47153 matches found
Asterisk security vulnerabilities
Asterisk Manager code execution, IAX2 protection bypass...
ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-179 August 29, 2012 - -- CVE ID: CVE-2012-2289 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:...
[SE-2012-01] New security issue affecting Java SE 7 Update 7
Hello All, Yesterday, an out-of-band patch was released by Oracle 1, which among other things incorporated fixes for the issues exploited by the recent Java SE 7 attack code ClassFinder / MethodFinder bugs. One of the fixes incorporated in the released update also addressed the exploitation vecto...
ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability
ZDI-12-174 : 0Day HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-174 August 29, 2012 -- CVE ID: -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard SiteScope --...
ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-178 : 0Day HP SiteScope SOAP Call update Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-178 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Hewlett-Packard - ...
Hewlett-Packard Intelligent Management Center buffer overflow
Buffer overflow in UDP/1811 service...
EMC ApplicationXtender unauthorized access
It's possible to upload files to affected system...
libgdata certificate spoofing
Certificate is not validated allowing man-in-the-middle attack...
Sistem Biwes Multiple Vulnerability`
=================================================================== Sistem Biwes Multiple Vulnerability =================================================================== Author: eidelweiss @randyarios Product / software: SISTEM BIWES Vendor Site: http://sistembiwes.com/ Product Price: RM240 /...
Wordpress fckeditor Arbitrary File Upload Vulnerability
a bug in Wordpress fckeditor that allows to us to occur a File Upload Vulnerability on a Remote machin. Exploit Title : Wordpress fckeditor Arbitrary File Upload Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://wordpress.org Security Risk :...
SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor
SEC Consult Vulnerability Lab Security Advisory 20120829-0 ======================================================================= title: Support Backdoor product: Symantec Messaging Gateway vulnerable version: 9.5.x fixed version: 10.0 CVE number: CVE-2012-3579 impact: Critical homepage:...
ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-176 : 0Day HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-176 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
ESA-2012-038: EMC NetWorker Format String Vulnerability
ESA-2012-038.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-038: EMC NetWorker Format String Vulnerability EMC Identifier: ESA-2012-038 CVE Identifier: CVE-2012-2288 Severity Rating: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC NetWorker 7.6.3 EMC NetWorker 7.6.4 EMC NetWorke...
ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-175 : 0Day HP SiteScope SOAP Call create Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-175 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Hewlett-Packard - ...
ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-173 : 0Day HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-173 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-180 August 29, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Novel...
HP SiteScope multiple security vulnerabilities
Multiple code execution possibilities via SOAP calls and UploadFileHandler...
[SECURITY] [DSA 2536-1] otrs2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2536-1 [email protected] http://www.debian.org/security/ Florian Weimer August 30, 2012 http://www.debian.org/security/faq -...
Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP...
ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-177 : 0Day HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-177 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-170 : 0Day HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-170 August 29, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-172 : 0Day HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-172 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...
Paliz CMS Full Path Disclosure Vulnerability
Title: Paliz CMS Full Path Disclosure Vulnerability Vulnerable Version: all versions Vendor URL: http://palizct.com Impact: Low =========================== Vulnerability Description: =========================== Full Path Disclosure Vulnerability, enable the attacker to see the root path...
squidguard DoS
Request to oversized URL causes protection to switch off...
GE Proficy Historian ActiveX code execution
KeyHelp code execution...
ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-168 August 29, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-171 : 0Day Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-171 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...
Exploit Title: Mihalism Multi Host v 5.0
Exploit Title: Mihalism Multi Host v 5.0 Google Dork: intext:"powered by Mihalism Multi Host" Date: 2012/8/25 Discovered By : Explo!ter Software Link: http://www.mihalismscript.com/ Version: 5.0 Tested on: Linux Contact : Emperor-team.org Spt to : Stokke Details : ++++++++++++++++++++++++++ the...
ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-181 August 29, 2012 - -- CVE ID: CVE-2011-4186 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affect...
Novell iPrint buffer overflow
nipplib buffer overflow...
Cross-Site Scripting (XSS) in Phorum
Advisory ID: HTB23109 Product: Phorum Vendor: Phorum Team Vulnerable Versions: 5.2.18 and probably prior Tested Version: 5.2.18 Vendor Notification: August 8, 2012 Public Disclosure: August 29, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4234 CVSSv2 Base Score: 4....
AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users
Asterisk Project Security Advisory - AST-2012-013 Product Asterisk Summary ACL rules ignored when placing outbound calls by certain IAX2 users Nature of Advisory Unauthorized use of system Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known None Reported On 07/27/2012...
XSS in PrestaShop
Advisory ID: HTB23091 Product: PrestaShop Vendor: PrestaShop, Inc. Vulnerable Versions: 1.4.7, 1.4.8 and probably prior Tested Version: 1.4.7, 1.4.8 Vendor Notification: May 9, 2012 Public Disclosure: August 29, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-2517...
[security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03473527 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03473527 Version: 1 HPSB3C02809...
HP iNode Management Center code execution
iNodeMngChecker.exe code execution on TCP/9090 request parsing...
EMC Networker formatstring vulnerability
Format string vulnerability on RPC request parsing...
[USN-1547-1] libGData, evolution-data-server vulnerability
========================================================================== Ubuntu Security Notice USN-1547-1 August 28, 2012 libgdata, evolution-data-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu a...
Chamilo 1.8.8.4 Multiple Vulnerabilities
Chamilo 1.8.8.4 Multiple Vulnerabilities ======================== CVE: CVE-2012-4029 Issue: Reflected XSS PHPSELF in third-party app, Stored XSS PHPSELF XSS http://chamilo-1.8.8.4/main/inc/lib/phpdocx/pdf/www/examples.php/'"img src=404 onerror=alert1 Stored XSS unfiltered input categoryname...
ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-182 August 29, 2012 - -- CVE ID: CVE-2012-2289 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affect...
Java environment limitations bypass
There are few ways to bypass limitations and execute privileged code from the applet...
[SECURITY] [DSA 2537-1] typo3-src security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2537-1 [email protected] http://www.debian.org/security/ Florian Weimer August 30, 2012 http://www.debian.org/security/faq -...
squidGuard 1.4 - Remote Denial of Service - POC
We're using squidGuard 1.4 and discovered a possible denial of service. When a user is accessing a very long URL, a internal buffer is too small and squidguard is entering emergency mode. In this mode, no blocking is done anymore. The URL for reference:...
IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities
Hello 3APA3A! This month at 15th of August IBM released the advisory about IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities, which I've informed them about in May. This is only the part of all vulnerabilities, which I've found in their software, and they are worki...
InduSoft Thin Client ActiveX buffer overflow
ISSymbol.ocx InternationalOrder paramter heap overflow...
CommPort 1.01 <= SQL Injection Vulnerability
-------------------------------------------- CommPort 1.01 = SQL Injection Vulnerability -------------------------------------------- Discovered by: Jean Pascal Pereira [email protected] Vendor information: "A 'Community Portal' generator that can be tailored for any location. Each user gets a...
ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability
ESA-2012-034.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-034: EMC Cloud Tiering Appliance CTA Authentication Bypass Vulnerability EMC Identifier: ESA-2012-034 CVE Identifier: CVE-2012-2285 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC...
EMC Cloud Tiering Appliance authentication bypass
Authentication bypass is possible...
US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-240A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: August 27, 2012 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including: Java Platform...
libgc integer overflows
Multiple integer overflows in malloc / calloc implementations...