47153 matches found
HP Data Protector Media Operations integer overflow
DBServer.exe integer overflow...
ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-023 February 8, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
eFronts Community++ v3.6.10 - Cross Site Vulnerability
Title: ====== eFronts Community++ v3.6.10 - Cross Site Vulnerability Date: ===== 2012-02-07 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=423 VL-ID: ===== 423 Introduction: ============= Tailored with larger organizations in mind, eFront Community ++ offers solutions...
ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-031 February 8, 2012 - -- CVE ID: CVE-2011-4194 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...
[security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03179046 Version: 1 HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as...
Advisory: sudo 1.8 Format String Vulnerability
Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +--++ Authors joernchen joernchen phenoelit de Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sudo maintainer 2012-01-24 Maintainer ...
Multiple vulnerabilities in ZENphoto
Advisory ID: HTB23070 Product: ZENphoto Vendor: www.zenphoto.org Vulnerable Version: 1.4.2 and probably prior Tested Version: 1.4.2 Vendor Notification: 18 January 2012 Vendor Patch: 19 January 2012 Public Disclosure: 8 February 2012 Vulnerability Type: PHP Code Execution, SQL Injection, XSS...
ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-12-025 February 8, 2012 - -- CVE ID: CVE-2012-0395 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: EMC - -...
Unauthenticated remote code execution on D-Link ShareCenter products
Unauthenticated remote code execution on D-Link ShareCenter products ==================================================================== ADVISORY INFORMATION Title: Unauthenticated remote code execution on D-Link ShareCenter products Release date: 08/02/2012 Last update: 08/02/2012 Credits:...
CSRF (Cross-Site Request Forgery) in DClassifieds
Advisory ID: HTB23067 Reference: https://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryindclassifieds.html Product: DClassifieds Vendor: www.dclassifieds.eu http://www.dclassifieds.eu/ Vulnerable Version: 0.1 final and probably prior Tested Version: 0.1 final Vendor Notification: 04 January...
ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-024 : Total Defense Suite UNC Management Web Service uncspViewReportsHomepage SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-024 February 8, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
EMC Documentum Content Server privilege escalation
System administrator can elevate privileges to super-user...
ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-021 February 8, 2012 - -- CVE ID: CVE-2011-4373 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
Adobe Acrobat / Reader multiple security vulnerabilities
Code execution, multiple memory corruptions...
TWSL2012-002: Multiple Vulnerabilities in WordPress
Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product...
Bart`s CMS - SQL Injection Vulnerability
Title: ====== Barts CMS - SQL Injection Vulnerability Date: ===== 2012-01-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=390 VL-ID: ===== 390 Introduction: ============= It is a website Content Management System that is build with Codecharge Studio. There will also ...
SQL Injection Vulnerability in Batavi 1.1.2
Information -------------------- Name : SQL Injection Vulnerability in Batavi Software : Batavi 1.1.2 and possibly below. Vendor Homepage : http://www.batavi.org Vulnerability Type : SQL Injection Severity : Critical Researcher : Onur Y?lmaz Advisory Reference : NS-12-003 Description...
ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-027 February 8, 2012 - -- CVE ID: CVE-2012-0189 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
bip security vulnerabilities
DoS, buffer overflow...
Mibew messenger multiple XSS
Advisory ID: CSA-12001 Title: Mibew messenger multiple XSS Product: mibew messenger Version: 1.6.4 and probably prior Vendor: mibew.org Vulnerability type: XSS Vendor notification: 2012-01-07 Public disclosure: 2012-01-24 Mibew messenger version 1.6.4 an probably below is vulnerable to multiple X...
[ GLSA 201201-18 ] bip: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 201201-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability
-------------------------------------------------------------------------------- Wordpress Kish Guest Posting Plugin 1.0 uploadify.php Unrestricted File Upload -------------------------------------------------------------------------------- author............: Egidio Romano aka EgiX...
Multiple vulnerabilities in OSClass
Advisory ID: CSA-12003 Title: Multiple vulnerabilities in OSClass Product: OSClass Version: 2.3.4 and probably prior Vendor: osclass.org Vulnerability type: SQL injection, XSS, Remote file inclusion Vendor notification: 2012-01-12 Public disclosure: 2012-01-27 OSClass version 2.3.4 and probably...
