HP Device Access Manager for Protect Tools Information Store ActiveX memory corruption

Buffer overflows in different methods...

Basilic RCE bug

Hi Dear Sir Basilic is an Automated Bibliography Server for Research Publications Diffusion that use by many research center. there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server. sample:...

[USN-1485-1] AccountsService vulnerability

========================================================================== Ubuntu Security Notice USN-1485-1 June 28, 2012 accountsservice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities

Title: ====== Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities Date: ===== 2012-06-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=605 VL-ID: ===== 605 Common Vulnerability Scoring System: ==================================== 5.5 Introduction:...

CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability

Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: Roller trusts bloggers to post HTML and JavaScript code in the weblog and for some sites this can be a problem...

CLscript CMS v3.0 - Multiple Web Vulnerabilities

Title: ====== CLscript CMS v3.0 - Multiple Web Vulnerabilities Date: ===== 2012-05-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=574 VL-ID: ===== 574 Common Vulnerability Scoring System: ==================================== 8.6 Introduction: ============= With the...

[security bulletin] HPSBGN02750 SSRT100795 rev.1 - HP ProtectTools Enterprise Device Access Manager Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03243374 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03243374 Version: 1 HPSBGN02750...

[ MDVSA-2012:096-1 ] python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:096-1 http://www.mandriva.com/security/ Package : python Date : July 2, 2012 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in python: The ssl...

plow 0.0.5 <= Buffer Overflow Vulnerability

plow 0.0.5 = Buffer Overflow Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "plow is a command line playlist generator." Vendor URI: http://developer.berlios.de/projects/plow/ Risk-level: Medium The application is prone to a local buffer overflow...

bcfg2 shell chatacters vulnerability

It's possible to execute code as a root...

plow 0.0.5 <= Buffer Overflow Vulnerability

plow 0.0.5 = Buffer Overflow Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "plow is a command line playlist generator." Vendor URI: http://developer.berlios.de/projects/plow/ Risk-level: Medium The application is prone to a local buffer overflow...

[security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03343724 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03343724 Version: 1 HPSBMU02783...

[USN-1444-1] BackupPC vulnerability

========================================================================== Ubuntu Security Notice USN-1444-1 May 17, 2012 backuppc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

Уязвимости в LIOOSYS CMS

Здравствуйте 3APA3A! Сообщаю вам о SQL Injection и Information Leakage уязвимостях в LIOOSYS CMS. Это польская коммерческая CMS. SQL Injection WASC-19: http://site/index.php?id=-120union20select201,version,3,4,5/ Information Leakage WASC-13: http://site/files/db.log Утечка лога ошибок запросов к...

HP Photosmart printers DoS

No description provided...

Forum Oxalis 0.1.2 <= SQL Injection Vulnerability

Forum Oxalis 0.1.2 = SQL Injection Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Forum Oxalis is a minimalis GPL PHP forum using CSS." Vendor URI: http://developer.berlios.de/projects/forumoxalis/ Risk-level: High The application is prone to a remote SQL...

NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection

High Risk Vulnerability in Nagios XI Network Monitor 2 July 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor Impact: Nagios XI Network Monitor OS Command Injection Versions affected: Nagios XI Network Monitor 2011R1.9 An updated version of the...

NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS

High Risk Vulnerability in Nagios XI Network Monitor 2 July 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor Impact: Nagios XI Network Monitor Stored and Reflected XSS Versions affected: Nagios XI Network Monitor 2011R1.9 An updated version of...

MIT Kerberos 5 kadmind DoS

NULL pointer dereference...

CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Lattice Diamond Programmer Buffer Overflow 1. Advisory Information Title: Lattice Diamond Programmer Buffer Overflow Advisory ID: CORE-2012-0530 Advisory URL:...

VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876)

VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow MS12-037 / CVE-2012-1876 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by...

Webify Product Series - Multiple Web Vulnerabilities

Title: ====== Webify Product Series - Multiple Web Vulnerabilities Date: ===== 2012-06-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=598 VL-ID: ===== 598 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= Webif...

SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure

SEC Consult Vulnerability Lab Security Advisory 20120618-0 ======================================================================= title: WD ShareSpace WEB GUI Sensitive Data Disclosure product: WD ShareSpace network storage system vulnerable version: WD ShareSpace = v2.3.02 D and E series fixed...

Cisco Application Control Engine privilege escalation

Context administrator can access wrong context...

HP Business Service Management multiple security vulnerabilities

Information leakage, unauthorized access, DoS...

Lattice Diamond Programmer buffer overflow

Code execution via .xcf files...

VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875)

VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free MS12-037 / CVE-2012-1875 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by...

SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass

SEC Consult Vulnerability Lab Security Advisory 20120618-1 ======================================================================= title: Airlock WAF overlong UTF-8 sequence bypass product: Airlock vulnerable version: = 4.2.4 without hotfix HF4213 fixed version: 4.2.5 impact: critical homepage:...

Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy

a bug in Mybb 1.6.8 'announcements.php' that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://www.mybb.com/ Security Risk...

Western Digital ShareSpace information leakage

It's possible to access configuration files via Web interface...

traq-2.3.5_CSRF_XSS_SQL_INjeCTION_vulns

==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...

Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007

Sense of Security - Security Advisory - SOS-12-007 Release Date. 14-Jun-2012 Last Update. - Vendor Notification Date. 02-Apr-2012 Product. Squiz CMS Platform. Independent Affected versions. Squiz 4.6.3 verified and possibly others Severity Rating. Medium Impact. Exposure of session information...

Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability Advisory ID: cisco-sa-20120620-ace Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT +---------------------------------------------------------------------...

Cisco ASA DoS

It's possible to reboot device remotely...

VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037)

VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free MS12-037 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft an...

FreeBSD kernel privilege escalation

Privilege escalation on susret on some CPUs...

[security bulletin] HPSBMU02792 SSRT100820 rev.1 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03377648 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03377648 Version: 1 HPSBMU02792...

[ MDVSA-2012:099 ] net-snmp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:099 http://www.mandriva.com/security/ Package : net-snmp Date : June 21, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in net-snmp...

[Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities

Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============...

QNAP Turbo NAS Multiple Vulnerabilities - Security Advisory

Sense of Security - Security Advisory - SOS-12-006 Release Date. 13-Jun-2012 Last Update. - Vendor Notification Date. 12-Mar-2012 Product. QNAP Platform. Turbo NAS verified and possibly others Affected versions. Firmware Version: 3.6.1 Build 0302T and prior Severity Rating. High Impact. Exposure ...

FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:04.sysret Security Advisory The FreeBSD Project Topic: Privilege escalation when returning from kernel Category: core Module: sysamd64 Announced: 2012-06-12...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

News Script PHP v1.2 - Multiple Web Vulnerabilites

Title: ====== News Script PHP v1.2 - Multiple Web Vulnerabilites Date: ===== 2012-06-07 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=600 VL-ID: ===== 600 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= Visitor...

Microsoft Internet Explorer multiple security vulnerabilities

Multiple memory corruptions, code executions, information leakage...

QNAP Turbo NAS multiple security vulnerabilities

Information leakage, privilege esclation, system access...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Advisory ID: cisco-sa-20120620-ac Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT +--------------------------------------------------------------------- Summary ======= T...

Commentics 2.0 <= Multiple Vulnerabilities

Commentics 2.0 = Multiple Vulnerabilities Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Commentics is a free, advanced PHP comment script with many features. Professionally written and with open source code, its main aims are to be integrable, customizable and secure."...

Multiple vulnerabilities in web@all

Advisory ID: HTB23094 Product: web@all Vendor: webatall.org Vulnerable Versions: 2.0 downloaded before 30th of May 2012; prior versions may also be vulnerable Tested Version: 2.0 downloaded on 25th of May 2012 Vendor Notification: 30 May 2012 Vendor Patch: 30 May 2012 Public Disclosure: 20 June...

Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability Advisory ID: cisco-sa-20120620-asaipv6 Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT...

snmpd DoS

Crash on request to non-existent extension table entry...