Specially crafted Json service request allows full control over a Liferay portal instance

Specially crafted Json service request allows full control over a Liferay portal instance Description: Liferay Portal is an enterprise portal written in Java By doing a single http request you can reconfigure Liferay to use a remote Memcached cache instead of it's own cache...

CitrusDB 2.4.1 - LFI/SQLi Vulnerability

CitrusDB 2.4.1 - LFI/SQLi Vulnerability Author: Michal wacky Blaszczak WWW: blaszczakm.blogspot.com CitrusDB is an open source customer service and billing database. It can be used by customer service personnel to provide sales and support to customers, and by billing staff to bill customers for...

Multiple vulnerabilities in Newscoop

Advisory ID: HTB23084 Product: Newscoop Vendor: Sourcefabric o.p.s. Vulnerable Versions: 3.5.3 and probably prior, partially 4.0 RC3 Tested Version: 3.5.3 Vendor Notification: 28 March 2012 Vendor Patch: 5 April 2012 Public Disclosure: 18 April 2012 Vulnerability Type: Remote File Inclusion, SQL...

ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities EMC Identifier: ESA-2012-018, DPA-14718 CVE Identifier: CVE-2012-0406 CVE Identifier: CVE-2012-0407 Severity Rating: CVSS v2 Base Score: See below for CVSS Base Scores for individual...

Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities

Title : Total Quality Machines productdetail.php SQL Injection Vulnerabilities Discovered By: CrAzY CrAcKeR Home : Null Email : [email protected] date : 14/4/2012 d0rk:- "Total Quality Machines" +-+-+-+-+-+-+-+-+-+-+ --+CrAzY CrAcKeR+-- +-+-+-+-+-+-+-+-+-+-+ Example:- -...

Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities

OVERVIEW Beatz 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Beatz is a set of powerful Social Networking Script Joomla! 1.5 plugins that allows you to start your own favourite artist band website. Although it is just a Joomla! plugin, it comes with full Joolma! bundle for...

PHPNuke Module's Name Download SQL Injection Vulnerabilities

.-" "-. / | | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / / @ +-+-+-+-+-+-+-+-+-+-+ --+CrAzY CrAcKeR+-- +-+-+-+-+-+-+-+-+-+-+ Example:- - www.???.com/modules.php?name=Downloads&dop=viewdownloadeditorial&lid=sql - Injection code...

IPhone TreasonSMS - HTML Inject & File Include Vulnerability

Title: ====== IPhone TreasonSMS - HTML Inject & File Include Vulnerability Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=154 VL-ID: ===== 154 Introduction: ============= treasonSMS allows you to send SMS from your desktop computer. It turns your...

[CVE-2012-1621] Apache OFBiz information disclosure vulnerability

CVE-2012-1621: Apache OFBiz information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation - Apache OFBiz ======Versions Affected====== Apache OFBiz 10.04 also known as 10.04.01 ======Description====== Multiple XSS: XSS 1: Error messages containing user input...

HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager prevPage parameter. Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 and previous patchsets Orac...

VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773)

VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability APSB12-07 / CVE-2012-0773 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based...

Vulnerabilities in Samsung TV (remote controller protocol)

Luigi Auriemma Application: Samsung devices with support for remote controllers http://www.samsung.com Versions: current Platforms: the vulnerable protocol is used on both TV and blue-ray devices so both of them should be vulnerable my tests were performed only on a D6000 TV with the latest...

Adobe Flash Player multiple security vulnerabilities

Different memory corruptions...

HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager pageName parameter. Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 and previous patchsets Orac...

[SECURITY] [DSA 2454-1] openssl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2454-1 [email protected] http://www.debian.org/security/ Raphael Geissert April 19, 2012 http://www.debian.org/security/faq -...

SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager searchPage web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Oracle Enterprise Manager...

Comodo Internet Ssecurity DoS

BSOD on PE execution if ImageBase points to kernel space...

Samsun TV and BD-players security vulnerabilities

DoS, buffer overflow in Remote Controller protocol...

Incomplete protection of Oracle Database locked accounts (CVE-2012-0510)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Incomplete protection of Oracle Database locked accounts. Risk Level: Low Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.5 and previous patchsets and 11gR1 11.1.0.7 and previous patchsets...

Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Incomplete protection of Oracle Database locked accounts. Risk Level: Low Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.5 and previous-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1...

SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager compareWizFirstConfig web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 and previous patchsets Oracle...

OCIPasswordChange API leaks information of password hash (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory OCIPasswordChange API leaks information of password hash. Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.4 and previous patchsets and 11gR1 11.1.0.7 and previous patchset...

