ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-335 November 28, 2011 - -- CVE ID: CVE-2011-4252 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2

SWITCH-CERT SECURITY ADVISORY ============================= Vulnerability: Insecure Implementation of RSA Encryption Affected Products: jCryption, PEAR CryptRSA, PEAR CryptRSA2 Advisory Date: 2011-11-30 Advisory Author: Daniel Roethlisberger, SWITCH-CERT Introduction Web applications using...

ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-338 November 28, 2011 - -- CVE ID: CVE-2011-4258 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-331 November 28, 2011 - -- CVE ID: CVE-2011-4259 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

Vulnerabilities in Siemens Automation License Manager

Luigi Auriemma Application: Siemens Automation License Manager http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&objid=10805384&treeLang=en Versions: = 500.0.122.1 Platforms: Windows Bugs: A Service licensekey serial...

3S CoDeSys multiple security vulnerabilities

Buffer overflow, integer overflow, DoS conditions...

Siemens SIMATIC WinCC flexible multiple security vulnerabilities

HmiLoad and miniweb multiple security vulnerabilities...

MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter

CVE: CVE-2011-4025 Vendor: EllisLab Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3 Vulnerabilities: xssclean filter bypass, leading to Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html 1...

Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2

Luigi Auriemma Application: 3S CoDeSys http://www.3s-software.com/index.shtml?enCoDeSysV3en Versions: = 3.4 SP4 Patch 2 Platforms: Windows Bugs: A GatewayService integer overflow B CmpWebServer stack overflow C CmpWebServer Content-Length NULL pointer D CmpWebServer invalid HTTP request NULL...

Multiple HP printers unauthorized access

Remote Firmware Update option is enabled by default and allows to replace firmware via TCP/9100...

Siemens Automation License Manager multiple security vulnerabilities

Code execution, unauthorized files access, DoS...

ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-333 November 28, 2011 - -- CVE ID: CVE-2011-4250 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affecte...

ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-337 November 28, 2011 - -- CVE ID: CVE-2011-4256 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-336 November 28, 2011 - -- CVE ID: CVE-2011-4255 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...

Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2

Luigi Auriemma Application: Siemens SIMATIC WinCC flexible Runtime http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/Pages/Default.aspx Versions: 2008 SP2 + security patch 1 Platforms: Windows Bugs: A HmiLoad strings sta...

Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Hacking Hollywood: The Slides, The Bugs and The Exploits. +------------+ |Introduction| +------------+ At Kiwicon V https://www.kiwicon.org and Ruxcon 2011 http://www.ruxcon.org.au,...

ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-332 November 28, 2011 - -- CVE ID: CVE-2011-4248 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability

Title : Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability Software : Oxide M0N0X1D3 HTTP Server Software Version : 20040223 Vendor: http://sourceforge.net/projects/oxide-ws/ Vulnerability Published : 2011-11-15 Vulnerability Update Time : Status : Impact : Medium Bug Description : Oxid...

[SECURITY] [DSA 2355-1] clearsilver security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2355-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 30, 2011 http://www.debian.org/security/faq -...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

[security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 1 HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should b...

Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store

Vulnerability ID: HTB23044 Reference: https://www.htbridge.ch/advisory/heapmemorycorruptioninhpdeviceaccessmanagerforprotecttoolsinformationstore.html Product: HP Device Access Manager for Protect Tools Information Store Vendor: Hewlett-Packard Vulnerable Version: Prior to v.6.1.0.1 Tested Versio...

Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress 1-jquery-photo-gallery-slideshow-flash plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities...

Sql injection in SugarCRM

Vulnerability ID: HTB23051 Reference: https://www.htbridge.ch/advisory/sqlinjectioninsugarcrm.html Product: SugarCRM Vendor: SugarCRM Inc. http://www.sugarcrm.com Vulnerable Version: Community Edition 6.3.0RC1 and probably prior Tested Version: Community Edition 6.3.0RC1 Vendor Notification: 05...

Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress skysa-official plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities Download......:...

Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress flash-album-gallery plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Download......:...

Уязвимости в Zeema CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force, Cross-Site Scripting и Full path disclosure уязвимостях в системе Zeema CMS. Это украинская коммерческая CMS. Brute Force WASC-11: http://site/cms/ XSS WASC-08:...

WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities

---------------------------------------------------- WikkaWiki = 1.3.2 Multiple Security Vulnerabilities ---------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom software link.....: http://wikkawiki.org/...

[security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03082368 Version: 1 HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service NOTICE: The information in this Securi...

