47153 matches found
Microsoft Office multiple security vulnerabilities
Privilege escalation, use-after-free, insecure DLL loading, memory corruption...
Microsoft Windows Media memory corruption
Memory corruption on .dvr-ms files parsing...
ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-346 December 13, 2011 - -- CVE ID: CVE-2011-3413 - -- CVSS: 7.5,...
[USN-1295-1] Dovecot vulnerability
========================================================================== Ubuntu Security Notice USN-1295-1 December 08, 2011 dovecot vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability
a bug in WordPress flash-album-gallery Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Download......:...
[SECURITY] [DSA 2359-1] mojarra security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2359-1 [email protected] http://www.debian.org/security/ Florian Weimer December 06, 2011 http://www.debian.org/security/faq -...
OSI Security: Squiz Matrix - User Account Enumeration
Squiz Matrix - User Account Enumeration http://www.osisecurity.com.au/advisories/squiz-matrix-user-enumeration Release Date: 12-Dec-2011 Software: Squiz - Matrix http://www.squiz.net/ "Squiz Matrix delivers highly flexible and robust business integration engine and application development tools. ...
[USN-1296-1] acpid vulnerabilities
========================================================================== Ubuntu Security Notice USN-1296-1 December 08, 2011 acpid vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[USN-1289-1] colord vulnerability
========================================================================== Ubuntu Security Notice USN-1289-1 December 07, 2011 colord vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ACPI scripts privilege escalation
invalid power button events processing, invalid umsk handling...
XSS, SQLi и IL уязвимости в Zeema CMS
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, SQL Injection и Information Leakage уязвимостях в системе Zeema CMS. Это украинская коммерческая CMS. XSS WASC-08: http://site/counter/?act=ip&ipaddr=3Cp20style=-moz-binding:urlhttp://websecurity.com.ua/webtools/xss.xml23xss3...
Dovecot insufficient SSL certificates validation
Insuficcient certificate validation if used as an SSL proxy...
Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress pretty-link plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. ISlamic Republic Of IRan Security Team http://irist.ir/forum/ Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities...
DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection
Title ----- DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection Severity -------- High Date Discovered --------------- November 18, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: sxkeebler and r@b13$ Vulnerability Description...
WinAmp integer overflows
Different integer overflows in AVI parsing...
Meditate Web Content Editor 'username_input' SQL-Injection vulnerability
Advisory: Meditate Web Content Editor 'usernameinput' SQL-Injection vulnerability Advisory ID: SSCHADV2011-039 Author: Stefan Schurtz Affected Software: Successfully tested on Meditate 1.2 Vendor URL: http://www.arlomedia.com/ Vendor Status: fixed ========================== Vulnerability...
[DCA-2011-0014] - Elxis CMS Cross Site Script
Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Elxis CMS Vendor Product Description - Elxis is powerful open source content management system CMS released for free under the GNU/GPL license. It has unique multi-lingual features, it follows W3C...
Vulnerabilities in D-Link DAP 1150
Hello 3APA3A! I want to warn you about security vulnerabilities in D-Link DAP 1150 WiFi Access Point and Router. These are Predictable Resource Location, Brute Force and Cross-Site Request Forgery vulnerabilities. This is my second advisory from series of advisories about vulnerabilities in D-Lin...
Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities
====================================================================== Secunia Research 12/12/2011 - Winamp AVI Processing Two Integer Overflow Vulnerabilities - ====================================================================== Table of Contents Affected...
colord SQL injection
No description provided...
[USN-1293-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1293-1 December 08, 2011 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Linux kernel multiple security vulnerabilities
Multiple vulnerabilities in file systems implementations...
ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-341 December 7, 2011 - -- CVE ID: CVE-2011-3319 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors:...
0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11
================ Privilege escalation vulnerability in HP Application Lifestyle Management ALM Platform v11 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ The HP Application Lifestyle Management...
ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-344 December 7, 2011 - -- CVE ID: CVE-2011-4253 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-343 December 7, 2011 - -- CVE ID: CVE2011-4260 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
Novell ZENworks Asset Management directory traversal
Directory traversal on file upload...
AST-2011-014: Remote crash possibility with SIP and the "automon" feature enabled
Asterisk Project Security Advisory - AST-2011-014 Product Asterisk Summary Remote crash possibility with SIP and the "automon" feature enabled Nature of Advisory Remote crash vulnerability in a feature that is disabled by default Susceptibility Remote unauthenticated sessions Severity Moderate...
CA20111208-01: Security Notice for CA SiteMinder
CA20111208-01: Security Notice for CA SiteMinder Issued: December 08, 2011 CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting XSS attack. CA Technologies has issued...
ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-340 December 7, 2011 - -- CVE ID: CVE-2011-3248 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
CA SiteMidner crossite scripting
login.fcc crossite scripting...
[SECURITY] [DSA 2361-1] chasen security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2361-1 [email protected] http://www.debian.org/security/ Florian Weimer December 07, 2011 http://www.debian.org/security/faq -...
Vulnerabilities in D-Link DSL-500T ADSL Router
Hello 3APA3A! I want to warn you about security vulnerabilities in D-Link DSL-500T ADSL Router. These are Predictable Resource Location, Brute Force and Cross-Site Request Forgery vulnerabilities. This is my first advisory from series of advisories about vulnerabilities in D-Link products...
ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-345 December 7, 2011 - -- CVE ID: - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:P/A:C - -- Affected Vendors:...
HTC Touch2 memory corruption
Memory corruption on 3g2 video files processing...
ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-342 December 7, 2011 - -- CVE ID: CVE-2011-2653 - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P - -- Affected Vendors: Nove...
Trend Micro Control Manager buffer overflow
Buffer overflow on TCP/20101 request parsing...
RealNetworks RealPlayer multiple security vulnerabilities
Multiple vulnerabilities on different media formats parsing...
ISC DHCP DoS
Incorrect regular expressions handling...
chasen library buffer overflow
Buffer overflow on text string parsing...
[SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption
Affected Software: HTCVideoPlayer.exe Tested on: HTC Touch2 T3333 - Windows Mobile 6.5 Vulnerability: Memory Corruption Details: HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2...
HP Application Lifestyle Management symbolic links vulnerability
Insecurty temporary files creation...
AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings
Asterisk Project Security Advisory - AST-2011-013 Product Asterisk Summary Possible remote enumeration of SIP endpoints with differing NAT settings Nature of Advisory Unauthorized data disclosure Susceptibility Remote unauthenticated sessions Severity Minor Exploits Known Yes Reported On 2011-07-...
MIT Kerberos 5 DoS
TGS Null pointer dereference. TGS assertion failure...
MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-007 MIT krb5 Security Advisory 2011-007 Original release: 2011-12-06 Last update: 2011-12-06 Topic: KDC null pointer dereference in TGS handling CVE-2011-1530 KDC null pointer dereference in TGS handling CVSSv2 Vector:...
Vulnerabilities in Serv-U 11.1.0.3
Luigi Auriemma Application: Serv-U FTP http://www.serv-u.com Versions: = 11.1.0.3 Platforms: Windows, Linux bug B should affect only some Windows versions Bugs: A sockets and ports consumption B possible access to the management console Exploitation: remote Date: 03 Dec 2011 Author: Luigi Auriemm...
Serv-U FTP server security vulnerabilities
Resource exhaustion, administrative session hijacking...
Multiple HP printers unauthorized access
Remote Firmware Update option is enabled by default and allows to replace firmware via TCP/9100...
Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Hacking Hollywood: The Slides, The Bugs and The Exploits. +------------+ |Introduction| +------------+ At Kiwicon V https://www.kiwicon.org and Ruxcon 2011 http://www.ruxcon.org.au,...