47153 matches found
[USN-1522-1] QEMU vulnerability
========================================================================== Ubuntu Security Notice USN-1522-1 August 02, 2012 qemu-kvm vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] [DSA 2520-1] openoffice.org security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2520-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez August 01, 2012 http://www.debian.org/security/faq -...
libjpeg-turbo
Buffer overflow on JPEG decoding...
MITKRB5-SA-2012-001: KDC heap corruption and crash [CVE-2012-1014 CVE-2012-1015]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2012-001 MIT krb5 Security Advisory 2012-001 Original release: 2012-07-31 Topic: KDC heap corruption and crash vulnerabilities CVE-2012-1015: KDC frees uninitialized pointer CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2...
MIT Kerberos 5 security vulnerabilities
Uninitialized pointer free, DoS...
QEMU sumbolic links vulnerability
Symbolic links vulnerability on snapshot creation...
[ MDVSA-2012:121 ] libjpeg-turbo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:121 http://www.mandriva.com/security/ Package : libjpeg-turbo Date : August 1, 2012 Affected: 2011. Problem Description: A vulnerability has been discovered and corrected in libjpeg-turbo: A Heap-based buffe...
libxslt DoS
No description provided...
[ MDVSA-2012:109 ] libxslt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:109 http://www.mandriva.com/security/ Package : libxslt Date : July 23, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in libxslt: The XSL...
file clobbering vulnerability in Solaris update manager & local root with SUNWbindr install.
Hi list, Two small problems I noticed with Oracle Solaris Update Manager and the latest patch cluster on Solaris 10 x86. += Local Root If the system administrator is updating the system using update manager or smpatch multi user mode a race condition exists with the postinstall script for SUNWbin...
PHP security vulnerabilities
phpstreamscandir overflow, SQLite functionality openbasedir protection bypass...
[ MDVSA-2012:108 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:108 http://www.mandriva.com/security/ Package : php Date : July 23, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php:...
[ MDVSA-2012:114 ] apache-mod_auth_openid
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:114 http://www.mandriva.com/security/ Package : apache-modauthopenid Date : July 26, 2012 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in...
[USN-1518-1] Bind vulnerability
========================================================================== Ubuntu Security Notice USN-1518-1 July 26, 2012 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
ISC bind DoS
Crash because of incorrect failed requests cache implementation...
[ MDVSA-2012:117 ] python-pycrypto
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:117 http://www.mandriva.com/security/ Package : python-pycrypto Date : July 27, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in...
Apache mod_auth_openid weak permissions
/tmp/modauthopenid.db weak permissions...
[ MDVSA-2012:115 ] dhcp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:115 http://www.mandriva.com/security/ Package : dhcp Date : July 26, 2012 Affected: 2011. Problem Description: Multiple vulnerabilities has been discovered and corrected in ISC DHCP: An unexpected client...
python multiple security vulnerabilities
DoS, crissoite scripting, information leakage...
Event Calendar PHP 1.2 - Multiple Web Vulnerabilites
Title: ====== Event Calendar PHP 1.2 - Multiple Web Vulnerabilites Date: ===== 2012-06-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=607 VL-ID: ===== 607 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: ============= Event...
Jrobalian CMS SQL Injection Vulnerability
===================================================== Jrobalian CMS SQL Injection Vulnerability ===================================================== :----------------------------------------------------------------------------------------------------------------------------------------: :...
Google Chrome 19 metro_driver.dll mishandling
Security Advisory - Google Chrome 19 metrodriver.dll mishandling ======================================================================== Summary : Google Chrome 19 is prone to unqualified DLL loading Date : 28 June 2012 Affected versions : Google Chrome v19.0.1084.21 up-to v20.0.1132.23 ID :...
[SECURITY] [DSA 2515-1] nsd3 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2515-1 [email protected] http://www.debian.org/security/ Nico Golde July 19, 2012 http://www.debian.org/security/faq -...
nsd DNS server DoS
NULL pointer dereference on malformed DNS packet processing...
Metasploit pcap_log symbolic links vulnerability
Symbolic links vulnerability on temporary file creation...
PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities
Title: ====== PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=623 VL-ID: ===== 625 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= PBBoard...
SMF Board v2.0.2 - Multiple Web Vulnerabilities
Title: ====== SMF Board v2.0.2 - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=596 VL-ID: ===== 624 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: ============= Simple...
AVAVoIP v1.5.12 - Multiple Web Vulnerabilities
Title: ====== AVAVoIP v1.5.12 - Multiple Web Vulnerabilities Date: ===== 2012-06-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=437 VL-ID: ===== 611 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= Designed fr...
