Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability Advisory ID: cisco-sa-20120620-asaipv6 Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT...

libxml off-by-one

No description provided...

ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-095 June 21, 2012 - -- CVE ID: CVE-2012-0663 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors...

HP Data Protector Express multiple security vulnerabilities

DoS, code execution...

ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-099 June 21, 2012 - -- CVE ID: CVE-2011-4165 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...

ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-094 June 21, 2012 - -- CVE ID: CVE-2012-0942 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

RealNetworks Helix Server code execution

Code execution during rn5auth authentication process...

ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-097 June 21, 2012 - -- CVE ID: CVE-2012-0121 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

HP DataDirect OpenAccess security vulnerabilities

Few buffer overflows on traffic parsing...

[ MDVSA-2012:098 ] libxml2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:098 http://www.mandriva.com/security/ Package : libxml2 Date : June 21, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in libxml2: ...

ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-100 June 21, 2012 - -- CVE ID: CVE-2012-0127 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

HP Performance Manager security vulnerabilities

DoS, code execution...

ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-098 June 21, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...

ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-096 June 21, 2012 - -- CVE ID: CVE-2012-0122 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

[Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities

Title: ====== eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=575 VL-ID: ===== 575 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...

DT, XSS and FPD vulnerabilities in Organizer for WordPress

Hello 3APA3A! After previous vulnerabilities in plugin Organizer, I'll present five more security vulnerabilities in plugin Organizer for WordPress. This is the fourth in series of advisories concerning vulnerabilities in this plugin. These are Directory Traversal, Cross-Site Scripting and Full...

Interspire Shopping Cart v6 - Multiple Web Vulnerabilities

Title: ====== Interspire Shopping Cart v6 - Multiple Web Vulnerabilities Date: ===== 2012-06-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=593 VL-ID: ===== 593 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

QuickBlog v0.8 CMS - Multiple Web Vulnerabilities

Title: ====== QuickBlog v0.8 CMS - Multiple Web Vulnerabilities Date: ===== 2012-05-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=567 VL-ID: ===== 567 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= QuickBlo...

Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities

Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============...

ADICO CMS v1.1 - Blind SQL Injection Vulnerability

Title: ====== ADICO CMS v1.1 - Blind SQL Injection Vulnerability Date: ===== 2012-05-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=582 VL-ID: ===== 582 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ============= ADICO i...

Arbitrary File Upload/Execution in Collabtive

TITLE: Arbitrary File Upload/Execution in Collabtive DATE: 06-04-2012 PRODUCT: Collabtive Web-Based Project Management Software http://collabtive.o-dyn.de/ VERSIONS: 0.7.5, 0.6.1 confirmed. All versions = 0.7.5 probable RESEARCHER: Mark Hoopes [email protected]/ ADDITIONAL INFORMATION:...

Multiple vulnerabilities in TinyWebGallery

Advisory ID: HTB23093 Product: TinyWebGallery Vendor: www.tinywebgallery.com Vulnerable Versions: 1.8.7 and probably prior Tested Version: 1.8.7 Vendor Notification: 23 May 2012 Vendor Patch: 24 May 2012 Public Disclosure: 13 June 2012 Vulnerability Type: Сross-Site Request Forgery CSRF, Arbitrar...

Jobs Portal v3.0 NetArtMedia - Multiple Web Vulnerabilites

Title: ====== Jobs Portal v3.0 NetArtMedia - Multiple Web Vulnerabilites Date: ===== 2012-06-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=595 VL-ID: ===== 595 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities

Title: ====== Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities Date: ===== 2012-06-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=592 VL-ID: ===== 592 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...

[SECURITY] [DSA 2485-1] imp4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2485-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 3, 2012 http://www.debian.org/security/faq -...

Vulnerabilities in JW Player and millions of web sites

Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player. These are Content Spoofing and Cross-Site Scripting vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are JW Player 5.9.2156 and 5.9.2206, except one vulnerability and...