[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability
-------------------------------------------------------------------------------------------------- CVE-2011-4367: Apache MyFaces information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: MyFaces Core 2.0.1 to 2.0.11 MyFaces Core 2.1.0 to...
[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability
-------------------------------------------------------------------------------------------------- CVE-2011-4367: Apache MyFaces information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: MyFaces Core 2.0.1 to 2.0.11 MyFaces Core 2.1.0 to...
eFront Community++ v3.6.10 - Multiple Web Vulnerabilities
Title: ====== eFront Community++ v3.6.10 - Multiple Web Vulnerabilities Date: ===== 2012-02-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=421 VL-ID: ===== 421 Introduction: ============= Tailored with larger organizations in mind, eFront Community ++ offers solutio...
Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities
Title: ====== Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities Date: ===== 2012-02-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=427 VL-ID: ===== 427 Introduction: ============= Dolibarr ERP & CRM is a modern software to manage your company or foundation...
CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability
OVERVIEW The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[ MDVSA-2012:016 ] glpi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:016 http://www.mandriva.com/security/ Package : glpi Date : February 10, 2012 Affected: Enterprise Server 5.0 Problem Description: A File Inclusion vulnerability was discovered and corrected in GLPI. This...
OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities
Title: ====== OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities Date: ===== 2012-02-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=426 VL-ID: ===== 426 Introduction: ============= Onxshop is not only great CMS offering integrated in-context editing and full design...
Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities
Title: ====== Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities Date: ===== 2012-02-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=429 VL-ID: ===== 429 Introduction: ============= Scriptable, distributed and object oriented Hosting Platform. Manage...
CVS client buffer overflow
Heap buffer overflow on server response parsing...
Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
Title: ====== Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities Date: ===== 2012-02-07 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=428 VL-ID: ===== 428 Introduction: ============= Dolibarr ERP & CRM is a modern software to manage your company or foundation...
[SECURITY] [DSA 2407-1] cvs security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2407-1 [email protected] http://www.debian.org/security/ Florian Weimer February 09, 2012 http://www.debian.org/security/faq -...
Ubuntu utilities security vulnerabilities
AccountsService and Software Properties privlege escalation...
curl data injection
Data injection via request URL...
X.Org privilege escalation
Unprivileged user can start X server...
Mathopd - Directory Traversal Vulnerability
Hi, Mathopd - Security Alerts Directory Traversal Vulnerability Reported: 2 February 2012 Older versions of the software have a vulnerability that could lead to directory traversal if the '' construct for mass virtual hosting is used. Affected: all 1.4 versions, all 1.5 versions up to 1.5p7. Fixe...
PHP security vulnerabilities
Reading outside allocated memory on JPEG exif headers parsing. CPU exhaustion because of predictable hash collisions for form data...
Linux privilege escalation
Under some condirions memwrite allows to overrite process memory...
EMC Documentum xPlore information leakage
Under specific circumstances, an authenticated user who does not have BROWSE permission on the object may be able to see the existence of or certain metadata on that object in a search result...
[USN-1349-1] X.Org vulnerability
========================================================================== Ubuntu Security Notice USN-1349-1 January 26, 2012 xorg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability. EMC Identifier: ESA-2012-010 EMC Identifier: SRCH-7949 CVE Identifier: CVE-2012-0396 Severity Rating: CVSS v2 Base Score: 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N Affected products: EMC S...
Opera array index overflow
Integer overflows in array functions...
[USN-1354-1] usbmuxd vulnerability
========================================================================== Ubuntu Security Notice USN-1354-1 February 01, 2012 usbmuxd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
QEMU buffer overflow
Buffer overflow in network card emulation...
[USN-1351-1] AccountsService vulnerability
========================================================================== Ubuntu Security Notice USN-1351-1 January 31, 2012 accountsservice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
usbmuxd buffer overflow
Buffer overflow on USB device SerialNumber parsing...
[CAL-2012-0004] opera array integer overflow
CAL-2012-0004 opera array integer overflow 1 Affected Products ================= 11.60 and prior 2 Vulnerability Details ===================== Code Audit Labs http://www.vulnhunt.com has discovered a integer overflow vulnerability in array functions like Int32Array,Int16Array... . Opear vendor sa...