47153 matches found
VLC code execution
Code execution on PNG files parsing...
BigPond 3G21WB security vulnerabilities
Hard coded credentials, commands injection...
Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB
Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB ============================================================================== ADVISORY INFORMATION Title: Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB Discovery date: 17/09/2012 Relea...
VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution (Update)
!/usr/bin/perl VLC Player 2.0.3 = ReadAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.videolan.org/vlc/ Vendor Description: VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVD...
Cisco ASA / FWSM multiple security vulnerabilities
Buffer overflow, multiple DoS conditions...
VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0014 Synopsis: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates Issue date: 2012-10-04 Updated on:...
ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities
ESA-2012-025.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-025: EMC NetWorker Module for Microsoft Applications NMM Multiple Vulnerabilities. EMC Identifier: ESA-2012-025 CVE Identifier: CVE-2012-2284,CVE-2012-2290 Severity Rating: See below for individual severity scores EMC...
Microsoft Excel code execution
Code execution on .xls files parsing...
Apache Cloudstack default account
Default account with known password...
VMWare applications security vulnerabilities
VMware Movie Decoder code execution, vCenter Operations crossite scripting, vCenter CapacityIQ directory travesal...
[CVE-2012-4501] CloudStack configuration vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2012-4501: Apache CloudStack configuration vulnerability Severity: Critical Vendors: The Apache Software Foundation Citrix, Inc. Versions Affected: As no official releases have been made, this does not affect any official Apache CloudStack...
[USN-1603-1] Ruby vulnerabilities
========================================================================== Ubuntu Security Notice USN-1603-1 October 10, 2012 ruby1.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Ruby restrictions bypass
Untainted strings modification is possible...
[ MDVSA-2012:162 ] bind
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:162 http://www.mandriva.com/security/ Package : bind Date : October 10, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: A vulnerability was discovered and corrected in bind: A certain...
bind DoS
A problem in RBT algorythm implementation causes hang on specific combination of records...
[PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation
PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2012-07 Released on: 8 October 2012 Affected product: Hostapd 0.6 - 1.0 Impact: denial of service Origin: specially crafted EAP-TLS messages CVSS Base Score: 7.8 Impact Subscore: 6.9 Exploitability Subscore: 10 CVSS Vector:...
BufferOverflow Vulnerability on Logica HotScan SWIFT Alliance Access Interface
-------------------------------------------------------------------------------- | BufferOverflow Vulnerability on Logica HotScan SWIFT Alliance Access Interface -------------------------------------------------------------------------------- Summary ======= Hotscan Listener interface is prone to...
Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
Title: ====== Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities Date: ===== 2012-09-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=557 VL-ID: ===== 557 Common Vulnerability Scoring System: ==================================== 5 Introduction: ============= T...
Fortigate UTM WAF Appliance multiple security vulnerabilities
Privilege escalation, crossite scripting...
Microsoft Windows kernel integer overflow
Kernel integer overflow leads to privilege escalation...
Fortigate UTM WAF Appliance - Cross Site Vulnerabilities
Title: ====== Fortigate UTM WAF Appliance - Cross Site Vulnerabilities Date: ===== 2012-09-07 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=559 VL-ID: ===== 559 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= T...
Logica HotScan buffer overflow
Buffer overflow on SWIFT Alliance Access Interface request parsing...
GTA UTM Firewall multiple security vulnerabilities
Multiple crossite scripting possibilities...
soapbox protection bypass
It's possible to bypass protection by launching second application instance...
Endpoint Protector multiple security vulnerabilities
Multiple crossite scripting possibilities...
Key Systems Electronic Key Lockers unauthorized access
Unauthentication port TCP/1010 service access...
hostapd buffer overflow
Buffer overflow during EAP authentication...
bacula restriction bypass
ACLs are not enforced properly...
Microsoft SQL Server crossite scripting
SQL Server Report Manager crossite scripting...
[SECURITY] [DSA 2558-1] bacula security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2558-1 [email protected] http://www.debian.org/security/ Raphael Geissert October 08, 2012 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2557-1] hostapd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2557-1 [email protected] http://www.debian.org/security/ Nico Golde October 08, 2012 http://www.debian.org/security/faq -...
WingFTP DoS
Crash on ZIP archive requests processing...
GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities
Title: ====== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=579 VL-ID: ===== 579 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= The...
WingFTP Server Denial of Service Vulnerability
-------------------------------------------------------------------------------- | WingFTP Server Denial of Service Vulnerability| -------------------------------------------------------------------------------- Summary ======= WingFTP server is prone to a remote denial-of-service vulnerability...
soapbox Local Root / Privilege Escalation Vulnerability
----------------------------------- soapbox 0.3.1 = Local Root Exploit ----------------------------------- Vendor URI: http://dag.wieers.com/home-made/soapbox/ Credit: Jean Pascal Pereira [email protected] Description: "Soapbox allows to restrict processes to write only to those places you want...
Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities
Title: ====== Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=571 VL-ID: ===== 571 Common Vulnerability Scoring System: ==================================== 5 Introduction: =============...
Microsoft Windows kerberos server DoS
NULL pointer dereference on authentication request...
GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities
Title: ====== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: ===== 2012-09-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=579 VL-ID: ===== 579 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= The...
Key Systems Electronic Key Lockers command injection and weak authentication vulnerabilities
OVERVIEW Key Systems Electronic Key Lockers contain a command injection vulnerability which may allow a remote unauthenticated attacker to inject commands into the electronic key locker. Key Systems Electronic Key Lockers also contains weak authentication which could allow an attacker...
Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
Title: ====== Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities Date: ===== 2012-09-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=557 VL-ID: ===== 557 Common Vulnerability Scoring System: ==================================== 5 Introduction: ============= T...
Microsoft Works memory corruption
Memory corruption on Word files parsing...
Microsoft Fast Search Server vulnerabilities
Multiple vulnerabilities in Oracle Outside In built-in libraries...
Multiple Microsoft web applications crossite scripting
Insufficient HTML sanitization...
Microsoft Word security vulnerabilities
Memory corruption, use-after-free...
Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service
====================================================================== Secunia Research 17/09/2012 - Novell GroupWise iCalendar Date/Time Parsing Denial of Service - ====================================================================== Table of Contents Affected...
Novell Groupwise DoS
Crash on iCal parsing...
[security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03489683 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03489683 Version: 3 HPSBMU02815...
[security bulletin] HPSBMU02813 SSRT100712 rev.1 - HP Operations Orchestration, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03490339 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03490339 Version: 1 HPSBMU02813...
[security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03507708 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03507708 Version: 1 HPSBMU02817...
RSA SecurID Authentication Agent / RSA Authentication Client protection bypass
Under some condition user may login with windows credentials only...