Boonex Dolphin v7.0.9 CMS & Mobile App - Multiple Web Vulnerabilities

Title: ====== Boonex Dolphin v7.0.9 CMS - Multiple Web Vulnerabilities Date: ===== 2012-05-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=565 http://www.vulnerability-lab.com/getcontent.php?id=566 ID: Changeset 16256 VL-ID: ===== 565 Common Vulnerability Scoring...

Simple Forum PHP 2.1 - SQL Injection Vulnerabilities

Title: ====== Simple Forum PHP 2.1 - SQL Injection Vulnerabilities Date: ===== 2012-06-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=599 VL-ID: ===== 599 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= Simpl...

Nuked Klan SP CMS v4.5 - SQL injection Vulnerability

Title: ====== Nuked Klan SP CMS v4.5 - SQL injection Vulnerability Date: ===== 2012-06-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=610 VL-ID: ===== 610 Common Vulnerability Scoring System: ==================================== 8 Introduction: =============...

iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites

Title: ====== iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites Date: ===== 2012-06-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=588 VL-ID: ===== 588 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0

================ 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI 2011R3.0 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple reflected XSS vulnerabilities exist within Nagios XI 2011R3....

SQL injection in Serendipity

Advisory ID: HTB23092 Product: Serendipity Vendor: Serendipity Team Vulnerable Versions: 1.6.1 and probably prior Tested Version: 1.6.1 Vendor Notification: 16 May 2012 Vendor Patch: 16 May 2012 Public Disclosure: 6 June 2012 Vulnerability Type: SQL injection CVE Reference: CVE-2012-2762 CVSSv2...

Cells Blog CMS v1.1 - Multiple Web Vulnerabilites

Title: ====== Cells Blog CMS v1.1 - Multiple Web Vulnerabilites Date: ===== 2012-06-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=591 VL-ID: ===== 591 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ============= Cells-bl...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

MYRE Real Estate Mobile 2012|2 - Multiple Vulnerabilities

Title: ====== MYRE Real Estate Mobile 2012|2 - Multiple Vulnerabilities Date: ===== 2012-05-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=516 VL-ID: ===== 516 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...

SQL injection in Bigware shop software

The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...

Checkpoint Endpoint Connect DLL hijacking

It's possible to load user provided library into system process...

Asterisk DoS

Crash in Skinny driver...

[ MDVSA-2012:087 ] nut

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:087 http://www.mandriva.com/security/ Package : nut Date : June 5, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in nut: Buffer...

HP Onboard Administrator multiple security vulnerabilities

Unauthorized access, DoS...

Sielco Sistemi Winlog buffer overflow

Buffer overflow on TCP/46824 traffic parsing...

ESRI ArcMap code execution

MXD files may contain VBS scripts...

IObit Protected Folder protection bypass

It's possible to bypass protection, e.g. by changing return value of password checking function...

[CAL-2012-0015] opera website spoof

CAL-2012-0015 opera website spoof CVE ID: Opera did not assign ,please [email protected] assign CAL ID: CAL-2012-0015 ref: http://blog.vulnhunt.com/index.php/2012/06/14/cal-2012-0015-opera-website-spoof/ 1 Affected Products ================= 11.61 and prior 2 Vulnerability Details ===================...

AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 30, 2012 Reported By Christoph Hebeisen,...

VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0011 Synopsis: VMware hosted products and ESXi and ESX patches address security issues Issue date: 2012-06-14 Updated on: 2012-06-1...

ffmpeg library multiple security vulnerabilities

Multiple security vulnerabilities on Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV parsing...

[SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE

Dear All, Yesterday, Oracle released its Critical Patch Update for Java SE software 1, which incorporates fixes for 3 of more than 20+ security issues that were reported to the company in Apr 2012 2. We would like to inform, that while some of the Proof of Concept codes we developed for the...

Opera URL spoof

It's possible to trace event when user leaves the site and to spoof site content...

AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

Hi all, nevisProxy is a Swiss secure reverse proxy with integrated web application firewall WAF. It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from...