47153 matches found
tftpd32 buffer overflow
Buffer overflow in embedded DNS server...
Tftpd32 DNS Server Denial Of Service Vulnerability
Title: Tftpd32 DNS Server Denial Of Service Vulnerability Software : Tftpd32 Software Version : v4.00 Vendor: http://tftpd32.jounin.net/ Vulnerability Published : 2012-05-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug Description : Tftpd32 ...
WinRadius Server Denial Of Service Vulnerability
Title: WinRadius Server Denial Of Service Vulnerability Software : WinRadius Software Version : v2009 Vendor: http://www.elite-school.com/saas/WinRadius/ Vulnerability Published : 2012-05-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug...
WinRADIUS buffer overflow
Buffer overflow on oversized password option...
FreeBSD Security Advisory FreeBSD-SA-12:02.crypt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:02.crypt Security Advisory The FreeBSD Project Topic: Incorrect crypt hashing Category: core Module: libcrypt Announced: 2012-05-30 Credits: Rubin Xu, Joseph...
FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability
Title: FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability Software : FlashPeak SlimBrowser Software Version : 6.0.1.38 Vendor: FlashPeak Inc.www.flashpeak.com/ Vulnerability Published : 2012-05-16 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0,...
HP OpenVMS ACMELOGIN privilege escalation
No description provided...
PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
?php www.bugreport.ir Title: PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version Vendor: http://www.php.net Vulnerable Version: PHP up to version 5.3.12 and 5.4.2 Exploitation: Remote Original Advisory: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ Original Exploit URL:...
FlashPeak SlimBrowser buffer overflow
Buffer overflow via TITLE tag...
PHP multiple security vulnerabilities
DoS conditions, code execution, SQL injections...
[PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem
PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2012-03 Released on: 10 May 2012 Affected product: Linux Kernel 3.3.x = 3.3.4 2.6.x = 2.6.35.13 Impact: code execution / privilege escalation Origin: HFS plus file system Credit: Timo Warns PRESENSE Technologies GmbH CVE...
Pidgin otr plugin format string vulnerability
No description provided...
[SECURITY] [DSA 2476-1] pidgin-otr security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2476-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire May 19, 2012 http://www.debian.org/security/faq -...
Linux kernel multiple security vulnerabilities
DoS conditions, protection bypass, buffer overflow...
The story of the Linux kernel 3.x...
The story of the Linux kernel 3.x... In 2005 everybody was exited about possibility of bypass ASLR on all Linux 2.6 kernels because of the new concept called VDSO Virtual Dynamic Shared Object. More information about this story can be found at the following link:...
[security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized
Access and Increased Privileges -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03333494 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID:...
sudo protection bypass
It's possible to bypass IP limitations...
SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-2149
SEC Consult Vulnerability Lab Security Advisory 20120518-0 ======================================================================= title: libwpd WPXContentListener::closeTableRow memory overwrite product: OpenOffice.org vulnerable version: 3.3.0/3.4 Beta 1 and probably earlier versions fixed...
OpenSSL DoS
Invalid memory dereference in CBC mode...
CVE-2012-2149 OpenOffice.org memory overwrite vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2012-2149 OpenOffice.org memory overwrite vulnerability Reference: http://www.openoffice.org/security/cves/CVE-2012-2149.html Severity: Important Vendor: The Apache Software Foundation Versions Affected: OpenOffice.org 3.3 and 3.4 Beta, on all...
Apple Quicktime Memory Corruption (CVE-2012-0671)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Qualys Vulnerability & Malware Research Labs VMRL http://www.qualys.com http://www.dissect.pe Memory corruption when Apple Quicktime parsers .pct file CVE-2012-0671 INTRODUCTION Apple Quicktime does not properly parse .pct media files, which causes a...
CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object Reference: http://www.openoffice.org/security/cves/CVE-2012-1149.html Severity: Important Vendor: The Apache Software...
CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0 Reference: http://www.openoffice.org/security/cves/CVE-2012-2334.html Severity: Important Vendor: The Apache Software Foundation Versions Affected:...
[SECURITY] [DSA-2471-1] ffmpeg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2471-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2012 http://www.debian.org/security/faq -...
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-15-1 QuickTime 7.7.2 QuickTime 7.7.2 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application...
