Securityvulns - Page 157 of Securityvulns Vulnerabilities List

securityvulns•added 2012/01/02 12:0 a.m.•117 views

n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.004 28-Dec-2011 Vendors: PHP, http://www.php.net Oracle, http://www.oracle.com Microsoft, http://www.microsoft.com Python, http://www.python.org Ruby, http://www.ruby.org Google, http://www.google.com Affected Products: PHP 4 and ...

7.8CVSS8.8AI score0.01411EPSS

securityvulns•added 2012/01/02 12:0 a.m.•31 views

squid proxy server buffer overflow

Crash on DNS response parsing...

5CVSS4.3AI score0.6249EPSS

securityvulns•added 2012/01/02 12:0 a.m.•54 views

ICU library memory corruption

Memory corruption on locale processing...

7.5CVSS3AI score0.24107EPSS

securityvulns•added 2012/01/02 12:0 a.m.•97 views

lighthttpd security vulnerabilities

DoS on base64 parsing...

5CVSS1.9AI score0.04391EPSS

Exploits12References2Affected Software1

securityvulns•added 2012/01/02 12:0 a.m.•57 views

FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:08.telnetd Security Advisory The FreeBSD Project Topic: telnetd code execution vulnerability Category: core Module: contrib Announced: 2011-12-23 Affects: All...

10CVSS7.2AI score0.92381EPSS

Exploits19

securityvulns•added 2012/01/02 12:0 a.m.•117 views

[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision

2011-003 multiple implementations denial-of-service via hash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...

7.8CVSS5.9AI score0.85815EPSS

Exploits16

securityvulns•added 2012/01/02 12:0 a.m.•32 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruptions, protection bypass, integer overflows, DoS conditions...

10CVSS4AI score0.75876EPSS

Exploits11Affected Software3

securityvulns•added 2012/01/02 12:0 a.m.•38 views

FreeBSD Security Advisory FreeBSD-SA-11:07.chroot

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:07.chroot Security Advisory The FreeBSD Project Topic: Code execution via chrooted ftpd Category: core Module: libc Announced: 2011-12-23 Affects: All supporte...

0.2AI score

securityvulns•added 2012/01/02 12:0 a.m.•2990 views

SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416

SEC Consult Vulnerability Lab Security Advisory 20111230-0 ======================================================================= title: Microsoft ASP.NET Forms Authentication Bypass product: Microsoft .NET Framework vulnerable version: Microsoft .NET Framework Version:4.0.30319; ASP.NET...

8.5CVSS6.3AI score0.52829EPSS

securityvulns•added 2012/01/02 12:0 a.m.•123 views

Lighttpd Proof of Concept code for CVE-2011-4362

29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: "src/httpauth.c:67" --- CUT --- static const short...

5CVSS0.2AI score0.04391EPSS

Exploits8

securityvulns•added 2012/01/02 12:0 a.m.•66 views

FreeBSD Security Advisory FreeBSD-SA-11:10.pam

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:10.pam Security Advisory The FreeBSD Project Topic: pamstart does not validate service names Category: contrib Module: pam Announced: 2011-12-23 Credits:...

6.9CVSS7.5AI score0.00373EPSS

securityvulns•added 2012/01/02 12:0 a.m.•32 views

FreeBSD multiple security vulnerabilities

Invalid nsdispatch implementation for chroot'ed environment, multiple PAM vulnerabilities...

6.9CVSS2.3AI score0.00373EPSS

Exploits1References3Affected Software1

securityvulns•added 2012/01/02 12:0 a.m.•60 views

MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]

10CVSS7.8AI score0.92381EPSS

Exploits19

securityvulns•added 2012/01/02 12:0 a.m.•38 views

[ MDVSA-2011:193 ] squid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:193 http://www.mandriva.com/security/ Package : squid Date : December 27, 2011 Affected: 2011. Problem Description: A vulnerability has been discovered and corrected in squid: The idnsGrokReply function in...

5CVSS8.5AI score0.6249EPSS

securityvulns•added 2012/01/02 12:0 a.m.•69 views

[ MDVSA-2011:194 ] icu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:194 http://www.mandriva.com/security/ Package : icu Date : December 27, 2011 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in icu: A...

7.5CVSS8.6AI score0.24107EPSS

securityvulns•added 2011/12/26 12:0 a.m.•53 views

Microsoft Internet Explorer multiple security vulnerabilities

Information leakage, insecure library loading...

