47153 matches found
PHP Gift Registry 1.5.5 SQL Injection
Exploit Title: PHP Gift Registry 1.5.5 SQL Injection Date: 02/22/12 Author: G13 Software Link: https://sourceforge.net/projects/phpgiftreg/ Version: 1.5.5 Category: webapps php Vulnerability The userid parameter in the users.php file is vulnerable to SQL Injection. A user must be signed in to...
Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities
Title: ====== Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=470 VL-ID: ===== 470 Introduction: ============= SysAid IT Enterprise Edition is an IT management solution that includes a suite of...
Iciniti Store SQL Injection - Security Advisory - SOS-12-003
Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...
pidgin OTR information leakage
Pidgin transmits OTR off-the-record conversations over DBUS in plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Pidgin is a popular Instant Messenger application that runs on a...
Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability
Title: Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability Product : Lastguru ASP GuestBook Version : Free Version Vendor: http://www.LastGuru.com Class: Input Validation Error CVE: Remote: Yes Local: No Published: 2012-03-04 Updated: Impact : Medium CVSSv2 Base : 7.5,...
Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities
Title: ====== Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=442 VL-ID: ===== 442 Introduction: ============= Designed to enable seamless voice and video communication, the CudaTel...
Oracle Exadata Infiniband Switch security vulnerabilities
Default accounts, /conf/shadow file weak permissions...
Linux systemd race conditions
Race conditions on symbolic links removal...
Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability Advisory ID: cisco-sa-20120314-fwsm Revision 1.0 For Public Release 2012 March 14 16:00 UTC GMT...
Cisco ASA / Cisco FSM multiple security vulnerabilities
Multiple DoS conditions, ActiveX code execution...
AST-2012-002: Remote Crash Vulnerability in Milliwatt Application
Asterisk Project Security Advisory - AST-2012-002 Product Asterisk Summary Remote Crash Vulnerability in Milliwatt Application Nature of Advisory Exploitable Stack Buffer Overflow with locally defined data Susceptibility Remote Unauthenticated Sessions Severity Minor Exploits Known No Reported On...
ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-012: EMC Documentum eRoom multiple vulnerabilities EMC Identifier: ESA-2012-012 CVE Identifiers: CVE-2012-0398, CVE-2012-0404 Severity Rating: CVE-2012-0398 : CVSS Base Score is 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P CVE-2012-0404 : CVSS Base Score i...
Asterisk security vulnerabilities
Milliwatt Application buffer overflow, HTTP manager buffer overflow...
Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417]
============================================================== Secur-I Research Group Security Advisory SV-2012-005 ============================================================== Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product: Yealink Easy VOIP Phone Homepage:...
Oracle Exadata Infiniband Switch default logins and world readable shadow file
Oracle Exadata Infiniband Switch default logins and world readable shadow file Hi Bugtraq List, I've noticed a minor issue with the 1/4 rack Oracle Exadata Solution. What is Exadata? From Oracle.com "Oracle Exadata is the only database machine that provides extreme performance for both data...
VMWare View multiple security vulnerabilities
Multiple XSS vulnerabilities...
Yealink VOIP Phone crossite sceripting
Crossite scripting in address book...
[ MDVSA-2012:030 ] systemd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:030 http://www.mandriva.com/security/ Package : systemd Date : March 16, 2012 Affected: 2011. Problem Description: A vulnerability has been found and corrected in systemd: A TOCTOU race condition was found i...
VMSA-2012-0004 VMware View privilege escalation and cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0004 Synopsis: VMware View privilege escalation and cross-site scripting Issue date: 2012-03-15 Updated on: 2012-03-15 initial...
Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability Advisory ID: cisco-sa-20120314-asaclient Revision 1.0 For Public Release 2012 March 14 16:00 UTC GMT...
AST-2012-003: Stack Buffer Overflow in HTTP Manager
Asterisk Project Security Advisory - AST-2012-003 Product Asterisk Summary Stack Buffer Overflow in HTTP Manager Nature of Advisory Exploitable Stack Buffer Overflow Susceptibility Remote Unauthenticated Sessions Severity Critical Exploits Known No Reported On 03/15/2012 Reported By Russell Bryan...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Advisory ID: cisco-sa-20120314-asa Revision 1.0 For Public Release 2012 March 14 16:00 UTC GMT...
[ MDVSA-2012:029 ] pidgin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:029 http://www.mandriva.com/security/ Package : pidgin Date : March 16, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in pidgin:...
nginx fix for malformed HTTP responses from upstream servers
Hello, The nginx team has released stable version 1.0.14, and development version 1.1.17 of nginx web server, which include a fix for malformed HTTP responses from upstream servers: http://trac.nginx.org/nginx/changeset/4535/nginx http://trac.nginx.org/nginx/changeset/4531/nginx...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, privilege escalation, crossite access...
nginx information leakage
Invalid server response can lead to server memory content disclosure...
Microsoft Windows multiple security vulnerabilities
Kernel drivers privileges escalation, DirectWrite API DoS, RDP memory corruption and DoS...
Microsoft Visual Studio code execution
Unsafe add-in loading...
Microsoft WIndows DNS Server DoS
Crash on request processing...
Microsoft Expression Design unsafe DLL loading
Unsafe DLL loading on .xpr and .design files processing...
ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-037 February 22, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - -...
ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-12-039 February 22, 2012 - -- CVE ID: - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors: Orac...
[USN-1395-1] PyPAM vulnerability
========================================================================== Ubuntu Security Notice USN-1395-1 March 08, 2012 python-pam vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Microsoft Internet Explorer multiple security vulnerabilities
Code execution, information leakage...
ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-038 February 22, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - --...
glibc multiple security vulnerabilities
memcpy integer overflow, RPC DoS, vfprintf integer overflow...
Linux kernel multiple security vulnerabilities
LDM and NFSv4 file systems DoS, futexes privilege escalation...
[USN-1382-1] Light Display Manager vulnerability
========================================================================== Ubuntu Security Notice USN-1382-1 March 05, 2012 lightdm vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-12-01 February 22, 2012 - -- CVE ID: - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors: Oracle - ...
python-pam memory corruption
Memory corruption on the passwords with NULL byte...
[USN-1396-1] GNU C Library vulnerabilities
========================================================================== Ubuntu Security Notice USN-1396-1 March 09, 2012 eglibc, glibc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-034 February 22, 2012 - -- CVE ID: CVE-2012-0150 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-036 February 22, 2012 - -- CVE ID: CVE-2012-0155 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
[USN-1385-1] APT vulnerability
========================================================================== Ubuntu Security Notice USN-1385-1 March 06, 2012 apt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
[USN-1375-1] httplib2 vulnerability
========================================================================== Ubuntu Security Notice USN-1375-1 February 27, 2012 python-httplib2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
Quarterly CPU fixes nearly 80 different vulnerabilities...
ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-032 February 22, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
Light Display Manager / gdm / LTSP Display Manager file descriptor leakage
File descriptor is no closed before child proess is spawned...
[USN-1390-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1390-1 March 06, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-035 February 22, 2012 - -- CVE ID: CVE-2012-0011 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...