47153 matches found
[SECURITY] [DSA 2506-1] libapache-mod-security security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...
Wordpress (editormonkey) Arbitrary File Upload Vulnerability
a bug in Wordpress editormonkeythat allows to us to occur a File Upload on a Remote machin. Exploit Title : Wordpress editormonkey Arbitrary File Upload Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://wordpress.org Security Risk : High...
Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities
Title: ====== Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities Date: ===== 2012-06-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=614 VL-ID: ===== 614 Common Vulnerability Scoring System: ==================================== 6.5 Introduction:...
[SECURITY] [DSA 2503-1] bcfg2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2503-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...
Blind SQL Injection in Webmatic
Advisory ID: HTB23096 Product: Webmatic Vendor: valarsoft.com Vulnerable Versions: 3.1.1 and probably prior Tested Version: 3.1.1 Vendor Notification: 13 June 2012 Public Disclosure: 4 July 2012 Vulnerability Type: Blind SQL Injection CVE Reference: CVE-2012-3350 CVSSv2 Base Score: 7.5...
[USN-1473-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1473-1 June 13, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
[USN-1444-1] BackupPC vulnerability
========================================================================== Ubuntu Security Notice USN-1444-1 May 17, 2012 backuppc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: HTTP POST interfaces in the Roller admin/editor console were not protected from CSRF attacks. This issue has been...
[ MDVSA-2012:096-1 ] python
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:096-1 http://www.mandriva.com/security/ Package : python Date : July 2, 2012 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in python: The ssl...
MIT Kerberos 5 kadmind DoS
NULL pointer dereference...
ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-106 June 28, 2012 - -- CVE ID: CVE-2012-3811 - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P - --...
[security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c02931414 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02931414 Version: 1 HPSBPI02794...
NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation
High Risk Vulnerability in Symantec Message Filter 2 July 2012 Ben Williams of NCC Group has discovered a High risk vulnerability in Symantec Message Filter Impact: Session Hijacking via session fixation Versions affected: Symantec Message Filter Version 6.3 An updated version of the software has...
Forum Oxalis 0.1.2 <= SQL Injection Vulnerability
Forum Oxalis 0.1.2 = SQL Injection Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Forum Oxalis is a minimalis GPL PHP forum using CSS." Vendor URI: http://developer.berlios.de/projects/forumoxalis/ Risk-level: High The application is prone to a remote SQL...
IIS Short File/Folder Name Disclosure by using tilde ~ character
Link: http://soroush.secproject.com/downloadable/iistildeshortnamedisclosure.txt Exploit-db link: www.exploit-db.com/exploits/19525/ ---------------------------- Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND...
XSS, Redirector and FPD vulnerabilities in WordPress
Hello 3APA3A! In June I've disclosed vulnerabilities in WordPress, which I'd present for you. They take place in plugin Akismet for WordPress and it's core-plugin since version WP 2.0, so these vulnerabilities concern WordPress itself. This is the first in series of advisories concerning...
plow 0.0.5 <= Buffer Overflow Vulnerability
plow 0.0.5 = Buffer Overflow Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "plow is a command line playlist generator." Vendor URI: http://developer.berlios.de/projects/plow/ Risk-level: Medium The application is prone to a local buffer overflow...
ESA-2012-026: RSA Access Manager Session Replay Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-026: RSA Access Manager Session Replay Vulnerability EMC Identifier: ESA-2012-026 CVE Identifier: CVE-2012-2281 Severity Rating: CVSSv2 Base Score: 6. 8 AV:A/AC:H/Au:N/C:C/I:C/A:C Affected Products: RSA Access Manager Server version 6.0.x RSA...
.Net Framework Tilde Character DoS - Sorry, exploit-db link corrected
Link: http://soroush.secproject.com/downloadable/iistildedos.txt Exploit-db link: www.exploit-db.com/exploits/19575 ---------------------------- Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "The .NET...
Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
a bug in Mybb 1.6.8 'announcements.php' that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://www.mybb.com/ Security Risk...
Webify Product Series - Multiple Web Vulnerabilities
Title: ====== Webify Product Series - Multiple Web Vulnerabilities Date: ===== 2012-06-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=598 VL-ID: ===== 598 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= Webif...
