47153 matches found
[SE-2012-01] information regarding recently discovered Java 7 attack
Hello All, This post is made in reference to recently discovered attack against Java SE 7 platform 12. We discovered that the vulnerabilities used by the attack code are similar to some of the weaknesses that we have found as part of our SE-2012-01 Java SE security research project 3. The recentl...
OpenOffice security vulnerabilities
Multiple buffer overflows...
US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-240A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: August 27, 2012 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including: Java Platform...
ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-166 : 0Day HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-166 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affect...
HP Integrity Server DoS
No description provided...
HP Operations Agent for NonStop Server code execution
Code execution on TCP/7771 and TCP/8976 packets parsing...
HP Fortify Software Security Center security vulnerabilities
Information leakage...
ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-148 August 22, 2012 - -- CVE ID: CVE-2012-0232 - -- CVSS: 9.4,...
Symantec Endpoint Protection code execution
Multiple security vulnerabilities on TCP/8433 https request parsing...
GIMP security vulnerabilities
Memory corruptions on KISS CEL and GIF parsing...
HP Serviceguard DoS
No description provided...
Apple WebKit (iTunes, iPhone, Safari, Google Chrome) multiple security vulnerabilities
70 of different memory corruption vulnerabilities, crossite scripting, information leakage...
ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-146 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Novell - -...
ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-165 : 0Day HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-165 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...
Lsoft ListServ crossite scripting
Crossite scripting via Web interface...
ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-153 August 22, 2012 - -- CVE ID: CVE-2012-0670 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
[security bulletin] HPSBMU02800 SSRT100921 rev.1 - HP Service Manager and HP Service Center Server, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03447828 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03447828 Version: 1 HPSBMU02800...
ZDI-12-162 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-162 : 0Day HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-162 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-163 : 0Day HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-163 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
HP Service Manager security vulnerabilities
DoS, crossite scriptings...
HP Intelligent Management code execution
img.exe code execution on TCP/8800 request parsing...
CVE-2011-0340
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-155 August 22, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affecte...
Fortify Software Security Center
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03447895 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03447895 Version: 1 HPSBMU02802...
ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-151 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Oracle - --...
Xend DoS conditions
Different DoS conditions...
[ MDVSA-2012:142 ] gimp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:142 http://www.mandriva.com/security/ Package : gimp Date : August 21, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in gimp: A...
Cisco AnyConnect Secure Mobility Client multiple security vulnerabilities
Code execution, protection bypass...
ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-164 : 0Day HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-164 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...
[FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS
============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2012-001 - Original release date: August 16, 2012 - Discovered by: Jose Carlos de Arriba Penetration Testing Team Lead at Foreground Security - Contact: jcarriba at foregroundsecurity dot com, dade...
HP LeftHand Virtual SAN Appliance unauthorized access
TCP/13841 service authentication bypass...
ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-149 August 22, 2012 - -- CVE ID: CVE-2012-2494 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...
ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-145 August 22, 2012 - -- CVE ID: CVE-2012-0289 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...
Apple QuickTime multiple security vulnerabilities
Multiple vulnerabilities in TexML, H.264, MP4, MPEG, PNG, QTVR, JPEG2000, PICT and different audio and video formats parsing...
Novell eDirectory buffer overflow
Buffer overflow in RelativeToFullDN on LDAP request processing...
[security bulletin] HPSBMU02801 SSRT100879 rev.1 - HP Fortify Software Security Center, Remote Unauthenticated Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03447824 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03447824 Version: 1 HPSBMU02801...
PostgreSQL privilege escalation
Privilege escalations via XML2 extension...
[security bulletin] HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2, BL870c i2, BL890c i2, Potential Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03450553 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03450553 Version: 1 HPSBHF02804...
[SECURITY] [DSA 2531-1] xen security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2531-1 [email protected] http://www.debian.org/security/ Luciano Bello August 18, 2012 http://www.debian.org/security/faq -...
Nova security vulnerabilities
Privilege escalation, DoS...
GE Proficy Real-Time Information Portal code execution
Code execution on TCP/5159 traffic parsing...
ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-154 August 22, 2012 - -- CVE ID: CVE-2012-2174 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-147 August 22, 2012 - -- CVE ID: CVE-2011-3897 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affecte...
APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1 Apple Remote Desktop 3.6.1 is now available and addresses the following: Apple Remote Desktop Available for: Apple Remote Desktop 3.0 or later Impact: Connecting to a third-party VNC server with "Encryp...
ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-150 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Oracle - -- Affected...
[USN-1542-1] PostgreSQL vulnerabilities
========================================================================== Ubuntu Security Notice USN-1542-1 August 21, 2012 postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities ========================================================================== A security issue affects these...
ImageMagic memory corruption
Memory corruption on PNG processing...
ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability EMC Identifier: ESA-2012-039 CVE Identifier: CVE-2012-2289 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: EMC ApplicationXtender Desktop 6...
OpenLDAP DoS
assert on attrsOnly search request...
[USN-1545-1] Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1545-1 August 22, 2012 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[USN-1544-1] ImageMagick vulnerability
========================================================================== Ubuntu Security Notice USN-1544-1 August 22, 2012 imagemagick vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...