9.3CVSS1.9AI score0.26606EPSS

securityvulns•added 2011/12/26 12:0 a.m.•604 views

Tiki Wiki CMS Groupware Stored Cross-Site-Scripting

Advisory: Tiki Wiki CMS Groupware Stored Cross-Site-Scripting Advisory ID: INFOSERVE-ADV2011-07 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Tiki 8.1 & 6.4 LTS affects all current releases Vendor URL: http://info.tiki.org/ Vendor Status: fixed...

4.3CVSS5.3AI score0.05088EPSS

securityvulns•added 2011/12/26 12:0 a.m.•39 views

IBM TS3100 / IBM TS3200 tape libraries authentication bypass

Authentication bypass in Web interface...

6.8CVSS3.5AI score0.00216EPSS

Exploits1References1

securityvulns•added 2011/12/26 12:0 a.m.•36 views

VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090)

VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability MS11-090 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems and...

0.3AI score

securityvulns•added 2011/12/26 12:0 a.m.•47 views

ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-11-354 December 22, 2011 - -- CVE ID: CVE-2011-4168 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...

7.5CVSS0.1AI score0.01608EPSS

securityvulns•added 2011/12/26 12:0 a.m.•204 views

Multiple vulnerabilities in PHPShop CMS Free

Vulnerability ID: HTB23058 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinphpshopcmsfree.html Product: PHPShop CMS Free Vendor: PHPShop Software http://www.phpshopcms.ru/ Vulnerable Version: 3.4 and probably prior Tested Version: 3.4 Vendor Notification: 23 November 2011...

7.6AI score

securityvulns•added 2011/12/26 12:0 a.m.•73 views

ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-353 December 22, 2011 - -- CVE ID: CVE-2011-4167 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...

7.5CVSS0.3AI score0.11091EPSS

securityvulns•added 2011/12/26 12:0 a.m.•69 views

CSRF, DT and AB vulnerabilities in D-Link DSL-500T ADSL Router

Hello 3APA3A! I want to warn you about new security vulnerabilities in D-Link DSL-500T ADSL Router. Which I've found and disclosed last week. These are Cross-Site Request Forgery, Directory Traversal and Authentication Bypass vulnerabilities. This is my fifth advisory 3 and 4 were announced and...

7.5CVSS0.7AI score0.00345EPSS

securityvulns•added 2011/12/26 12:0 a.m.•79 views

ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-351 December 22, 2011 - -- CVE ID: CVE-2011-4536 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...

10CVSS1.1AI score0.3104EPSS

securityvulns•added 2011/12/26 12:0 a.m.•88 views

[SECURITY] [DSA 2366-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2366-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire December 18, 2011 http://www.debian.org/security/faq -...

5.8CVSS0.2AI score0.00933EPSS

securityvulns•added 2011/12/26 12:0 a.m.•41 views

libarchive library buffer overflow

Buffer overflow on ISO 9660 image parsing...

6.8CVSS5.2AI score0.03024EPSS

securityvulns•added 2011/12/26 12:0 a.m.•62 views

[MATTA-2011-001] pfSense x509 Insecure Certificate Creation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com pfSense x509 Insecure Certificate Creation Advisory ID: MATTA-2011-001 CVE reference: CVE-2011-4197 Affected platforms: pfSense Version: 2.0 Date: 2011-October-09 Security risk: High...

7.5CVSS0.6AI score0.00902EPSS

securityvulns•added 2011/12/26 12:0 a.m.•63 views

ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-11-352 December 22, 2011 - -- CVE ID: CVE-2011-4166 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors:...

7.5CVSS0.2AI score0.63467EPSS

Exploits5

securityvulns•added 2011/12/26 12:0 a.m.•78 views

VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459)

VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability CVE-2011-2459 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime...

10CVSS0.2AI score0.01587EPSS

securityvulns•added 2011/12/26 12:0 a.m.•36 views

Adobe Flash Player multiple security vulnerabilities

Multiple memory corruptions, buffer overflows, crossite data access...

10CVSS3AI score0.04281EPSS

Exploits1References1Affected Software2

securityvulns•added 2011/12/26 12:0 a.m.•119 views

Novell Sentinel Log Manager <=1.2.0.1 Path Traversal

Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...

0.8AI score

securityvulns•added 2011/12/26 12:0 a.m.•43 views

Exploit for Asterisk Security Advisory AST-2011-013

A Metasploit module is attached that demonstrates how to enumerate Asterisk sip peers that have a nat setting different to the global sip nat setting as described in Asterisk Security Advisory AST-2011-013. The example below finds all peers with nat=yes, but the metasploit module will also work...

5CVSS5.7AI score0.00685EPSS

securityvulns•added 2011/12/26 12:0 a.m.•144 views

appRain CMF v0.1.5 - Multiple Web Vulnerabilities

Title: ====== appRain CMF v0.1.5 - Multiple Web Vulnerabilities Date: ===== 2011-12-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=362 VL-ID: ===== 362 Introduction: ============= appRain is one of the first officially released Opensource Content Management Framewor...