Ariadne 2.7.6 Multiple XSS vulnerabilities

Advisory: Ariadne 2.7.6 Multiple XSS vulnerabilities Advisory ID: SSCHADV2011-038 Author: Stefan Schurtz Affected Software: Successfully tested on Ariadne 2.7.6 Vendor URL: http://www.ariadne-cms.org/ Vendor Status: informed ========================== Vulnerability Description...

[PT-2011-43] Database information disclosure in Kayako Fusion

---------------------------------------------------------------------- PT-2011-43 Positive Technologies Security Advisory Database information disclosure in Kayako Fusion ---------------------------------------------------------------------- --- Vulnerable software Kayako Fusion Link:...

Multiple vulnerabilities in RoundCube

Hello 3APA3A! I want to warn you about multiple vulnerabilities in RoundCube. These are Brute Force, Content Spoofing, Cross-Site Scripting and Clickjacking vulnerabilities. CS and XSS are in TinyMCE, which is included with RoundCube. ------------------------- Affected products:...

FreeBSD libc code execution

lib/nsscompat.so.1 library in chroot environment is loaded. Vulnerability is used in-the-wild remotely against FTP-servers...

glibc multiple security vulnerabilities

Privilege escalation via shared libraries, fnmatch buffer overflow, DoS conditions, crypt blowfish weak ecnryption implementation...

PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability

Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...

[ MDVSA-2011:178 ] glibc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:178 http://www.mandriva.com/security/ Package : glibc Date : November 25, 2011 Affected: 2010.1, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities was discovered and fixed in glibc: Multipl...

Multiple vulnerabilities in OrangeHRM

Vulnerability ID: HTB23057 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinorangehrm.html Product: OrangeHRM Vendor: OrangeHRM Inc. http://www.orangehrm.com Vulnerable Version: 2.6.11 and probably prior Tested Version: 2.6.11 Vendor Notification: 09 November 2011 Vulnerabilit...

0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10

================ Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple XSS vulnerabilities exist within HP NNMi. In the case of GET...

[security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03091656 Version: 1 HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access NOTICE: The information in this Security...

NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution

High Risk Vulnerability in FFmpeg 23 November 2011 Phillip Langlois of NGS Secure has discovered a High risk vulnerability in FFmpeg Impact: Remote code execution Versions affected include: FFmpeg 0.7.8 This issue is addressed in v 0.7.8 and v0.8.7, which can be downloaded at:...

AdaptCMS 2.x SQL Injection Vulnerability

========================================================================= AdaptCMS 2.x SQL Injection Vulnerability =========================================================================...

CMS Balitbang 3.x SQL Injection Vulnerability

========================================================================= CMS Balitbang 3.x SQL Injection Vulnerability ========================================================================= :-----------------------------------------------------------...

Wordpress adminimize Plugin Vulnerabilities

a bug in Wordpress adminimize Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir Wordpress adminimize.1.7.21 Plugin Cross-Site Scripting Vulnerabilities Download......: http://wordpress.org/extend/plugins/adminimize/...

[USN-1268-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1268-1 November 21, 2011 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Multiple vulnerabilities in Dolibarr

Vulnerability ID: HTB23056 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesindolibarr.html Product: Dolibarr Vendor: Dolibarr foundation http://www.dolibarr.org/ Vulnerable Version: 3.1.0 RC and probably prior Tested Version: 3.1.0 RC Vendor Notification: 02 November 2011...

[SECURITY] [DSA 2349-1] spip security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2349-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 19, 2011 http://www.debian.org/security/faq -...

OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Scripting Vulnerabilities

The OWASP Academy-Portal is proud to announce the first free online OWASP TOP 10 security lab based on Hacking-Lab.com! Hacking-Lab is supporting the OWASP mission and made their online training environment available for OWASP on free-to-use basis! The Hacking-Lab is not just a common "hackme"...

NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution

High Risk Vulnerability in FFmpeg 23 November 2011 Phillip Langlois of NGS Secure has discovered a High risk vulnerability in FFmpeg Impact: Remote code execution Versions affected include: FFmpeg 0.7.8 This issue is addressed in v 0.7.8 and v0.8.7, which can be downloaded at:...

NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution

High Risk Vulnerability in FFmpeg 23 November 2011 Phillip Langlois of NGS Secure has discovered a High risk vulnerability in FFmpeg Impact: Remote code execution Versions affected include: FFmpeg 0.7.8 This issue is addressed in v0.7.8 and v0.8.7, which can be downloaded at:...

[SECURITY] [DSA 2352-1] puppet security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2352-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 22, 2011 http://www.debian.org/security/faq -...