47153 matches found
Wordpress 3.4 Cross-Site Scripting Vulnerability
a bug in Wordpress 3.4 that allows to us to occur a Cross-Site Scripting on a Remote machin. Exploit Title : Wordpress 3.4 Cross-Site Scripting Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum/ Software Link : http://wordpress.org Security Risk : High Version : Al...
IBM DB2 privilege escalation
Privilege escalation via GETWRAPCFGC and GETWRAPCFGC2 stored procedures...
Sybase ASE security vulnerabilities
Повышение привилегий, выполнение кода...
[USN-1565-1] OpenStack Horizon vulnerability
========================================================================== Ubuntu Security Notice USN-1565-1 September 13, 2012 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities
Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: Security Effect Teamhttp://seceffect.tumblr.com/ Vulnerability Details: 1. Blind SQL injection in...
XSS Vulnerabilities in ClipBucket
Information -------------------- Name : XSS Vulnerabilities in ClipBucket Software : ClipBucket 2.6 and possibly below. Vendor Homepage : http://clip-bucket.com Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Reference : NS-12-013 Description...
Cisco Unified Presence / Jabber Extensible Communications Platform DoS
Crash on stream header parsing...
Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center
Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 11, 2012 Vulnerability Type= Arbitrary file upload Impact= Loss of system integrity...
Team SHATTER Security Advisory: Java Operating System command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Java Operating System command execution. Risk Level: High Affected versions: Sybase ASE 15.0, 15.5 and 15.7 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez...
[DCA-2011-0013] - IBM Informix Dynamic Server 11.50 SET COLLATION Stack OverFlow
IBM Informix Dynamic Server 11.50 SET COLLATION Stack OverFlow DCA-2011-0013 Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software/Hardware - IBM Informix Vendor Product Description IBM Informix is a family of relational database management system RDBM...
ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities
Title: ====== ASTPP VoIP Billing 4cf207a - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=687 VL-ID: ===== 687 Common Vulnerability Scoring System: ==================================== 4 Introduction: =============...
Knowledge Base EE v4.62.0 - SQL Injection Vulnerability
Title: ====== Knowledge Base EE v4.62.0 - SQL Injection Vulnerability Date: ===== 2012-09-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...
Beaker information leakage
Information leakage in AES ECB mode...
[SECURITY] [DSA 2563-1] viewvc security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2563-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq -...
Wordpress Download Monitor - Download Page Cross-Site Scripting
/----------------------------------------------------------------- | Wordpress Download Monitor - Download Page Cross-Site Scripting | -----------------------------------------------------------------/ Summary ======= Wordpress Download Monitor 3.3.5.7 is subject to a cross-site scripting...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Smf 2.0.2 Cross-Site Scripting Vulnerability
a bug in Smf 2.0.2 that allows to us to occur a Cross-Site Scripting on a Remote machin. Exploit Title : Smf 2.0.2 Cross-Site Scripting Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum/ Software Link : http://www.simplemachines.org Security Risk : High Version : A...
Inventory 1.0 Multiple XSS Vulnerabilities
Exploit Title: Inventory 1.0 Multiple XSS Vulnerabilities Date: 10/19/12 Author: G13 Twitter: @g13net Software Site: https://github.com/farevalod/inventory Version: 1.0 Category: webapp php dc585 ToC 0x01 Description 0x02 XSS 0x03 Vendor Notification 0x01 Description PHP + SQL Inventory tracking...
RSA BSAFE security vulnerabilities
BEAST attacks, buffer overflows...
ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...
SEC Consult SA-20121017-2 :: Multiple vulnerabilities in Oracle WebCenter Sites (former FatWire Content Server)
SEC Consult Vulnerability Lab Security Advisory 20121017-2 ======================================================================= title: Multiple vulnerabilities in Oracle WebCenter Sites product: Oracle WebCenter Sites former FatWire Content Server vulnerable version: 6.1, 6.2, 6.3.x, 7, 7.0.1,...
