47153 matches found
ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-081 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - --...
ISC bind DoS
Crash on zero length RADTA processing...
ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-083 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - -- Affected...
ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-090 June 8, 2012 - -- CVE ID: CVE-2012-0297 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-080 June 6, 2012 - -- CVE ID: CVE-2012-0754 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-078 : Apple QuickTime SVQ3 Codec mbskiprun Parsing Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-12-078 June 6, 2012 - -- CVE ID: CVE-2012-0669 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Apple - --...
ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-079 June 6, 2012 - -- CVE ID: CVE-2012-0665 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors...
ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-092 June 8, 2012 - -- CVE ID: CVE-2011-4247 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
[USN-1467-1] MySQL vulnerabilities
========================================================================== Ubuntu Security Notice USN-1467-1 June 11, 2012 mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities ========================================================================== A security issue affects these...
MySQL authentication vulnerability
Invalid hash calculation under some platforms allows access without password knowledge...
APPLE-SA-2012-06-11-1 iTunes 10.6.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-06-11-1 iTunes 10.6.3 iTunes 10.6.3 is now available and addresses the following: iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: Importing a maliciously crafted .m3u playlist may lead to an...
Apple iTunes security vulnerabilities
Buffer overflow on .m3u parsing, buffer overflow in embedded browser...
Microsoft certificates vulnerability
Terminal Services activation certificate may be used to sign code on behalf of Microsoft...
US-CERT Alert TA12-156A -- Microsoft Windows Unauthorized Digital Certificates
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA12-156A Microsoft Windows Unauthorized Digital Certificates Original release date: June 04, 2012 Last revised: -- Source: US-CERT Systems Affected All supported versions of Microsoft Windows...
Multiple vulnerabilities in Pligg CMS
Advisory ID: HTB23089 Product: Pligg CMS Vendor: Pligg, LLC. Vulnerable Versions: 1.2.1 and probably prior Tested Version: 1.2.1 Vendor Notification: 25 April 2012 Vendor Patch: 18 May 2012 Public Disclosure: 23 May 2012 Vulnerability Type: Local File Inclusion, Cross-Site Scripting XSS CVE...
Multiple vulnerabilities in LogAnalyzer
Advisory ID: CSA-12005 Title: Multiple vulnerabilities in LogAnalyzer Product: LogAnalyzer Version: 3.4.2 and probably prior Vendor: adiscon.com Vulnerability type: SQL injection, XSS, Arbitrary File Read Risk level: 2 / 3 Credit: www.codseq.it CVE: Vendor notification: 2012-05-21 Public...
Acuity CMS 2.6.x <= Arbitrary File Upload
OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION Acuity...
[SECURITY] [DSA 2480-2] request-tracker3.8 regression update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2480-2 [email protected] http://www.debian.org/security/ Florian Weimer May 29, 2012 http://www.debian.org/security/faq -...
Multiple XSS in pragmaMx
Advisory ID: HTB23090 Product: pragmaMx Vendor: pragmaMx Team Vulnerable Versions: 1.12.1 and probably prior Tested Version: 1.12.1 Vendor Notification: 2 May 2012 Vendor Patch: 4 May 2012 Public Disclosure: 23 May 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-2452...
HP Diagnostics Server buffer overflow
Buffer overflow on TCP/23472 request parsing...
b2ePMS 1.0 Authentication Bypass Vulnerability
b2ePMS 1.0 Authentication Bypass Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor Information: "b2ePMS stands for Browser to Email Phone Message System. It is intended to replace the standard paper/carbon phone message slips commonly used in offices, with the capability o...
[security bulletin] HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03216705 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03216705 Version: 1 HPSBMU02785...
Guests can view names and emailadresses of all Liferay users in liferay 6.1
Guests can view names and emailadresses of all Liferay users in liferay 6.1 Description: Liferay Portal is an enterprise portal written in Java As an unauthenticated user it is possible to retrieve the names and email adresses of all Liferay users. To retrieve a list of all users simply issue the...
Liferay 6.1 can be compromised without having an account on the portal
Liferay 6.1 can be compromised without having an account on the portal Description: Liferay Portal is an enterprise portal written in Java Liferay in it's default configuration exposes a number of remotely accessible webservices. Access to these services is restricted by an ip block. It is possib...
Новая XSS уязвимость в Yandex.Server
Здравствуйте 3APA3A! Сообщаю вам о новой Cross-Site Scripting уязвимости в Yandex.Server Яндекс.Сервер. Ранее я уже сообщал о других XSS в Yandex.Server CVE-2007-3485 и в 2007 году о них сообщал Яндексу. Который должен был исправить уязвимости и не допускать новых. Но Яндекс с этим не справился и...
CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF)
Social Engine 4.2.2 Multiples Vulnerabilities Earlier versions are also possibly vulnerable. INFORMATION Product: Social Engine 4.2.2 Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Discovered by: Tiago Natel de Moura aka "i4k" Discovered at: 10/04/2012 CVE Notified: 10/04/2012 CVE...
DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass
Title ----- DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass Severity -------- High Date Discovered --------------- April 2, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description...
Ganesha Digital Library 4.0 Multiple Vulnerabilities
===================================================== Ganesha Digital Library 4.0 Multiple Vulnerabilities ===================================================== :---------------------------------------------------------------------------------------------------------------------------------------...
script-fu buffer overflow in GIMP 2.6
Vulnerability Summary ================= There is a buffer overflow in the script-fu server component of GIMP the GNU Image Manipulation Program in all 2.6 versions Windows and Linux versions affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu serv...
Multiple xss issues in Liferay
Multiple xss issues in Liferay Description: Liferay Portal is an enterprise portal written in Java Multiple xss vulnerabilities where found in liferay. Because liferay has a "remember me" option in their login screen that stores an encrypted password in a cookie this is more problematic than it...
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
Title ----- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection Severity -------- High Date Discovered --------------- April 12, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Chris Graham and r@b13$ Vulnerability Description...
Mapserver for Windows (MS4W) Remote Code Execution
------------------- 1 Overview Title: Mapserver for Windows MS4W Remote Code Execution Product: Mapserver for Windows MS4W Product URL: http://maptools.org/ms4w/ Vendor: Gateway Geomatics Affected Versions: =3.0.4 through 2.0 Unaffected Versions: 2.0 CVE-ID: CVE-2012-2950 Vendor notified:...
[SECURITY] [DSA 2474-1] ikiwiki security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2474-1 [email protected] http://www.debian.org/security/ Raphael Geissert May 16, 2012 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SECURITY] [DSA 2477-1] sympa security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2477-1 [email protected] http://www.debian.org/security/ Florian Weimer May 20, 2012 http://www.debian.org/security/faq -...
Liferay 6.1 json webservices are subject to cross-site request forgery attacks
Liferay 6.1 json webservices are subject to cross-site request forgery attacks Description: Liferay Portal is an enterprise portal written in Java If a user is currently logged in to the portal or has ticked the remember me box then with a little help of social engineering like sending a link via...
Liferay users can assign themselves to organizations, leading to possible privilege escalation
Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any...
Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access
OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is...
[SECURITY] [DSA 2480-1] request-tracker3.8 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2480-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2012 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2483-1] strongswan security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2483-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez May 31, 2012 http://www.debian.org/security/faq -...
strongswan authentication bypass
Invalid authentication data check if gmp plugin is used...
WinRADIUS buffer overflow
Buffer overflow on oversized password option...
Sony VAIO Wireless Manager ActiveX security vulnerabilities
Few different buffer overflows...
tftpd32 buffer overflow
Buffer overflow in embedded DNS server...
WinRadius Server Denial Of Service Vulnerability
Title: WinRadius Server Denial Of Service Vulnerability Software : WinRadius Software Version : v2009 Vendor: http://www.elite-school.com/saas/WinRadius/ Vulnerability Published : 2012-05-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug...
Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco IOS XR Software Route Processor Denial of Service Vulnerability Advisory ID: cisco-sa-20120530-iosxr Revision 1.0 For Public Release 2012 May 30 16:00 UTC GMT +--------------------------------------------------------------------- Summary =====...
Tftpd32 DNS Server Denial Of Service Vulnerability
Title: Tftpd32 DNS Server Denial Of Service Vulnerability Software : Tftpd32 Software Version : v4.00 Vendor: http://tftpd32.jounin.net/ Vulnerability Published : 2012-05-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug Description : Tftpd32 ...
AST-2012-007: Remote crash vulnerability in IAX2 channel driver.
Asterisk Project Security Advisory - AST-2012-007 Product Asterisk Summary Remote crash vulnerability in IAX2 channel driver. Nature of Advisory Remote crash Susceptibility Established calls Severity Moderate Exploits Known No Reported On March 21, 2012 Reported By mgrobecker Posted On May 29, 20...
ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities. EMC Identifier: ESA-2012-020 CVE Identifier: CVE-2012-0409 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC AutoStart 5.3.x EMC AutoStart...
2 Buffer Overflows in Wireless Manager Sony VAIO
Advisory ID: HTB23063 Product: Wireless Manager Sony VAIO Vendor: Sony Computers Vulnerable Versions: 4.0.0.0 and probably prior Tested Version: 4.0.0.0 Vendor Notification: 7 December 2011 Vendor Patch: 20 January 2012 Public Disclosure: 30 May 2012 Vulnerability Type: Buffer Overflow CVE...