
Nth Dimension Security Advisory (NDSA20121010)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20121010 Date: 10th October 2012 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: Konqueror 4.7.3 http://konqueror.kde.org/ Vendor: KDE...
SQL Injection Vulnerability in OrangeHRM
Advisory ID: HTB23119 Product: OrangeHRM Vendor: OrangeHRM Inc. Vulnerable Versions: 2.7.1-rc.1 and probably prior Tested Version: 2.7.1-rc.1 Vendor Notification: October 10, 2012 Public Disclosure: October 31, 2012 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2012-5367 CVSSv2 Base...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[waraxe-2012-SA#095] - Multiple Vulnerabilities in Wordpress FoxyPress Plugin
waraxe-2012-SA095 - Multiple Vulnerabilities in Wordpress FoxyPress Plugin =============================================================================== Author: Janek Vind "waraxe" Date: 30. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-95.html Description of vulnerab...
Content Spoofing and Cross-Site Scripting vulnerabilities in Bitrix Site Manager
Hello 3APA3A! I want to warn you about security vulnerabilities in Bitrix Site Manager. It is commercial CMS. These are Content Spoofing and Cross-Site Scripting vulnerabilities. These holes bypass built-in WAF and all other protections of Bitrix. ------------------------- Affected products:...
[BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE]
=| Security Advisory - TP-LINK TL-WR841N LFI |= Issue: TL-WR841N 300Mbps Wireless N Router by "TP-LINK" Firmware Version: 3.13.9 Build 120201 Rel.54965n And Below versions Discovered Date: 24/10/2012 CVE-ID: CVE-2012-5687 Author: Matan Azugi [email protected] Product Vendor:...
PIAF H.M.S - SQL Injection
Exploit Title: PIAF H.M.S - SQL Injection Date: 28/10/2012 Author: Michal Blaszczak Website: http://blaszczakm.blogspot.com Vendor Homepage: http://code.google.com/p/piafhms/ file: bills.php line: 86-87 $query = $query . " ORDER BY ID DESC"; printf$query; query: SELECT FROM Users WHERE Room =...
EMC Avamar Client for VMware weak encryption
Server access password is stored locally in cleartext...
EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability
ESA-2012-053.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-053: EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2012-053 CVE Identifier: CVE-2012-4610 Severity Rating: CVSS v2 Base Score: 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C Affected Products...
CorePlayer flash video player crossite scripting
Crossite scripting via callback parameter...
Cross-Site Scripting vulnerability in CorePlayer
Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in CorePlayer. This is the same flash video player, which was used at online voting translations - today, 28.10.2012, on parliamentary elections in Ukraine and earlier this year on presidential elections in Russia. Concerni...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SECURITY] [DSA 2567-1] request-tracker3.8 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2567-1 [email protected] http://www.debian.org/security/ Florian Weimer October 26, 2012 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2568-1] rtfm security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2568-1 [email protected] http://www.debian.org/security/ Florian Weimer October 26, 2012 http://www.debian.org/security/faq -...
[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03538957 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03538957 Version: 1 HPSBUX02825...
Oracle Java / OpenJDK multiple security vulnerabilities
30 of different vulnerabilities...
Exploit - EasyITSP by Lemens Telephone Systems 2.0.2
?php errorreporting0; $arguments = getopt"a:b:c:"; $url = $arguments'a'; $idpod =$arguments'b'; $idend =$arguments'c'; ifcount$arguments!=3 echo ' Exploit - EasyITSP by Lemens Telephone Systems 2.0.2 '."n"; echo ' Discovery users with passwords '."n"; echo ' '."n"; echo ' Author: Michal Blaszczak...
Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory XML file disclosure vulnerability via GETWRAPCFGC and GETWRAPCFGC2 system stored procedures. Risk Level: Medium Affected versions: IBM DB2 LUW 9.1, 9.5, 9.7, 10.1 Remote exploitable: No Credits: This...
IBM Informix Dynamic Server buffer overflow
SET COLLATION buffer overflow...
XSS Vulnerabilities in CMSMini
Information -------------------- Name : XSS Vulnerabilities in CMSMini Software : CMSMini 0.2.2 and possibly below. Vendor Homepage : http://sourceforge.net/projects/cmsmini/ Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Reference : NS-12-012...
Team SHATTER Security Advisory: Elevated roles through DBCC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Elevated roles through DBCC Risk Level: High Affected versions: Sybase ASE 15.0, 15.5, 15.7 Remote exploitable: No Credits: This vulnerability was discovered and researched by Martin Rakhmanov of Application...
[SECURITY] [DSA 2541-1] beaker security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2541-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 07, 2012 http://www.debian.org/security/faq -...
Cisco ASA-CX Context-Aware Security appliance / Cisco Prime Security Manager DoS
File resources exhaustion...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Information leakage, multiple memory corruptions, crossite scripting, etc...
Layton Helpbox 4.4.0 Multiple Security Issues
Layton Helpbox 4.4.0 Multiple Security Issues: Layton Helpbox 4.4.0 Multiple SQL Injection Points CVE-2012-4971 http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability CVE-2012-4975...
Security Advisory AA-007: Command Injection Vulnerability in Sitecom Home Storage Center
Security Advisory AA-007: Command Injection Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 12, 2012 Vulnerability Type= Command injection Impact= System access Severity= Alcyon rates th...
Sitecom Home Storage Center security vulnerabilities
SQL injection, XSS...
XSS Vulnerabilities in TaskFreak
Information -------------------- Name : XSS Vulnerabilities in TaskFreak Software : TaskFreak 0.6.4 and possibly below. Vendor Homepage : http://www.taskfreak.com Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Reference : NS-12-011 Description...
Inventory 1.0 Multiple SQL Vulnerabilities
Exploit Title: Inventory 1.0 Multiple SQL Vulnerabilities Date: 10/19/12 Author: G13 Twitter: @g13net Software Site: https://github.com/farevalod/inventory Version: 1.0 Category: webapp php dc585 ToC 0x01 Description 0x02 SQL Injection 0x03 Vendor Notification 0x01 Description PHP + SQL Inventory...
Multiple vulnerabilities in Ezylog photovoltaic management server
Multiple vulnerabilities in Ezylog photovoltaic management server ================================================================= ADVISORY INFORMATION Title: Multiple vulnerabilities in Ezylog photovoltaic management server Discovery date: 27/08/2012 Release date: 11/09/2012 Credits: Roberto...
[waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin
waraxe-2012-SA094 - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin ============================================================================================= Author: Janek Vind "waraxe" Date: 24. October 2012 Location: Estonia, Tartu Web:...
Wordpress 3.4 Cross-Site Scripting Vulnerability
a bug in Wordpress 3.4 that allows to us to occur a Cross-Site Scripting on a Remote machin. Exploit Title : Wordpress 3.4 Cross-Site Scripting Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum/ Software Link : http://wordpress.org Security Risk : High Version : Al...