EMC Celerra/VNX/VNXe unauthorized access

NFS access restriction vulnerabilities...

Cisco TelePresence applications multiple security vulnerabilities

DoS, commands injection, code execution...

ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-023: RSA® Authentication Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-023 CVE Identifier: CVE-2012-2278, CVE-2012-2279, CVE-2012-2280 Severity Rating: See below for scores for individual issues Affected Products: RSA Authenticati...

Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities

Title: ====== Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities Date: ===== 2012-06-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=617 VL-ID: ===== 617 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...

ZDI-12-123: EMC AutoStart ftAgent Opcode 50 Subcode 60 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-123: EMC AutoStart ftAgent Opcode 50 Subcode 60 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-123 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

XSS, Redirector and CSRF vulnerabilities in WordPress

Hello 3APA3A! After seven previous vulnerabilities in Akismet, here are new holes. They take place in plugin Akismet for WordPress and it's core-plugin since version WP 2.0, so these vulnerabilities concern WordPress itself. This is the second in series of advisories concerning vulnerabilities in...

[ MDVSA-2012:106 ] libexif

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:106 http://www.mandriva.com/security/ Package : libexif Date : July 13, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in libexif:...

automake race conditions

No description provided...

[ MDVSA-2012:103 ] automake

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:103 http://www.mandriva.com/security/ Package : automake Date : July 12, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in automake: A race...

[SECURITY] [DSA 2512-1] mono security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2512-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 12, 2012 http://www.debian.org/security/faq -...

ZDI-12-124: EMC AutoStart ftAgent Opcode 50 Subcode 42 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-124: EMC AutoStart ftAgent Opcode 50 Subcode 42 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-124 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

ZDI-12-120: EMC AutoStart ftAgent Opcode 85 Subcode 22 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-120: EMC AutoStart ftAgent Opcode 85 Subcode 22 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-120 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

[ MDVSA-2012:104 ] openjpeg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:104 http://www.mandriva.com/security/ Package : openjpeg Date : July 12, 2012 Affected: 2011. Problem Description: Multiple vulnerabilities has been discovered and corrected in openjpeg: OpenJPEG allocated...

ZDI-12-122: EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-122: EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-122 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: EM...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

ZDI-12-115 : HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-115 : HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-115 July 12, 2012 - -- CVE ID: CVE-2012-2020 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

Multiple Cross-Site Scripting (XSS) in Kajona

Advisory ID: HTB23097 Product: Kajona Vendor: www.kajona.de Vulnerable Versions: 3.4.1 and probably prior Tested Version: 3.4.1 Vendor Notification: 20 June 2012 Vendor Patch: 26 June 2012 Public Disclosure: 11 July 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-3805...

TPLink Gateway multiple security vulnerabilities

Multiple vulnerabilities in Web interface...

Multiple CSRF Vulnerabilities in [GLPI Version 0.83.2]

Hi, This is regarding multiple CSRF Cross Site Request Forgery Vulnerabilities in GLPI Version 0.83.2. The following is the disclosure document: Title: Multiple CSRF Vulnerabilities in GLPI Version 0.83.2 ------------------------------------------------------------------------...

ZDI-12-117 : EMC AutoStart ftAgent Opcode 50 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-117 : EMC AutoStart ftAgent Opcode 50 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-117 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: E...

HP Operations Agent code execution

coda.exe buffer overflow on HTTP GET request processing...

Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities

Title: ====== Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities Date: ===== 2012-06-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=526 VL-ID: ===== 526 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= Die...

[USN-1503-1] Rhythmbox vulnerability

========================================================================== Ubuntu Security Notice USN-1503-1 July 11, 2012 rhythmbox vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

PHP Jobsite v1.36 - Cross Site Scripting Vulnerabilities

Title: ====== PHP Jobsite v1.36 - Cross Site Scripting Vulnerabilities Date: ===== 2012-06-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=616 VL-ID: ===== 616 Common Vulnerability Scoring System: ==================================== 2.3 Introduction: =============...

Rhythmbox code execution

No description provided...

AirDroid multiple security vulnerabilities

Multiple cryptography weaknesses...

ZDI-12-119: EMC AutoStart ftAgent Opcode 0x41 Subcode 0x00 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-119: EMC AutoStart ftAgent Opcode 0x41 Subcode 0x00 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-119 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...

