NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution

High Risk Vulnerability in Samba on the BlackBerry PlayBook 23 February 2012 Andy Davis of NGS Secure has discovered a high risk vulnerability in the Samba service running on the BlackBerry PlayBook Impact: Remote Code Execution Versions affected: BlackBerry Tablet OS prior to v2.0.0.7971 More...

[Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory: Oracle JD Edwards Security Kernel Information Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...

Eleytt Research ER-03-2012

Eleytt Research www.eleytt.com Overview: ==================== Michal A. Bucko Credit: ==================== Anonymous researcher Michal A. Bucko Vulnerability Table =================== Note: All of the vulnerabilities are reported in Holdem Manager Professional, poker tracking software. 1. Holdem...

[ MDVSA-2012:023 ] libxml2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:023 http://www.mandriva.com/security/ Package : libxml2 Date : February 22, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in libxml2: I...

libxmls library DoS

Predictable hash function collisions lead to resources exhaustion...

CMS wizard Cross Site Scripting

================================================================= -=CMS wizard Cross Site Scripting ================================================================= Author: XaDaL Date: 14-02-2012 vendor: http://www.cmswizard.co.uk/ tested on: windows mobile dork : powered by CMS wizard This...

libvorbis library buffer overflow

Heap buffer overflow on ogg files parsing...

Mozilla Foundation Security Advisory 2012-11

Mozilla Foundation Security Advisory 2012-11 Title: libpng integer overflow Impact: Critical Announced: February 16, 2012 Reporter: Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 10.0.2 Firefox ESR 10.0.2 Firefox 3.6.27 Thunderbird 10.0.2 Thunderbird ESR 10.0.2 Thunderbird 3.1.19...

[SECURITY] [DSA 2409-1] devscripts security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2409-1 [email protected] http://www.debian.org/security/ Raphael Geissert February 15, 2012 http://www.debian.org/security/faq -...

ELBA multiple security vulnerabilities

DoS, information leakage, SQL injection...

F*EX 20111129-2 Cross Site Scripting Vulnerability

------------------------------------------------------------------------ FEX 20111129-2 Cross Site Scripting Vulnerability ------------------------------------------------------------------------ title.............: FEX 20111129-2 Cross Site Scripting Vulnerabilities author............: muuratsal...

[SECURITY] [DSA 2411-1] mumble security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2411-1 [email protected] http://www.debian.org/security/ Florian Weimer February 19, 2012 http://www.debian.org/security/faq -...

Mercurycom MR804 router buffer overflow

Buffer overflow on HTTP request headers parsgng...

SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional

SEC Consult Vulnerability Lab Security Advisory 20120220-0 ======================================================================= title: Multiple critical vulnerabilities product: VOXTRONIC voxlog professional - voice recording solution vulnerable version: VOXTRONIC voxlog professional = 3.7.2.7...

Skype v5.6.59.x - Memory Corruption Vulnerability

Title: ====== Skype v5.6.59.x - Memory Corruption Vulnerability Date: ===== 2012-02-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=315 VL-ID: ===== 315 Introduction: ============= Skype is a software application that allows users to make voice and video calls and...

Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities

OVERVIEW Dolphin 7.0.7 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Dolphin is the only "all-in-one" free community software platform for creating your own social networking, community or online dating site without any limits and under your full control. Dolphin comes...

Multiple vulnerabilities in 11in1

Advisory ID: HTB23071 Product: 11in1 Vendor: 11in1 Vulnerable Versions: 1.2.1 stable 12-31-2011 and probably prior Tested Version: 1.2.1 stable 12-31-2011 Vendor Notification: 25 January 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, Сross-Site Request Forgery...

Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability

Title: Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability Product : Mercurycom MR804 Router Hardware Version : MR804 v8.0 081C3113 Software Version : 3.8.1 Build 101220 Rel.53006nB Vendor: http://www.mercurycom.com.cn/ Class: Boundary Condition Error CVE: Remote...

PHP 5.2.x Remote Code Execution Vulnerability

Release Date: 17 February 2012 Affected Versions: 5.2.0 - 5.2.17 unsupported version ------------------------------------------------------------------------------------------ Description: If PHP bails out in startup stage before setting PGmodulesactivated to 1, the filterglobals struct is not...

CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated]

OVERVIEW The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful...

PHP code execution

filterglobals structure is not cleaned under some conditions...

WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability

Advisory: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability Advisory ID: SSCHADV2012-003 Author: Stefan Schurtz Affected Software: Successfully tested on WebsiteBaker 2.8.2 SP2 Vendor URL: www.websitebaker2.org Vendor Status: fixed ========================== Vulnerability Description...

Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20120215-nxos Revision 1.0 For Public Release 2012 February 15 16:00 UTC GMT...

[SECURITY] [DSA 2412-1] libvorbis security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2412-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 19, 2012 http://www.debian.org/security/faq -...