[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)

affected software Comodo Internet Security, until 5.9 description BSOD under Windows 7 x64 if a 32b PE with a kernel ImageBase is executed. such files are very unusual, but work perfectly if the PE contains relocations, as shown at http://pe.corkami.comImageBase and http://pe.corkami.comrelocatio...

OCIPasswordChange API leaks information of password hash (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory OCIPasswordChange API leaks information of password hash. Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.4 and previous patchsets and 11gR1 11.1.0.7 and previous patchset...

Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Oracle Enterprise Manager vulnerable to Session fixation. Risk Level: Low Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7 and previous patchsets Remote exploitable: Yes Credits:...

The history of a -probably- 13 years old Oracle bug: TNS Poison

tl;dr - Patch your database ASAP with Oracle Critical Patch Update April 2012. Introduction ------------ The following advisory explains a vulnerability I found in 2008 in all versions of Oracle Database server until very recently. The bug is probably available in any Oracle Database version sinc...

gajim jabber client multiple security vulnerabilities

Unescaped shell characters, symbolic links vulnerability, SQL injections...

Squid URL Filtering Bypass

Exploit Title: Squid URL Filtering Bypass Date: 16/04/2012 Author: Gabriel Menezes Nunes Version: Squid Proxy Tested on: Squid Proxy 3.1.19 CVE: CVE-2012-2213 I found a vulnerability in Squid Proxy that allows access to filtered sites. The software believes in the Host field of HTTP Header using...

Microsoft Internet Explorer multiple security vulnerabilities

Multple vulnerabilities allow remote code execution...

Microsoft SQL Server privilege escalation

Privilege escalation via RESTORE DATABASE...

SQLAlchemy SQL injection

SQL request data is not checked...

ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting

Adobe issued an update for Adobe Reader X new version is 10.1.3, which, among other issues, fixes an outside-the-sandbox msiexec.exe EXE planting vulnerability we reported to them earlier this year. This article explains the vulnerability and how it could have been exploited...

[ MDVSA-2012:059 ] python-sqlalchemy

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:059 http://www.mandriva.com/security/ Package : python-sqlalchemy Date : April 16, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: It was discovered that SQLAlchemy did not sanitize values f...

Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities

====================================================================== Secunia Research 09/04/2012 - RealNetworks Helix Server SNMP Master Agent - - Two Denial of Service Vulnerabilities - ====================================================================== Table of Contents Affected...

Adobe Flash Player security vulnerabilities

Few memory corruptions...

Squid / McAfee Web Gateway URL filtering bypass

Server trusts to Host: header in CONNECT request...

Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue

====================================================================== Secunia Research 09/04/2012 - RealNetworks Helix Server Credentials Disclosure Security Issue - ====================================================================== Table of Contents Affected...

Security updates available for Adobe Reader and Acrobat

Security updates available for Adobe Reader and Acrobat Release date: April 10, 2012 Last updated: April 17, 1012 Vulnerability identifier: APSB12-08 Priority rating: See table below CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777 Platform: All SUMMARY Adobe released...

TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability wa...

RealNetworks Helix Server security vulnerabilities

Information leakage, SNMP DoS...

[security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03281869 Version: 1 HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date...

[SECURITY] [DSA 2453-1] gajim security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2453-1 [email protected] http://www.debian.org/security/ Nico Golde April 16, 2012 http://www.debian.org/security/faq -...

VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172)

VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution MS12-023 / CVE-2012-0172 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft...

Mathematica8.0.4 on Linux /tmp/MathLink vulnerability

The problem reported for Mathematica became worse at version 8.0.4, present for the command-line interface "math" also. Cheers, Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia ---...

HP OpenVMS DoS

No description provided...

CVE-2012-0769, the case of the perfect info leak

Hi, During the last few months I have been researching Adobe's Flash vulnerabilities ranging from type confusion vulnerabilities, AS3 API vulnerabilities CVE-2012-0769, sandbox escapes CVE-2012-0724 & CVE-2012-0725, etc. I am pleased to announce the release of part of this research. In this case,...

Adobe Acrobat / Reader multiple security vulnerabilities

Memory corruptions, integer overflow, code execution...

Samba array index overflow

Array index overflow on RPC request processing...

McAfee Web Gateway URL Filtering Bypass

Exploit Title: McAfee Web Gateway URL Filtering Bypass Date: 16/04/2012 Author: Gabriel Menezes Nunes Version: McAfee Web Gateway Tested on: McAfee Web Gateway 7.0 CVE: CVE-2012-2212 I found a vulnerability in McAfee Web Gateway 7 that allows access to filtered sites. The appliance believes in th...

Microsoft Forefront Unified Access Gateway information leakage

Request redirection, access restrictions bypass...