47153 matches found
ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-013: RSA SecurID® Software Token Converter buffer overflow vulnerability Advisories Updated March 2, 2012 Summary: RSA SecurID® Software Token Converter contains a buffer overflow vulnerability that could allow a malicious user to compromise ...
[SECURITY] [DSA 2427-1] imagemagick security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2427-1 [email protected] http://www.debian.org/security/ Florian Weimer March 06, 2012 http://www.debian.org/security/faq -...
Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability Advisory ID: cisco-sa-20120229-cius Revision 1.0 For Public Release 2012 February 29 16:00 UTC GMT +-------------------------------------------------------------------- Summary...
libxmls library DoS
Predictable hash function collisions lead to resources exhaustion...
[ MDVSA-2012:023 ] libxml2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:023 http://www.mandriva.com/security/ Package : libxml2 Date : February 22, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in libxml2: I...
SQL Injection Vulnerabilities in TestLink
------------------ Information ------------------ Name: SQL Injection Vulnerabilities in TestLink Software tested: TL v1.8.5b & checked in v1.9.3 prior version may be affected Vendor Homepage: http://www.teamst.org Vendor Notification: 27 January 2012 Vendor Patch: 4 February 2012 Public...
SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional
SEC Consult Vulnerability Lab Security Advisory 20120220-0 ======================================================================= title: Multiple critical vulnerabilities product: VOXTRONIC voxlog professional - voice recording solution vulnerable version: VOXTRONIC voxlog professional = 3.7.2.7...
OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people...
CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated]
OVERVIEW The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful...
PHP code execution
filterglobals structure is not cleaned under some conditions...
Mercurycom MR804 router buffer overflow
Buffer overflow on HTTP request headers parsgng...
ELBA multiple security vulnerabilities
DoS, information leakage, SQL injection...
WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
Advisory: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability Advisory ID: SSCHADV2012-003 Author: Stefan Schurtz Affected Software: Successfully tested on WebsiteBaker 2.8.2 SP2 Vendor URL: www.websitebaker2.org Vendor Status: fixed ========================== Vulnerability Description...
SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5
SEC Consult Vulnerability Lab Security Advisory 20120220-1 ======================================================================= title: Multiple Vulnerabilities in ELBA5 product: ELBA 5 vulnerable version: ELBA 5.4.1 5.5.0 R00004 build 0778 fixed version: partially in 5.5.0 R00004 build 0778 al...
Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability
Title: Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability Product : Mercurycom MR804 Router Hardware Version : MR804 v8.0 081C3113 Software Version : 3.8.1 Build 101220 Rel.53006nB Vendor: http://www.mercurycom.com.cn/ Class: Boundary Condition Error CVE: Remote...
Multiple vulnerabilities in 11in1
Advisory ID: HTB23071 Product: 11in1 Vendor: 11in1 Vulnerable Versions: 1.2.1 stable 12-31-2011 and probably prior Tested Version: 1.2.1 stable 12-31-2011 Vendor Notification: 25 January 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, Сross-Site Request Forgery...
Mozilla Foundation Security Advisory 2012-11
Mozilla Foundation Security Advisory 2012-11 Title: libpng integer overflow Impact: Critical Announced: February 16, 2012 Reporter: Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 10.0.2 Firefox ESR 10.0.2 Firefox 3.6.27 Thunderbird 10.0.2 Thunderbird ESR 10.0.2 Thunderbird 3.1.19...
libpng integer overflow
Integer overflow on PNG parsing leads to heap buffer overflow...
Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities
OVERVIEW Dolphin 7.0.7 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Dolphin is the only "all-in-one" free community software platform for creating your own social networking, community or online dating site without any limits and under your full control. Dolphin comes...
libvorbis library buffer overflow
Heap buffer overflow on ogg files parsing...
[SECURITY] [DSA 2411-1] mumble security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2411-1 [email protected] http://www.debian.org/security/ Florian Weimer February 19, 2012 http://www.debian.org/security/faq -...
mumble weak permissions
Weak permissions for configuration files...
Debian debdiff multiple security vulnerabilities
Information leakage, code execution...
[SECURITY] [DSA 2412-1] libvorbis security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2412-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 19, 2012 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CMS wizard Cross Site Scripting
================================================================= -=CMS wizard Cross Site Scripting ================================================================= Author: XaDaL Date: 14-02-2012 vendor: http://www.cmswizard.co.uk/ tested on: windows mobile dork : powered by CMS wizard This...
Skype v5.6.59.x - Memory Corruption Vulnerability
Title: ====== Skype v5.6.59.x - Memory Corruption Vulnerability Date: ===== 2012-02-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=315 VL-ID: ===== 315 Introduction: ============= Skype is a software application that allows users to make voice and video calls and...