SQL Injection Vulnerabilities in TestLink

------------------ Information ------------------ Name: SQL Injection Vulnerabilities in TestLink Software tested: TL v1.8.5b & checked in v1.9.3 prior version may be affected Vendor Homepage: http://www.teamst.org Vendor Notification: 27 January 2012 Vendor Patch: 4 February 2012 Public...

OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities

OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people...

Debian debdiff multiple security vulnerabilities

Information leakage, code execution...

SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5

SEC Consult Vulnerability Lab Security Advisory 20120220-1 ======================================================================= title: Multiple Vulnerabilities in ELBA5 product: ELBA 5 vulnerable version: ELBA 5.4.1 5.5.0 R00004 build 0778 fixed version: partially in 5.5.0 R00004 build 0778 al...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Skype memory corruption

Memory corruption on file transfer...

Pandora FMS v4.0.1 - Local File Include Vulnerability + VD Session

Title: ====== Pandora FMS v4.0.1 - Local File Include Vulnerability Date: ===== 2012-02-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=435 VL-ID: ===== 435 Introduction: ============= Pandora FMS is a monitoring Open Source software. It watches your systems and...

libpng integer overflow

Integer overflow on PNG parsing leads to heap buffer overflow...

mumble weak permissions

Weak permissions for configuration files...

Cisco Nexus switches DoS

Crash on IP filtering...

Multiple vulnerabilities in LEPTON

Advisory ID: HTB23072 Product: LEPTON Vendor: LEPTON Project Vulnerable Versions: 1.1.3 and probably prior Tested Version: 1.1.3 Vendor Notification: 25 January 2012 Vendor Patch: 4 February 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, SQL Injection, Cross Si...

Security update available for Adobe Shockwave Player

Security update available for Adobe Shockwave Player Release date: February 14, 2012 Vulnerability identifier: APSB12-02 CVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766 Platform: Windows and Macintos...

[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow

CAL-2011-0071Adobe Shockwave Player Parsing cupt atom heap overflow Discover: instruder of code audit labs of vulnhunt.com CAL: CAL-2011-0071 CVE: CVE-2012-0758 http://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0071adobe-shockwave-player-parsing-cupt-atom-heap-overflow/ adobe security...

FreePBX information leakage

It's possible to obtain extensions passwords via genampconf.php...

Adobe Shockwave Player multiple security vulnerabilities

Buffer overflow, multiple memory corruptions...

FreePBX Remote Exploit

FreePBX web interface remote vulnerability The admin username and password for the web interface is stored in plain text in this publicly accessible file: http://yourip/admin/modules/framework/bin/genampconf.php Which allows a hacker to access the web GUI and view the secretspasswords for each...

[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability

CAL-2011-0055Adobe Shockwave Player Parsing blockcout memory corruption vulnerability Discover: instruder of code audit labs of vulnhunt.com CAL: CAL-2011-0055 CVE: CVE-2012-0759...

http://www.adobe.com/support/security/bulletins/apsb12-03.html

Security update available for Adobe Flash Player Release date: February 15, 2012 Vulnerability identifier: APSB12-03 CVE number: CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767 Platform: All Platforms SUMMARY This update addresses critical...

Mutant 200s tuner directory traversal

Directory traversal in embedded web server...

AoF and CSRF vulnerabilities in D-Link DAP 1150

Hello 3APA3A! I want to warn you about new security vulnerabilities in D-Link DAP 1150 Wi-Fi Access Point and Router. These are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities. This is my third advisory from series of advisories about vulnerabilities in D-Link products. Abus...

Linux kernel multiple security vulnerabilities

File systems privilege escalation, /proc privilege escalation, IGMP DoS...

eFront Community++ v3.6.10 - SQL Injection Vulnerability

Title: ====== eFront Community++ v3.6.10 - SQL Injection Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=422 VL-ID: ===== 422 Introduction: ============= Tailored with larger organizations in mind, eFront Community ++ offers solution...

NX Web Companion Spoofing Arbitrary Code Execution Vulnerability

Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution Vulnerability Date: 25.01.2012 Author: otr Software Link: http://www.nomachine.com/documents/plugin/install.php Version: = 3.x Tested on: Linux, Windows, Mac OS X x86, Mac OS X PPC, Solaris CVE : None, yet Summary The No Machine NX We...

TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution

Oracle Java Web Start Command Argument Injection Remote Code Execution TSL ID: TSL20120214-01 1. Affected Software Oracle Java Development Kit JDK 6 Update 30 and prior Oracle Java Development Kit JDK 7 Update 2 and prior Oracle JavaFX 2.0.2 and prior Oracle Java Runtime Environment JRE 6 Update ...

[USN-1364-1] Linux kernel (OMAP4) vulnerabilities

========================================================================== Ubuntu Security Notice USN-1364-1 February 13, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...