VamCart v0.9 CMS - Multiple Web Vulnerabilities
Title: ====== VamCart v0.9 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=622 VL-ID: ===== 622 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= VamCart is a...
Google Chrome DLL spoofing
Unsafe metrodriver.dll loading...
[security bulletin] HPSBGN02787 SSRT100876 rev.1 - HP AssetManager, Remote Cross Site Scripting (XSS) and Unauthorized Data Modification
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03403333 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03403333 Version: 1 HPSBGN02787...
HP AssetManager crossite scripting
Multiple crossite scripting possibilities...
HP StorageWorks code execution
Few vulnerabilities in File Migration Agent TCP/9111 service...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability
Title: ====== Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability Date: ===== 2012-05-29 References: =========== http://www.blackboard.com/Platforms/Learn/Overview.aspx VL-ID: ===== 580 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...
MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
Advisory: MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities Advisory ID: SSCHADV2012-017 Author: Stefan Schurtz Affected Software: Successfully tested on MGB OpenSource Guestbook 0.6.9.1 Vendor URL: http://www.m-gb.org Vendor Status: fixed ========================== Vulnerability...
WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities
Advisory: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-015 Author: Stefan Schurtz Affected Software: Successfully tested on 'Count Per Day' 3.1.1 Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day Vendor Status: fixed...
DomsHttpd DoS
Crash on Referer: header processing...
DomsHttpd 1.0 <= Remote Denial Of Service
DomsHttpd 1.0 = Remote Denial Of Service Discovered by: Jean Pascal Pereira [email protected] About DomsHttpd: "A very simple HTTP protocol program base on asynchronous socket model." Vendor URI: http://domshttpd.codeplex.com/ The remote attacker has the possibility to crash the application by...
ZDI-12-127 : (0Day) HP StorageWorks File Migration Agent RsaFTP.dll Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-127 : 0Day HP StorageWorks File Migration Agent RsaFTP.dll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-127 July 18, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
ZDI-12-126 : (0 day) HP StorageWorks File Migration Agent RsaCIFS.dll Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-126 : 0 day HP StorageWorks File Migration Agent RsaCIFS.dll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-126 July 18, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
CakePHP 2.x-2.2.0-RC2 XXE Injection
Exploit title: CakePHP XXE injection Date: 01.07.2012 Software Link: http://www.cakephp.org Vulnerable version: 2.x - 2.2.0-RC2 Tested on: Windows and Linux Author: Pawel Wylecial http://h0wl.pl 1. Background Short description from the project website: "CakePHP makes building web applications...
0A29-12-2 :Metasploit 'pcap_log' plugin privilege escalation vulnerability
================ 0A29-12-2 : Metasploit 'pcaplog' plugin privilege escalation vulnerability Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Metasploit plugin 'pcaplog' is vulnerable to an arbitrary file...
libexif project security advisory July 12, 2012
libexif project security advisory July 12, 2012 PROBLEM DESCRIPTION A number of remotely exploitable issues were discovered in libexif and exif, with effects ranging from information leakage to potential remote code execution. The issues are: CVE-2012-2812: A heap-based out-of-bounds array read i...
libexif / exif multiple security vulnerabilities
Buffer overflows, integer overflows, DoS conditions...
Dr.Web antivirus SQL injection
SQL injection in com.drweb.activities.antispam.CursorActivity class of android antivirus allows untrusted applications to access SMS archive...
CORE-2011-1123 - Windows Kernel ReadLayoutFile Heap Overflow
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Windows Kernel ReadLayoutFile Heap Overflow 1. Advisory Information Title: Windows Kernel ReadLayoutFile Heap Overflow Advisory ID: CORE-2011-1123 Advisory URL: http://www.coresecurity.com/content/windows-kernel-readlayoutfile Da...
[PT-2012-23] SQL Injection in Dr.Web Anti-virus
----------------------------------------------------------------------------- PT-2012-23 Positive Technologies Security Advisory SQL Injection in Dr.Web Anti-virus ----------------------------------------------------------------------------- --- Vulnerable software Dr.Web Anti-virus Version: 7.00...
[ MDVSA-2012:104 ] openjpeg
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:104 http://www.mandriva.com/security/ Package : openjpeg Date : July 12, 2012 Affected: 2011. Problem Description: Multiple vulnerabilities has been discovered and corrected in openjpeg: OpenJPEG allocated...
XSS, Redirector and CSRF vulnerabilities in WordPress
Hello 3APA3A! After seven previous vulnerabilities in Akismet, here are new holes. They take place in plugin Akismet for WordPress and it's core-plugin since version WP 2.0, so these vulnerabilities concern WordPress itself. This is the second in series of advisories concerning vulnerabilities in...