OpenOffice multiple security vulnerabilities
Multiple memory corruptions...
SAP NetWeaver multiple security vulnerabilities
Multiple vulnerabilities in Dispatcher service...
Apache POI memory exhaustion
Memory exhaustion on Microsoft Word documents processing...
chevreto_XSS_file_existence_enum_vulns
======================================================================================== Vulnerable Software: Chevereto upload script Downloaded from: http://code.google.com/p/chevereto/downloads/list http://code.google.com/p/chevereto/downloads/detail?name=cheveretonb1.91.zip&can=2&q= Official...
Adobe Photoshop CS5.1 U3D.8BI Library Collada Asset Elements Stack Based Buffer Overflow Vulnerability
Adobe Photoshop CS5.1 U3D.8BI Library Collada Asset Elements Stack Based Buffer Overflow Vulnerability download url of a test version: http://www.adobe.com/cfusion/tdrc/index.cfm?product=photoshop Note: Found three weeks before the CS6 release. I could not reproduce against CS6, cannot say if the...
CORE-2012-0123 - SAP Netweaver Dispatcher Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Dispatcher Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL:...
[USN-1439-1] Horizon vulnerabilities
========================================================================== Ubuntu Security Notice USN-1439-1 May 07, 2012 horizon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-1438-1] Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1438-1 May 03, 2012 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Drupal 7.14 <= Full Path Disclosure Vulnerability
Drupal 7.14 = Full Path Disclosure Vulnerability Discovered by: Jean Pascal Pereira [email protected] About Drupal: "Drupal is an open source content management platform powering millions of websites and applications. It's built, used, and supported by an active and diverse community of people...
EMC Documentum Information Rights Management Server DoS
Few different DoS conditions...
ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities. EMC Identifier: ESA-2012-019 CVE Identifiers: CVE-2012-2276, CVE-2012-2277 Severity Rating: CVSS v2 Base Score: 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C Affected products: EMC...
[SECURITY] [DSA 2469-1] linux-2.6 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2469-1 [email protected] http://www.debian.org/security/ Dann Frazier May 10, 2012 http://www.debian.org/security/faq -...
Adobe Photoshop security vulnerabilities
Memory corruptions on files processing...
[USN-1436-1] Libtasn1 vulnerability
========================================================================== Ubuntu Security Notice USN-1436-1 May 02, 2012 libtasn1-3 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] [DSA 2466-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2466-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 09, 2012 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2468-1] libjakarta-poi-java security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2468-1 [email protected] http://www.debian.org/security/ Florian Weimer May 09, 2012 http://www.debian.org/security/faq -...
libtasn1 / GnuTLS memory corruption
Memory corruption on some malformed values...
Nova DoS
Resources exhaustion via oversized username. Resources exhaustion by quota limitatations bypass...
[ MDVSA-2012:071 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:071 http://www.mandriva.com/security/ Package : php Date : May 10, 2012 Affected: Enterprise Server 5.0 Problem Description: This is a bugfix and security advisory that upgrades php to the latest 5.3.13...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[ MDVSA-2012:070 ] samba
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:070 http://www.mandriva.com/security/ Package : samba Date : May 4, 2012 Affected: 2010.1, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in samba: A file existence...
Samba file existance check
It's possible to check file existance by error message of mount.cifs...
[security bulletin] HPSBMU02770 SSRT100848 rev.1 - HP Insight Management Agents for Windows Server, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), URL Redirection, Unauthorized Modification, Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03301267 Version: 1 HPSBMU02770 SSRT100848 rev.1 - HP Insight Management Agents for Windows Server, Remote Cross Site Request Forgery CSRF, Cross Site Scripting XSS, URL Redirection, Unauthorized...
Local File Inclusion in PluXml
Advisory ID: HTB23086 Product: PluXml Vendor: pluxml.org Vulnerable Versions: 5.1.5 and probably prior Tested Version: 5.1.5 Vendor Notification: 11 April 2012 Vendor Patch: 16 April 2012 Public Disclosure: 2 May 2012 Vulnerability Type: Local File Inclusion CVE References: CVE-2012-2227 Solution...
VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break
VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break Derek Soeder [email protected] Reported: December 5, 2011 Published: May 3, 2012 AFFECTED VENDOR --------------- VMware, Inc. AFFECTED ENVIRONMENTS --------------------- The following VMware product versions ar...