TP Link Gateway v3.12.4 - Multiple Web Vulnerabilities

Title: ====== TP Link Gateway v3.12.4 - Multiple Web Vulnerabilities Date: ===== 2012-06-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=613 VL-ID: ===== 613 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: =============...

ZDI-12-114 : HP OpenView Performance Agent coda.exe Opcode 0x34 Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-114 : HP OpenView Performance Agent coda.exe Opcode 0x34 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-114 July 12, 2012 - -- CVE ID: CVE-2012-2019 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

ZDI-12-121: EMC AutoStart ftAgent Opcode 85 Subcode 01 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-121: EMC AutoStart ftAgent Opcode 85 Subcode 01 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-121 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

EMC RSA Authentication Manager multiple security vulnerabilities

Crossite scripting, open redirection...

ZDI-12-118: EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-118: EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-118 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

ESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability EMC Identifier: ESA-2012-027 CVE Identifier: CVE-2012-2282 Severity Rating: CVSS v2 Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected products: EMC Celerra Network Server...

ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-125 July 12, 2012 - -- CVE ID: CVE-2012-0666 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Appl...

[USN-1506-1] Puppet vulnerabilities

========================================================================== Ubuntu Security Notice USN-1506-1 July 12, 2012 puppet vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SECURITY] [DSA 2510-1] extplorer security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2510-1 [email protected] http://www.debian.org/security/ Luciano Bello July 12, 2012 http://www.debian.org/security/faq -...

ZDI-12-116 : EMC AutoStart ftAgent Opcode 50 Subcode 04 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-116 : EMC AutoStart ftAgent Opcode 50 Subcode 04 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-116 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

Checkpoint Abra - Vulnerabilities

Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Authors: Belov V., Komarov A. Group-IB Summary: Check Point Abra allow...

AST-2012-010: Possible resource leak on uncompleted re-invite transactions

Asterisk Project Security Advisory - AST-2012-010 Product Asterisk Summary Possible resource leak on uncompleted re-invite transactions Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On June 13, 2012 Reported By Steve...

[SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability

CVE-2012-2138 : Apache Sling denial of service vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: org.apache.sling.servlets.post bundle up to 2.1.0 Description: The @CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of it...

[CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Users of Apache Hadoop should be aware of a security vulnerability recently discovered, as described by the following CVE. In particular, please note the "Users affected", "Versions affected", and "Mitigation" sections. The project team will be...

AST-2012-011: Remote crash vulnerability in voice mail application

Asterisk Project Security Advisory - AST-2012-011 Product Asterisk Summary Remote crash vulnerability in voice mail application Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Moderate Exploits Known No Reported On June 13, 2012 Reported By Nicolas...

[security bulletin] HPSBMU02796 SSRT100594 rev.1 - HP Operations Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03397769 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03397769 Version: 1 HPSBMU02796...

Joomla Board All Version Sql Vulnerability

Exploit Title : Joomla Board All Version Sql Vulnerability Author : Iranian Security & Research Team Discovered By : Nafsh Home : sec-lab.ir Contact : research at sec-lab dot ir Date : 22/1/2012 - 13:30 Software Link : www.joomla.org Security Risk : High...

Flogr V1.7 Xss Vulnerability

Exploit Title : Flogr V1.7 Xss Vulnerability Author : Iranian Security & Research Team Discovered By : Nafsh Home : sec-lab.ir Contact : research at sec-lab dot ir Date : 23/1/2012 - 16:00 Source : www.flogr.googlecode.com...

Asterisk security vulnerabilities

Few DoS conditions...

Gharine Cross Site Scripting Vulnerabilitiy

Exploit Title : Gharine Cross Site Scripting Vulnerabilitiy Author : Iranian Security & Research Team Discovered By : zilli0o0n Home : sec-lab.ir Contact : research at sec-lab dot ir Software Link : http://www.gharine.com/ Security Risk : high DorK : "ШСЗНн УЗнК: ЗСКИЗШ ЮСнде"...

Microsoft Office security vulnerabilities

VBA unsafe library loading, Office for Mac weak files permissions...

Checkpoint Arba protection bypass

It's possible to bypass sandbox protection...

Microsoft Sharepoint multiple security vulnerabilities

Crossite scripting, URL redirection...