47153 matches found
HP StorageWorks P2000 security vulnerabilities
Default account, directory traversal...
[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03127140 Version: 1 HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center BAC and Business Service Management BSM, Remote Unauthorized Access to Sensitive Information NOTICE: The...
PHP DoS
NULL pointer dereference because on unchecked zendstrndup return value...
[SECURITY] [DSA 2386-1] openttd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2386-1 [email protected] http://www.debian.org/security/ January 10, 2012 http://www.debian.org/security/faq -...
Suhoshin buffer overflow
Buffer overflow in the transparent cookis encryption code...
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01)
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow Vulnerability APSB12-01 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Adobe Acrobat and Reader are the global standards for electronic...
Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow Release Date: 2012/01/19 Last Modified: 2012/01/19 Author: Stefan Esser stefan.esseratsektioneins.de...
XSS in OneOrZero AIMS
Advisory ID: HTB23066 Reference: https://www.htbridge.ch/advisory/xssinoneorzeroaims.html Product: OneOrZero AIMS Vendor: www.oneorzero.com http://www.oneorzero.com/ Vulnerable Version: 2.8.0 Trial build231211 and probably prior Tested Version: 2.8.0 Trial build231211 Vendor Notification: 28...
PHP 5.3.8 Multiple vulnerabilities
PHP 5.3.8 Multiple vulnerabilities Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 14.01.2012 CVE: CVE-2011-4153 zendstrndup Original link: http://cxsecurity.com/research/103 --- 1. Multiple NULL Pointer Dereference with zendstrndup CVE-2011-4153 --- As we can see in...
Microsoft Windows multiple security vulnerabilities
SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage...
Webcalendar 1.2.4 'location' XSS
Exploit Title: Webcalendar 1.2.4 'location' XSS Date: 01/11/12 Author: G13 Software Link: https://sourceforge.net/projects/webcalendar/?source=directory Version: 1.2.5 Category: webapps php Vulnerability There is no sanitation on the input of the location variable. This allows malicious scripts t...
GreenBrowser iframe content Double Free Vulnerability
GreenBrowser searchbar iframe content Double Free Vulnerability ------------------------------------------------------------------ I. Summary All versions of GreenBrowser is prone to a vulnerability which leads to arbitrary code execution. A Double Free of iframe object is triggered by its shortc...
[PT-2011-03] Information disclosure in Kayako Support Suite
----------------------------------------------------------------- PT-2011-03 Positive Technologies Security Advisory Information disclosure in Kayako Support Suite ----------------------------------------------------------------- --- Vulnerable software Kayako Support Suite Version: 3.70.02-stabl...
Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS
Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author: MaXe @InterN0T Found in a private Hatforce.com Penetration Test Software Link:...
[security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03153338 Version: 1 HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be act...
Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Digital Media Manager Privilege Escalation Vulnerability Advisory ID: cisco-sa-20120118-dmm Revision 1.0 For Public Release 2012 January 18 16:00 UTC GMT +--------------------------------------------------------------------- Summary =======...
[SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure
CVE-2011-3375 Apache Tomcat Information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.21 - Tomcat 6.0.30 to 6.0.33 - Earlier versions are not affected Description: For performance reasons, information parsed from a request is often...
Cisco Security Advisory: Cisco IP Video Phone E20 Default Root Account
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco IP Video Phone E20 Default Root Account Advisory ID: cisco-sa-20120118-te Revision 1.0 For Public Release 2012 January 18 16:00 UTC GMT +--------------------------------------------------------------------- Summary ======= Cisco TelePresence...
Xpra memory disclosure
Xpra is screen for X11. This is the fork located at: http://xpra.org/ Xpra versions 0.0.7.28 r191 through to 0.0.7.34 r443 return random chunks of memory to the clients by using the wrong size multiplying by 4 for the X11 cursor memory buffer. from XFixesGetCursorImage The byte order of the data...
OpenSSL library multiple security vulnerabilities
Double free, protection bypass, information leakages, DoS conditions...
Microsoft AntiXSS library crossite scripting
Crossite scripting during HTML parsing...
Xpra memory disclosure
It's possible to access uninitialized memory chunks...
Cisco Digital Media Manager privilege escalation
It's possible to access administration pages by URLs...
Apache Tomcat security vulnerabilities
DoS, information disclosure...
Cisco TelePresence System Integrator / Cisco IP Video Phone E20 default account vulnereability
Default root account is enabled...
Microsoft Anti-XSS Library Bypass (MS12-007)
Introduction ------------- Microsoft Anti-XSS Library is used to protect applications from Cross-Site Scripting attacks, by providing methods for input sanitization. Vulnerability ------------- Microsoft Anti-XSS Library 3.0 and 4.0 are vulnerable to an attack in which an attacker is able to crea...
[ MDVSA-2012:009 ] perl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:009 http://www.mandriva.com/security/ Package : perl Date : January 18, 2012 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in perl: Eval injection in the...
perl security vulnerabilities
It's possible to inject eval expression into digest module constructor. Off-by-one overflow in decodexs...
ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-014 January 12, 2012 - -- CVE ID: CVE-2011-4787 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -...
ZDI-12-016 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-016 : 0Day HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-016 January 12, 2012 - -- CVE ID: CVE-2011-4789 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...
ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-012 : 0Day McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution http://www.zerodayinitiative.com/advisories/ZDI-12-012 January 12, 2012 - -- CVE ID: - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors: McAfee - --...
MailEnable crossite scripting
Crossite scripting in ForgottonPassword.aspx...
HP Easy Printer Care Software ActiveX unauthorized access
Files write access is possible...
ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-015 : 0Day HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-12-015 January 12, 2012 - -- CVE ID: CVE-2011-4788 - -- CVSS: 9, AV:N/AC:L/Au:N/C:C/I:P/A:P - -- Affecte...
ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389
ME020567: MailEnable webmail cross-site scripting vulnerability CWE-79 References: CVE-2012-0389 Discovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah Vendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 Vendor contact: 2012-01-04 09:49:36 UTC Vendor...
t1lib / xpdf library multiple security vulnerabilities
Multiple memory corruptions...
McAfee SaaS ActiveX code execution
MyCioScan.Scan.ShowReport method code execution...
ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-013 January 12, 2012 - -- CVE ID: CVE-2011-4786 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...
DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)
Title: DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal CVE-2011-4785 Severity: High Date Discovered: 2011-10-12 Discovered By: Digital Defense, Inc. Vulnerability Research Team Credited To: sxkeebler and r@b13$ Vulnerability Description: The HP-ChaiSOE/1.0 embedded web server on certa...
Citrix Provisioning Services memory corruptions
Multiple memory corruptions...
ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-008 January 10, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...
HP LaserJet P3015 printer unauthorized access
Web server directory traversal...
ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-011 : Novell Netware XNFS callername xdrDecodeString Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-011 January 10, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Novel...
[SECURITY] [DSA 2385-1] pdns security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2385-1 [email protected] http://www.debian.org/security/ Florian Weimer January 10, 2012 http://www.debian.org/security/faq -...
ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-009 January 10, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendor...
ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-010 January 10, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendor...
Apache mod_proxy unauthorized internal network access
Invalid processing for URI with preceeding @ sign...
PowerDNS response loop
Resolver reponds to response, allowing DoS attacks...
Apache privilege escalation
Privilege escalation with SetEnvIf in conjunction with crafted HTTP headers...
Novell Netware security vulnerabilities
TCP/32778, UDP/32778, UDP/2039, UDP/32779 RPC-based services buffer overflow...