47153 matches found
Asterisk DoS
Crash in Skinny driver...
Checkpoint Endpoint Connect DLL hijacking
It's possible to load user provided library into system process...
HP Server Automation code execution
No description provided...
[SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE
Dear All, Yesterday, Oracle released its Critical Patch Update for Java SE software 1, which incorporates fixes for 3 of more than 20+ security issues that were reported to the company in Apr 2012 2. We would like to inform, that while some of the Proof of Concept codes we developed for the...
[SECURITY] [DSA 2481-1] arpwatch security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2481-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez June 2, 2012 http://www.debian.org/security/faq -...
Sielco Sistemi Winlog Buffer Overflow <= v2.07.14
!/usr/bin/ruby --------------------------------------------- Sielco Sistemi Winlog Buffer Overflow = v2.07.14 - Buffer overflow vulnerability Date: 04.06.2012 --------------------------------------------- - Description Winlog Lite is the entry level version of the SCADA/HMI software Winlog Pro...
ComSndFTP Server Remote Format String Overflow Vulnerability
Title: ComSndFTP Server Remote Format String Overflow Vulnerability Software : ComSndFTP FTP Server Software Version : ComSndFTP 1.3.7 Beta Vendor: http://ftp.comsnd.com/ Vulnerability Published : 2012-06-07 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0,...
ComSndFTP FTP Server format string vulnerability
Format string vulnerability in USER command...
ESRI ArcMap code execution
MXD files may contain VBS scripts...
ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-093 : Pwn2Own Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-093 June 12, 2012 - -- CVE ID: CVE-2012-1876 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...
ZDI-12-089 : HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-089 : HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-089 June 6, 2012 - -- CVE ID: CVE-2011-4164 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
VMWare security vulnerabilities
DoS, memory corruption...
Opera URL spoof
It's possible to trace event when user leaves the site and to spoof site content...
CVE-2012-1661 - ESRI ArcMap arbitrary code execution via crafted map file.
Description: Opening a specially crafted mxd file will execute arbitrary code without prompting and without a crash of the application. This is due to a flaw in the programs ability to prompt a user before executing embedded VBA. Mxd files are not filtered by email systems so this allows a remote...
VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0011 Synopsis: VMware hosted products and ESXi and ESX patches address security issues Issue date: 2012-06-14 Updated on: 2012-06-1...
Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack
Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack ================================================================================ Summary : Checkpoint Endpoint Connect VPN is prone to DLL hijacking Date : 12 June 2012 Affected versions : Endpoint Security VPN R75 Remote Access...
ffmpeg library multiple security vulnerabilities
Multiple security vulnerabilities on Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV parsing...
[SECURITY] [DSA 2494-1] ffmpeg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2494-1 [email protected] http://www.debian.org/security/ Florian Weimer June 14, 2012 http://www.debian.org/security/faq -...
[security bulletin] HPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03366886 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03366886 Version: 1 HPSBMU02790...
[CAL-2012-0015] opera website spoof
CAL-2012-0015 opera website spoof CVE ID: Opera did not assign ,please [email protected] assign CAL ID: CAL-2012-0015 ref: http://blog.vulnhunt.com/index.php/2012/06/14/cal-2012-0015-opera-website-spoof/ 1 Affected Products ================= 11.61 and prior 2 Vulnerability Details ===================...
AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections
Hi all, nevisProxy is a Swiss secure reverse proxy with integrated web application firewall WAF. It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from...
[security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03315912 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03315912 Version: 1 HPSBMU02776...
HP Onboard Administrator multiple security vulnerabilities
Unauthorized access, DoS...
RealNetworks RealPlayer multiple security vulnerabilities
Multiple vulnerabilities on different sofrmats parsing...
ZDI-12-075 : Apple Quicktime RLE Sample Decoding Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-075 : Apple Quicktime RLE Sample Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-075 June 6, 2012 - -- CVE ID: CVE-2012-0668 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Apple...
PHP buffer overflow
Buffer overflow on tar files processing...
ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-090 June 8, 2012 - -- CVE ID: CVE-2012-0297 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
Network Instruments Observer security vulnerabilities
Buffer overflows on SNMP parsing...
ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-084 June 6, 2012 - -- CVE ID: CVE-2012-0926 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...
PHP PDO out-of-boundaures access
Out-of-bounds access via precompiled database request...
ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-085 June 6, 2012 - -- CVE ID: CVE-2011-4261 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
Microsoft IIS protection bypass
Password protection bypass, script files content access...
Microsoft Dynamics AX crossite scripting
Crossite scripting via URLs...
ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-083 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - -- Affected...
ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-078 : Apple QuickTime SVQ3 Codec mbskiprun Parsing Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-12-078 June 6, 2012 - -- CVE ID: CVE-2012-0669 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Apple - --...
Secunia Research: Network Instruments Observer SNMP Processing Buffer Overflows
====================================================================== Secunia Research 07/06/2012 - Network Instruments Observer - - SNMP Processing Buffer Overflows - ====================================================================== Table of Contents Affected...
[SECURITY] [DSA 2492-1] php5 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2492-1 [email protected] http://www.debian.org/security/ Florian Weimer June 10, 2012 http://www.debian.org/security/faq -...
[php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation
php=5.4.3 Parsing Bug in PHP PDO prepared statements may lead to access violation Affected Product: PHP Affected Component: PDO - PHP Data Objects Affected Versions: =5.4.3 latest version and trunk PHP Bug Ref: 61755 Patch: bug61755.diff Discovery Date: Feb...
ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-081 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - --...
ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-076 June 6, 2012 - -- CVE ID: CVE-2012-0659 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Apple...
ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-080 June 6, 2012 - -- CVE ID: CVE-2012-0754 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-079 June 6, 2012 - -- CVE ID: CVE-2012-0665 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors...
Mictosoft Lync multiple security vulnerabilities
Font parsing vulnerabilities, unsafe DLL loading, crossite scripting...
IIS 6.0/7.5 Vulnerabilities [moderate risk] - ISOWAREZ BDAY RELEASE
THIS IS A GENUINE ISOWAREZ RELEASE ------------------------------------------------------------------------------------------------------------------------------------------------------------ Title: Microsoft IIS 6.0 with PHP installed Authentication Bypass Affected software: Microsoft IIS 6.0 wi...
Adobe Flash Player multiple security vulnerabilities
Memory corruptions, protection bypass, crossite scripting...
ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-087 June 6, 2012 - -- CVE ID: CVE-2011-4260 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
Microsoft Remote Desktop memory corruption
Memory corruption on RDP packets processing...
Secunia Research: Network Instruments Observer SNMP OID Processing Denial of Service
====================================================================== Secunia Research 07/06/2012 - Network Instruments Observer - - SNMP OID Processing Denial of Service Vulnerability - ====================================================================== Table of Contents Affected...
ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-092 June 8, 2012 - -- CVE ID: CVE-2011-4247 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-077 June 6, 2012 - -- CVE ID: CVE-2012-0667 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendor...