BF and XSS vulnerabilities in IFOBS

Hello 3APA3A! I want to warn you about Brute Force and Cross-Site Scripting vulnerabilities in system IFOBS. IFOBS - it's Internet-banking system, which is widespread and particularly it's used by large number of Ukrainian banks. These are the next 36 vulnerabilities in IFOBS: 2 BF and 34 XSS in...

XSS in OSSEC wui 0.3

Hello All, Just to report xss in ossec-wui 0.3 Request: ---- POST /ossec-wui/index.php?f=s HTTP/1.1 Host: 172.16.0.12 Content-Length: 267...

[USN-1584-1]Transmission vulnerability

========================================================================== Ubuntu Security Notice USN-1584-1 September 26, 2012 transmission vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

[CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities

Product: Confluence Vendor: Atlassian Version: 3.0 / Current Tested Version: 3.4.6 Vendor Notified Date: June 31, 2011 Release Date: September 19, 2012 Risk: Medium Authentication: Depends on configuration. Remote: Yes Description: Multiple Cross-Site Request Forgery CSRF vulnerabilities in...

Multiple vulnerabilities in IFOBS

Hello 3APA3A! I want to warn you about Brute Force and Cross-Site Scripting vulnerabilities in system IFOBS. IFOBS - it's Internet-banking system, which is widespread and particularly it's used by large number of Ukrainian banks. These are the first 38 vulnerabilities in IFOBS: 2 BF and 36 XSS...

CSRF and XSS vulnerabilities in IFOBS

Hello 3APA3A! I want to warn you about Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in system IFOBS. IFOBS - it's Internet-banking system, which is widespread and particularly it's used by large number of Ukrainian banks. These are the next 35 vulnerabilities in IFOBS: 1 CS...

US-CERT Alert TA12-265A - Microsoft Releases Patch for Internet Explorer Exploit

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-265A Microsoft Releases Patch for Internet Explorer Exploit Original release date: September 21, 2012 Last revised: -- Systems Affected Microsoft Internet Explorer 6 Microsoft Internet Explorer 7...

APPLE-SA-2012-09-19-1 iOS 6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the...

APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following: Apache Available for: Mac OS X...

Apple Safari / WebKit / Google Chrome multiple security vulnerabilities

Information leakage, memory corruptions...

APPLE-SA-2012-09-19-3 Safari 6.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-3 Safari 6.0.1 Safari 6.0.1 is now available and addresses the following: Safari Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1 Impact: Opening a maliciously crafted downloaded HTML...

Apple iOS multiple security vulnerabilities

Large number of vulnerabilities in different components...

Symantec Messaging Gateway backdoor

User 'support' with known insecure password is available by default...

Apple RemoteDesktop information leakage

VNC enctyprion settings are ignored...

APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3 Apple Remote Desktop 3.5.3 is now available and addresses the following: Apple Remote Desktop Available for: Apple Remote Desktop 3.0 or later Impact: Connecting to a third-party VNC server with "Encryp...

icclib / ghostscript integer overflow

Integer overflow on PostScript/PDF embedded images parsing...

[SE-2012-01] Security vulnerabilities in IBM Java

Hello All, Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software 1. This is IBM 2 implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead t...

NGS00266 Patch Notification: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL

Medium risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a Medium risk vulnerability in Symantec Messaging Gateway Impact: Authenticated arbitrary file download Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of th...

US-CERT Alert TA12-262A - Microsoft Security Advisory for Internet Explorer Exploit

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-262A Microsoft Security Advisory for Internet Explorer Exploit Original release date: September 18, 2012 Last revised: -- Systems Affected Microsoft Internet Explorer 7 Microsoft Internet Explorer 8...

[ MDVSA-2012:151 ] ghostscript

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:151 http://www.mandriva.com/security/ Package : ghostscript Date : September 12, 2012 Affected: Enterprise Server 5.0 Problem Description: A security issue was identified and fixed in ghostscript: An integer...

NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email

Critical vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a critical vulnerability in Symantec Messaging Gateway Impact: Out-of-band stored XSS via email Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of the software...

IBM SDK, Java Technology Edition multiple security vulnerabilities

More than 10 different vulnerabilities with sanbox bypass...

[USN-1559-1] GIMP vulnerabilities

========================================================================== Ubuntu Security Notice USN-1559-1 September 10, 2012 gimp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure

Low risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a low risk vulnerability in Symantec Messaging Gateway Impact: Unauthenticated detailed version disclosure Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of th...

gimp multiple security vulnereabilities

Memory corruption on FIT, GIF, KiSS images parsing...

NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account

High risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a High risk vulnerability in Symantec Messaging Gateway Impact: Unauthorised SSH access Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of the software has bee...

NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator

High risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a high risk vulnerability in Symantec Messaging Gateway Impact: Addition of a backdoor administrator via CSRF Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version o...

ISC bind DoS

Crash on oversized resource record processing...

[SECURITY] [DSA 2548-1] tor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2548-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 13, 2012 http://www.debian.org/security/faq -...

[USN-1567-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1567-1 September 14, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-1566-1] Bind vulnerability

========================================================================== Ubuntu Security Notice USN-1566-1 September 13, 2012 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-1570-1] GnuPG vulnerability

========================================================================== Ubuntu Security Notice USN-1570-1 September 17, 2012 gnupg, gnupg2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060)

VUPEN Security Research - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free CVE-2012-1856 / MS12-060 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems a...

tor security vulnerabilities

DoS conditions, information leakage...

Microsoft Visual Studio Team Foundation Server crossite scripting

No description provided...

VUPEN - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution (APSB12-19)

VUPEN Security Research - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution APSB12-19 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime tha...

GnuPG key spoofing

Invalid key id usage with a key server...

Linux kernel multiple security vulnerabilities

DoS conditions, information leakage...

ISC dhcp multiple security vulnerabilities

Multiple DoS conditions...

VUPEN - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58)

VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free CVE-2012-3958 / MFSA 2012-58 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser and...

[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods

PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2012-06 Released on: 10 September 2012 Affected product: FreeRADIUS 2.1.10 - 2.1.12 Impact: remote code execution Origin: specially crafted client certificates CVSS Base Score: 10 Impact Subscore: 10 Exploitability Subscore: 1...

FreeRADIUS buffer overflow

Buffer overflow on EAP-TLS processing...

Adobe Flash Player multiple security vulnerabilities

Multiple memory corruptions, information leak, integer overflow...

[ MDVSA-2012:153 ] dhcp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:153 http://www.mandriva.com/security/ Package : dhcp Date : September 16, 2012 Affected: Enterprise Server 5.0 Problem Description: A security issue was identified and fixed in dhcp: ISC DHCP 4.1.x before...

[SECURITY] [DSA 2546-1] freeradius security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2546-1 [email protected] http://www.debian.org/security/ Nico Golde September 11, 2012 http://www.debian.org/security/faq -...

Microsoft System Center Configuration Manager crossite scripting

No description provided...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Privilege escalation, multiple memory corruptions, buffer overflows, use-after-free, etc...

Microsoft libraries security vulnerabilities

MSCOMCTL.OCX ActiveX code execution...

HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino

Hello 3APA3A! I want to warn you about HTTP Response Splitting and Cross-Site Scripting vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3301. ------------------------- Affected products:...

[SECURITY] [DSA 2538-1] moin security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2538-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 05, 2012 http://www.debian.org/security/faq -...