0.7AI score

securityvulns•added 2011/12/26 12:0 a.m.•85 views

TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin

Trustwave's SpiderLabs Security Advisory TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin https://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt Published: 12/22/11 Version: 1.0 Vendor: phpMyAdmin http://www.phpmyadmin.net/ Product: phpMyAdmin Version affected: 3.4.8 and...

4.3CVSS0.5AI score0.00475EPSS

securityvulns•added 2011/12/26 12:0 a.m.•21 views

WellinTech KingView buffer overflow

Buffer overflow on TCP/777 request parsing...

10CVSS4.8AI score0.3104EPSS

securityvulns•added 2011/12/26 12:0 a.m.•35 views

Certificate Spoofing in Google Chrome for Android

Hello 3APA3A! I want to warn you about Certificate Spoofing in Google Chrome for Android. This vulnerability is low risk, but can be used by phishers for stealing certificates from legitimate sites for conducting phishing attacks. ------------------------- Affected products:...

0.4AI score

securityvulns•added 2011/12/26 12:0 a.m.•66 views

TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface

Trustwave's SpiderLabs Security Advisory TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface https://www.trustwave.com/spiderlabs/advisories/TWSL2011-018.txt Published: 2011-12-20 Version: 1.0 Vendor: IBM http://www.ibm.com Product: TS3100/TS3200 Tape Library...

6.8CVSS0.2AI score0.00216EPSS

securityvulns•added 2011/12/26 12:0 a.m.•31 views

WhatsApp messenging protocol multiple security vulnerabilities

Unauthroized user status change, registration bypass, cleartext data transmission...

2.4AI score

securityvulns•added 2011/12/26 12:0 a.m.•26 views

Enterasys NetSight buffer overflow

nssyslogd buffer overflow on UDP/514 packet parsing...

4.6AI score

securityvulns•added 2011/12/26 12:0 a.m.•33 views

pfSense invalid certificates issue

All certificates are issued with CA:true flag...

7.5CVSS1.7AI score0.00902EPSS

securityvulns•added 2011/12/26 12:0 a.m.•22 views

SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp

SEC Consult Vulnerability Lab Security Advisory 20111219-1 ======================================================================= title: Multiple vulnerabilities in WhatsApp product: WhatsApp tested on Android client fixed version: - impact: Medium homepage: http://www.whatsapp.com/ found:...

securityvulns•added 2011/12/26 12:0 a.m.•26 views

Asterisk SIP processing security vulnerabilities

DoS, information leakage...

1.8AI score

Exploits0References3Affected Software1

securityvulns•added 2011/12/26 12:0 a.m.•106 views

VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092)

VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability MS11-092 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows Media Player WMP is a media player and media library...

1.6AI score

securityvulns•added 2011/12/26 12:0 a.m.•109 views

PHP Booking Calendar 10e XSS

Exploit Title: PHP Booking Calendar 10e XSS Date: 12/16/11 Author: G13 Software Link: http://sourceforge.net/projects/bookingcalendar/ Version: 10e Category: webapps php Vulnerability The pageinfomessage varibale in the detailsview.php does not sanitize input. This is a relective XSS attack...

1.1AI score

securityvulns•added 2011/12/26 12:0 a.m.•120 views

SASHA v0.2.0 Mutiple XSS

Exploit Title: SASHA v0.2.0 Mutiple XSS Date: 12/16/11 Author: G13 Software Link: http://sourceforge.net/projects/sasha/files/ Version: 0.2.0 Category: webapps php Vulnerability When adding a new course to the schedule, the application relies on Client Side controls for input. This can easily be...

0.9AI score

securityvulns•added 2011/12/26 12:0 a.m.•81 views

Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection

------------------------------------------------------------------------- Tiki Wiki CMS Groupware = 8.2 snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............:...

0.5AI score0.03229EPSS

Exploits7

securityvulns•added 2011/12/26 12:0 a.m.•110 views

[SECURITY] [DSA 2368-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 [email protected] http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq -...

5CVSS1.5AI score0.04391EPSS

Exploits12

securityvulns•added 2011/12/26 12:0 a.m.•25 views

Google Crome for Androind certificate information spoofing

It's possible to spoof certificate information by using IFRAME...

1.8AI score

securityvulns•added 2011/12/26 12:0 a.m.•21 views

Unbound DNS resolver DoS conditions

Different denial of service conditions...

7.8CVSS2.8AI score0.02914EPSS