Commentics 2.0 <= Multiple Vulnerabilities
Commentics 2.0 = Multiple Vulnerabilities Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Commentics is a free, advanced PHP comment script with many features. Professionally written and with open source code, its main aims are to be integrable, customizable and secure."...
News Script PHP v1.2 - Multiple Web Vulnerabilites
Title: ====== News Script PHP v1.2 - Multiple Web Vulnerabilites Date: ===== 2012-06-07 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=600 VL-ID: ===== 600 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= Visitor...
QNAP Turbo NAS multiple security vulnerabilities
Information leakage, privilege esclation, system access...
traq-2.3.5_CSRF_XSS_SQL_INjeCTION_vulns
==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...
ClamAV antivirus multiple security vulnerabilities
Vulnerabilitie on TAR and CHM parsing...
FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:04.sysret Security Advisory The FreeBSD Project Topic: Privilege escalation when returning from kernel Category: core Module: sysamd64 Announced: 2012-06-12...
FreeBSD kernel privilege escalation
Privilege escalation on susret on some CPUs...
Cisco Application Control Engine privilege escalation
Context administrator can access wrong context...
Lattice Diamond Programmer buffer overflow
Code execution via .xcf files...
Multiple vulnerabilities in web@all
Advisory ID: HTB23094 Product: web@all Vendor: webatall.org Vulnerable Versions: 2.0 downloaded before 30th of May 2012; prior versions may also be vulnerable Tested Version: 2.0 downloaded on 25th of May 2012 Vendor Notification: 30 May 2012 Vendor Patch: 30 May 2012 Public Disclosure: 20 June...
Microsoft Internet Explorer multiple security vulnerabilities
Multiple memory corruptions, code executions, information leakage...
Western Digital ShareSpace information leakage
It's possible to access configuration files via Web interface...
Cisco ASA DoS
It's possible to reboot device remotely...
Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability Advisory ID: cisco-sa-20120620-asaipv6 Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT...
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876)
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow MS12-037 / CVE-2012-1876 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by...
VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875)
VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free MS12-037 / CVE-2012-1875 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by...
QNAP Turbo NAS Multiple Vulnerabilities - Security Advisory
Sense of Security - Security Advisory - SOS-12-006 Release Date. 13-Jun-2012 Last Update. - Vendor Notification Date. 12-Mar-2012 Product. QNAP Platform. Turbo NAS verified and possibly others Affected versions. Firmware Version: 3.6.1 Build 0302T and prior Severity Rating. High Impact. Exposure ...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Advisory ID: cisco-sa-20120620-ac Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT +--------------------------------------------------------------------- Summary ======= T...
snmpd DoS
Crash on request to non-existent extension table entry...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[ MDVSA-2012:099 ] net-snmp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:099 http://www.mandriva.com/security/ Package : net-snmp Date : June 21, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in net-snmp...
[security bulletin] HPSBMU02792 SSRT100820 rev.1 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03377648 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03377648 Version: 1 HPSBMU02792...
SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure
SEC Consult Vulnerability Lab Security Advisory 20120618-0 ======================================================================= title: WD ShareSpace WEB GUI Sensitive Data Disclosure product: WD ShareSpace network storage system vulnerable version: WD ShareSpace = v2.3.02 D and E series fixed...
HP Business Service Management multiple security vulnerabilities
Information leakage, unauthorized access, DoS...
SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass
SEC Consult Vulnerability Lab Security Advisory 20120618-1 ======================================================================= title: Airlock WAF overlong UTF-8 sequence bypass product: Airlock vulnerable version: = 4.2.4 without hotfix HF4213 fixed version: 4.2.5 impact: critical homepage:...
VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037)
VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free MS12-037 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft an...
Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability Advisory ID: cisco-sa-20120620-ace Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT +---------------------------------------------------------------------...
CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Lattice Diamond Programmer Buffer Overflow 1. Advisory Information Title: Lattice Diamond Programmer Buffer Overflow Advisory ID: CORE-2012-0530 Advisory URL:...
Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007
Sense of Security - Security Advisory - SOS-12-007 Release Date. 14-Jun-2012 Last Update. - Vendor Notification Date. 02-Apr-2012 Product. Squiz CMS Platform. Independent Affected versions. Squiz 4.6.3 verified and possibly others Severity Rating. Medium Impact. Exposure of session information...