PHP 5.2.x Remote Code Execution Vulnerability
Release Date: 17 February 2012 Affected Versions: 5.2.0 - 5.2.17 unsupported version ------------------------------------------------------------------------------------------ Description: If PHP bails out in startup stage before setting PGmodulesactivated to 1, the filterglobals struct is not...
Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20120215-nxos Revision 1.0 For Public Release 2012 February 15 16:00 UTC GMT...
[SECURITY] [DSA 2409-1] devscripts security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2409-1 [email protected] http://www.debian.org/security/ Raphael Geissert February 15, 2012 http://www.debian.org/security/faq -...
Cisco Nexus switches DoS
Crash on IP filtering...
F*EX 20111129-2 Cross Site Scripting Vulnerability
------------------------------------------------------------------------ FEX 20111129-2 Cross Site Scripting Vulnerability ------------------------------------------------------------------------ title.............: FEX 20111129-2 Cross Site Scripting Vulnerabilities author............: muuratsal...
Multiple vulnerabilities in LEPTON
Advisory ID: HTB23072 Product: LEPTON Vendor: LEPTON Project Vulnerable Versions: 1.1.3 and probably prior Tested Version: 1.1.3 Vendor Notification: 25 January 2012 Vendor Patch: 4 February 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, SQL Injection, Cross Si...
Pandora FMS v4.0.1 - Local File Include Vulnerability + VD Session
Title: ====== Pandora FMS v4.0.1 - Local File Include Vulnerability Date: ===== 2012-02-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=435 VL-ID: ===== 435 Introduction: ============= Pandora FMS is a monitoring Open Source software. It watches your systems and...
Skype memory corruption
Memory corruption on file transfer...
http://www.adobe.com/support/security/bulletins/apsb12-03.html
Security update available for Adobe Flash Player Release date: February 15, 2012 Vulnerability identifier: APSB12-03 CVE number: CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767 Platform: All Platforms SUMMARY This update addresses critical...
FreePBX information leakage
It's possible to obtain extensions passwords via genampconf.php...
Adobe Shockwave Player multiple security vulnerabilities
Buffer overflow, multiple memory corruptions...
[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow
CAL-2011-0071Adobe Shockwave Player Parsing cupt atom heap overflow Discover: instruder of code audit labs of vulnhunt.com CAL: CAL-2011-0071 CVE: CVE-2012-0758 http://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0071adobe-shockwave-player-parsing-cupt-atom-heap-overflow/ adobe security...
[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability
CAL-2011-0055Adobe Shockwave Player Parsing blockcout memory corruption vulnerability Discover: instruder of code audit labs of vulnhunt.com CAL: CAL-2011-0055 CVE: CVE-2012-0759...
Security update available for Adobe Shockwave Player
Security update available for Adobe Shockwave Player Release date: February 14, 2012 Vulnerability identifier: APSB12-02 CVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766 Platform: Windows and Macintos...
FreePBX Remote Exploit
FreePBX web interface remote vulnerability The admin username and password for the web interface is stored in plain text in this publicly accessible file: http://yourip/admin/modules/framework/bin/genampconf.php Which allows a hacker to access the web GUI and view the secretspasswords for each...
eFront Community++ v3.6.10 - SQL Injection Vulnerability
Title: ====== eFront Community++ v3.6.10 - SQL Injection Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=422 VL-ID: ===== 422 Introduction: ============= Tailored with larger organizations in mind, eFront Community ++ offers solution...
HP Network Automation unauthorized access
No description provided...
NX Web Companion Spoofing Arbitrary Code Execution Vulnerability
Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution Vulnerability Date: 25.01.2012 Author: otr Software Link: http://www.nomachine.com/documents/plugin/install.php Version: = 3.x Tested on: Linux, Windows, Mac OS X x86, Mac OS X PPC, Solaris CVE : None, yet Summary The No Machine NX We...
FW: mutant200s DreamBox Arbitrary File Download Vulnerability
Exploit Title: mutant200s DreamBox Arbitrary File Download Vulnerability Google Dork: Date: 30/01 /2012 Author: k3vin mitnick Software Link: Version: Tested on: CVE : DreamBox DM500+ Arbitrary File Download Vulnerability Vendor: Dream Multimedia GmbH Product web page:...
Linux kernel multiple security vulnerabilities
File systems privilege escalation, /proc privilege escalation, IGMP DoS...
Microsoft Visio Viewer multiple security vulnerabilities
Multiple memory corruptions on VSD files parsing...
Microsoft SharePoint multiple XSS
XSS in different pages...
[USN-1364-1] Linux kernel (OMAP4) vulnerabilities
========================================================================== Ubuntu Security Notice USN-1364-1 February 13, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...