[ MDVSA-2012:168 ] hostapd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:168 http://www.mandriva.com/security/ Package : hostapd Date : October 22, 2012 Affected: 2011. Problem Description: Multiple vulnerabilities has been discovered and corrected in hostapd: hostapd 0.7.3, and...
[SECURITY] [DSA 2562-1] cups-pk-helper security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2562-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq -...
HP/H3C and Huawei SNMP Weak Access to Critical Data
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP/H3C and Huawei SNMP Weak Access to Critical Data =================================================== http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html Overview - - -------- HP/H3C and Huawei networking equipment...
hostapd security vulnerabilities
Buffer overflow, weak permissions...
HP/H3C / Huawei equipment information leakage
Information leakage via SNMP...
RealPlayer buffer overflow
Buffer overflow on oversized filename in wathced folder...
tinyproxy proxy server DoS
Crash on request headers parsing...
[SECURITY] [DSA 2564-1] tinyproxy security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2564-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2561-1] tiff security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2561-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 21, 2012 http://www.debian.org/security/faq -...
exim buffer overflow
Buffer overflow on DKIM handling...
Realplayer Watchfolders Long Filepath Overflow
Realplayer Watchfolders Long Filepath Overflow Realplayer is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility CVE-2012-4987. Details here: http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html Research:...
Team SHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager (SQL Tunning Sets components)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Multiple SQL Injection in Oracle Enterprise Manager SQL Tunning Sets components. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Remote...
[SECURITY] [DSA 2566-1] exim4 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2566-1 [email protected] http://www.debian.org/security/ Nico Golde October 25, 2012 http://www.debian.org/security/faq -...
[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03515685 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03515685 Version: 2 HPSBHF02819...
cups-pk-helper privilege escalation
Insecure CUPS functions call...
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
Approx. 90 of diffent vulnerabilities in different applications...
Microsoft Internet Explorer memory corruption
Use-after-free vulnereability is actively used in-the-wild to install malware...
VUPEN Security Research - Microsoft Internet Explorer "OnMove" Use-After-Free Vulnerability (MS12-063)
VUPEN Security Research - Microsoft Internet Explorer "OnMove" Use-After-Free Vulnerability MS12-063 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of t...
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Java is a programming language and computing platform released by Sun Microsystems now Oracle. ...
VUPEN Security Research - Microsoft Internet Explorer "scrollIntoView" Use-After-Free Vulnerability (MS12-063)
VUPEN Security Research - Microsoft Internet Explorer "scrollIntoView" Use-After-Free Vulnerability MS12-063 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as...
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Java is a programming language and computing platform released by Sun Microsystems now Oracle. It...
Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites
Title: ====== Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites Date: ===== 2012-10-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=710 VL-ID: ===== 710 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...
SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability
OVERVIEW SilverStripe 2.4.7 and lower versions are vulnerable to Persistent Cross Site Scripting. 2. BACKGROUND SilverStripe CMS is easy for both developers and content authors to work with. The SilverStripe Framework keeps the code tucked away neatly so that it can be accessed easily by...
Multiple vulnerabilities in Template CMS
Advisory ID: HTB23115 Product: Template CMS Vendor: template-cms.ru Vulnerable Versions: 2.1.1 and probably prior Tested Version: 2.1.1 Vendor Notification: September 12, 2012 Public Disclosure: October 3, 2012 Vulnerability Type: Cross-Site Scripting CWE-79, Cross-Site Request Forgery CWE-352 CV...
Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities
Title: ====== Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=700 VL-ID: ===== 700 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...
Omnistar Document Manager v8.0 - Multiple Vulnerabilities
Title: ====== Omnistar Document Manager v8.0 - Multiple Vulnerabilities Date: ===== 2012-10-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=712 VL-ID: ===== 712 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...
CA ARCserve Backup security vulnerabilities
Security vulnerabilities in RPC requests handling...
IBM Lotus Notes Traveler security vulnerabilities
Crossite scripting, crossite request forgery, URL redirection...
modsecurity for Apache protection bypass
It's possible to bypass filtering with double 'r' in boundary identifier...