47153 matches found
Secunia Research: Network Instruments Observer SNMP Processing Buffer Overflows
====================================================================== Secunia Research 07/06/2012 - Network Instruments Observer - - SNMP Processing Buffer Overflows - ====================================================================== Table of Contents Affected...
PHP PDO out-of-boundaures access
Out-of-bounds access via precompiled database request...
ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-083 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - -- Affected...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Buffer overflows, memory corruptions, use-after-free, code executions, privilege escalations...
[SECURITY] [DSA 2492-1] php5 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2492-1 [email protected] http://www.debian.org/security/ Florian Weimer June 10, 2012 http://www.debian.org/security/faq -...
CVE-2012-0217
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:04.sysret Security Advisory The FreeBSD Project Topic: Privilege escalation when returning from kernel Category: core Module: sysamd64 Announced: 2012-06-12...
ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-087 June 6, 2012 - -- CVE ID: CVE-2011-4260 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
PostgreSQL security vulnerabilities
DoS, weak crypt implementation...
[USN-1467-1] MySQL vulnerabilities
========================================================================== Ubuntu Security Notice USN-1467-1 June 11, 2012 mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities ========================================================================== A security issue affects these...
Apple iTunes security vulnerabilities
Buffer overflow on .m3u parsing, buffer overflow in embedded browser...
MySQL authentication vulnerability
Invalid hash calculation under some platforms allows access without password knowledge...
APPLE-SA-2012-06-11-1 iTunes 10.6.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-06-11-1 iTunes 10.6.3 iTunes 10.6.3 is now available and addresses the following: iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: Importing a maliciously crafted .m3u playlist may lead to an...
US-CERT Alert TA12-156A -- Microsoft Windows Unauthorized Digital Certificates
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA12-156A Microsoft Windows Unauthorized Digital Certificates Original release date: June 04, 2012 Last revised: -- Source: US-CERT Systems Affected All supported versions of Microsoft Windows...
Microsoft certificates vulnerability
Terminal Services activation certificate may be used to sign code on behalf of Microsoft...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SECURITY] [DSA 2477-1] sympa security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2477-1 [email protected] http://www.debian.org/security/ Florian Weimer May 20, 2012 http://www.debian.org/security/faq -...
Ganesha Digital Library 4.0 Multiple Vulnerabilities
===================================================== Ganesha Digital Library 4.0 Multiple Vulnerabilities ===================================================== :---------------------------------------------------------------------------------------------------------------------------------------...
Guests can view names and emailadresses of all Liferay users in liferay 6.1
Guests can view names and emailadresses of all Liferay users in liferay 6.1 Description: Liferay Portal is an enterprise portal written in Java As an unauthenticated user it is possible to retrieve the names and email adresses of all Liferay users. To retrieve a list of all users simply issue the...
Multiple xss issues in Liferay
Multiple xss issues in Liferay Description: Liferay Portal is an enterprise portal written in Java Multiple xss vulnerabilities where found in liferay. Because liferay has a "remember me" option in their login screen that stores an encrypted password in a cookie this is more problematic than it...
[SECURITY] [DSA 2480-2] request-tracker3.8 regression update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2480-2 [email protected] http://www.debian.org/security/ Florian Weimer May 29, 2012 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2480-1] request-tracker3.8 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2480-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2012 http://www.debian.org/security/faq -...
Multiple vulnerabilities in Pligg CMS
Advisory ID: HTB23089 Product: Pligg CMS Vendor: Pligg, LLC. Vulnerable Versions: 1.2.1 and probably prior Tested Version: 1.2.1 Vendor Notification: 25 April 2012 Vendor Patch: 18 May 2012 Public Disclosure: 23 May 2012 Vulnerability Type: Local File Inclusion, Cross-Site Scripting XSS CVE...
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
Title ----- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection Severity -------- High Date Discovered --------------- April 12, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Chris Graham and r@b13$ Vulnerability Description...
Acuity CMS 2.6.x <= Arbitrary File Upload
OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION Acuity...
HP Diagnostics Server buffer overflow
Buffer overflow on TCP/23472 request parsing...
[security bulletin] HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03216705 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03216705 Version: 1 HPSBMU02785...
Liferay 6.1 can be compromised without having an account on the portal
Liferay 6.1 can be compromised without having an account on the portal Description: Liferay Portal is an enterprise portal written in Java Liferay in it's default configuration exposes a number of remotely accessible webservices. Access to these services is restricted by an ip block. It is possib...
Liferay 6.1 json webservices are subject to cross-site request forgery attacks
Liferay 6.1 json webservices are subject to cross-site request forgery attacks Description: Liferay Portal is an enterprise portal written in Java If a user is currently logged in to the portal or has ticked the remember me box then with a little help of social engineering like sending a link via...
Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access
OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is...
[SECURITY] [DSA 2483-1] strongswan security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2483-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez May 31, 2012 http://www.debian.org/security/faq -...
strongswan authentication bypass
Invalid authentication data check if gmp plugin is used...
Multiple XSS in pragmaMx
Advisory ID: HTB23090 Product: pragmaMx Vendor: pragmaMx Team Vulnerable Versions: 1.12.1 and probably prior Tested Version: 1.12.1 Vendor Notification: 2 May 2012 Vendor Patch: 4 May 2012 Public Disclosure: 23 May 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-2452...
DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass
Title ----- DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass Severity -------- High Date Discovered --------------- April 2, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description...
[SECURITY] [DSA 2474-1] ikiwiki security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2474-1 [email protected] http://www.debian.org/security/ Raphael Geissert May 16, 2012 http://www.debian.org/security/faq -...
Новая XSS уязвимость в Yandex.Server
Здравствуйте 3APA3A! Сообщаю вам о новой Cross-Site Scripting уязвимости в Yandex.Server Яндекс.Сервер. Ранее я уже сообщал о других XSS в Yandex.Server CVE-2007-3485 и в 2007 году о них сообщал Яндексу. Который должен был исправить уязвимости и не допускать новых. Но Яндекс с этим не справился и...
Mapserver for Windows (MS4W) Remote Code Execution
------------------- 1 Overview Title: Mapserver for Windows MS4W Remote Code Execution Product: Mapserver for Windows MS4W Product URL: http://maptools.org/ms4w/ Vendor: Gateway Geomatics Affected Versions: =3.0.4 through 2.0 Unaffected Versions: 2.0 CVE-ID: CVE-2012-2950 Vendor notified:...
script-fu buffer overflow in GIMP 2.6
Vulnerability Summary ================= There is a buffer overflow in the script-fu server component of GIMP the GNU Image Manipulation Program in all 2.6 versions Windows and Linux versions affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu serv...
b2ePMS 1.0 Authentication Bypass Vulnerability
b2ePMS 1.0 Authentication Bypass Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor Information: "b2ePMS stands for Browser to Email Phone Message System. It is intended to replace the standard paper/carbon phone message slips commonly used in offices, with the capability o...
CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF)
Social Engine 4.2.2 Multiples Vulnerabilities Earlier versions are also possibly vulnerable. INFORMATION Product: Social Engine 4.2.2 Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Discovered by: Tiago Natel de Moura aka "i4k" Discovered at: 10/04/2012 CVE Notified: 10/04/2012 CVE...
Liferay users can assign themselves to organizations, leading to possible privilege escalation
Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any...
Multiple vulnerabilities in LogAnalyzer
Advisory ID: CSA-12005 Title: Multiple vulnerabilities in LogAnalyzer Product: LogAnalyzer Version: 3.4.2 and probably prior Vendor: adiscon.com Vulnerability type: SQL injection, XSS, Arbitrary File Read Risk level: 2 / 3 Credit: www.codseq.it CVE: Vendor notification: 2012-05-21 Public...
Cisco IOS XR DoS
DoS on malcrafted packets...
AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability
Asterisk Project Security Advisory - AST-2012-008 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 22, 2012 Reported By Christoph Hebeisen...
FreeBSD crypt() implementation vulnerability
8-bit characters are ignored during DES hash calculation...
AST-2012-007: Remote crash vulnerability in IAX2 channel driver.
Asterisk Project Security Advisory - AST-2012-007 Product Asterisk Summary Remote crash vulnerability in IAX2 channel driver. Nature of Advisory Remote crash Susceptibility Established calls Severity Moderate Exploits Known No Reported On March 21, 2012 Reported By mgrobecker Posted On May 29, 20...
Asterisk security vulnerabilities
DoS conditions on Skinny and IAX2 parsing...
2 Buffer Overflows in Wireless Manager Sony VAIO
Advisory ID: HTB23063 Product: Wireless Manager Sony VAIO Vendor: Sony Computers Vulnerable Versions: 4.0.0.0 and probably prior Tested Version: 4.0.0.0 Vendor Notification: 7 December 2011 Vendor Patch: 20 January 2012 Public Disclosure: 30 May 2012 Vulnerability Type: Buffer Overflow CVE...
Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco IOS XR Software Route Processor Denial of Service Vulnerability Advisory ID: cisco-sa-20120530-iosxr Revision 1.0 For Public Release 2012 May 30 16:00 UTC GMT +--------------------------------------------------------------------- Summary =====...
ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities. EMC Identifier: ESA-2012-020 CVE Identifier: CVE-2012-0409 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC AutoStart 5.3.x EMC AutoStart...
Sony VAIO Wireless Manager ActiveX security vulnerabilities
Few different buffer overflows...