47153 matches found
NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution
High Risk Vulnerability in Apple Mac OS X Lion 27 September 2012 Andy Davis of NCC Group has discovered a High risk vulnerability in Apple OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4. Impact: Arbitrary Code Execution bug triggered by USB device insertion Versions affected: Mac O...
MF Gig Calendar Wordpress Plugin - Cross-Site Scripting
/--------------------------------------------------------- | MF Gig Calendar Wordpress Plugin - Cross-Site Scripting | ---------------------------------------------------------/ Summary ======= MF Gig Calendar 0.9.2 is subject to a cross-site scripting vulnerability. The value of a generic...
Transmission crossite scripting
Transmission web client crossite scripting...
CVE-2012-0862
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:155 http://www.mandriva.com/security/ Package : xinetd Date : September 28, 2012 Affected: Enterprise Server 5.0 Problem Description: A security issue was identified and fixed in xinetd: builtins.c in Xinetd...
[ MDVSA-2012:154 ] apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:154 http://www.mandriva.com/security/ Package : apache Date : September 28, 2012 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in apache ASF HTTPD...
Cisco Catalyst switches DoS
Crash on malformed packet parsing...
APPLE-SA-2012-09-19-3 Safari 6.0.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-3 Safari 6.0.1 Safari 6.0.1 is now available and addresses the following: Safari Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1 Impact: Opening a maliciously crafted downloaded HTML...
Apple Safari / WebKit / Google Chrome multiple security vulnerabilities
Information leakage, memory corruptions...
US-CERT Alert TA12-265A - Microsoft Releases Patch for Internet Explorer Exploit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-265A Microsoft Releases Patch for Internet Explorer Exploit Original release date: September 21, 2012 Last revised: -- Systems Affected Microsoft Internet Explorer 6 Microsoft Internet Explorer 7...
APPLE-SA-2012-09-19-1 iOS 6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the...
Apple iOS multiple security vulnerabilities
Large number of vulnerabilities in different components...
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following: Apache Available for: Mac OS X...
Symantec Messaging Gateway backdoor
User 'support' with known insecure password is available by default...
gimp multiple security vulnereabilities
Memory corruption on FIT, GIF, KiSS images parsing...
Apple RemoteDesktop information leakage
VNC enctyprion settings are ignored...
IBM SDK, Java Technology Edition multiple security vulnerabilities
More than 10 different vulnerabilities with sanbox bypass...
[USN-1559-1] GIMP vulnerabilities
========================================================================== Ubuntu Security Notice USN-1559-1 September 10, 2012 gimp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator
High risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a high risk vulnerability in Symantec Messaging Gateway Impact: Addition of a backdoor administrator via CSRF Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version o...
NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure
Low risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a low risk vulnerability in Symantec Messaging Gateway Impact: Unauthenticated detailed version disclosure Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of th...
NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account
High risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a High risk vulnerability in Symantec Messaging Gateway Impact: Unauthorised SSH access Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of the software has bee...
APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3 Apple Remote Desktop 3.5.3 is now available and addresses the following: Apple Remote Desktop Available for: Apple Remote Desktop 3.0 or later Impact: Connecting to a third-party VNC server with "Encryp...
[SE-2012-01] Security vulnerabilities in IBM Java
Hello All, Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software 1. This is IBM 2 implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead t...
NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email
Critical vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a critical vulnerability in Symantec Messaging Gateway Impact: Out-of-band stored XSS via email Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of the software...
[ MDVSA-2012:151 ] ghostscript
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:151 http://www.mandriva.com/security/ Package : ghostscript Date : September 12, 2012 Affected: Enterprise Server 5.0 Problem Description: A security issue was identified and fixed in ghostscript: An integer...
NGS00266 Patch Notification: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL
Medium risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a Medium risk vulnerability in Symantec Messaging Gateway Impact: Authenticated arbitrary file download Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of th...
US-CERT Alert TA12-262A - Microsoft Security Advisory for Internet Explorer Exploit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-262A Microsoft Security Advisory for Internet Explorer Exploit Original release date: September 18, 2012 Last revised: -- Systems Affected Microsoft Internet Explorer 7 Microsoft Internet Explorer 8...
icclib / ghostscript integer overflow
Integer overflow on PostScript/PDF embedded images parsing...
VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060)
VUPEN Security Research - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free CVE-2012-1856 / MS12-060 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems a...
Adobe Flash Player multiple security vulnerabilities
Multiple memory corruptions, information leak, integer overflow...
VUPEN - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58)
VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free CVE-2012-3958 / MFSA 2012-58 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser and...
GnuPG key spoofing
Invalid key id usage with a key server...
Microsoft System Center Configuration Manager crossite scripting
No description provided...
ISC bind DoS
Crash on oversized resource record processing...
[USN-1570-1] GnuPG vulnerability
========================================================================== Ubuntu Security Notice USN-1570-1 September 17, 2012 gnupg, gnupg2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Microsoft Visual Studio Team Foundation Server crossite scripting
No description provided...
[USN-1566-1] Bind vulnerability
========================================================================== Ubuntu Security Notice USN-1566-1 September 13, 2012 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Privilege escalation, multiple memory corruptions, buffer overflows, use-after-free, etc...
ISC dhcp multiple security vulnerabilities
Multiple DoS conditions...
VUPEN - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution (APSB12-19)
VUPEN Security Research - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution APSB12-19 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime tha...
[SECURITY] [DSA 2546-1] freeradius security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2546-1 [email protected] http://www.debian.org/security/ Nico Golde September 11, 2012 http://www.debian.org/security/faq -...
[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods
PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2012-06 Released on: 10 September 2012 Affected product: FreeRADIUS 2.1.10 - 2.1.12 Impact: remote code execution Origin: specially crafted client certificates CVSS Base Score: 10 Impact Subscore: 10 Exploitability Subscore: 1...
FreeRADIUS buffer overflow
Buffer overflow on EAP-TLS processing...
[SECURITY] [DSA 2548-1] tor security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2548-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 13, 2012 http://www.debian.org/security/faq -...
tor security vulnerabilities
DoS conditions, information leakage...
[ MDVSA-2012:153 ] dhcp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:153 http://www.mandriva.com/security/ Package : dhcp Date : September 16, 2012 Affected: Enterprise Server 5.0 Problem Description: A security issue was identified and fixed in dhcp: ISC DHCP 4.1.x before...
Microsoft libraries security vulnerabilities
MSCOMCTL.OCX ActiveX code execution...
[USN-1567-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1567-1 September 14, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Linux kernel multiple security vulnerabilities
DoS conditions, information leakage...
HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino
Hello 3APA3A! I want to warn you about HTTP Response Splitting and Cross-Site Scripting vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3301. ------------------------- Affected products:...
[CVE-2012-3373] Apache Wicket XSS vulnerability via manipulated URL parameter
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x and 1.5.x Description: https://wicket.apache.org/2012/09/06/cve-2012-3373.html It is possible to inject JavaScript statements into an ajax link by adding an encoded null byte to a URL pointing to a...