47153 matches found
Vulnerabilities in Siemens Automation License Manager
Luigi Auriemma Application: Siemens Automation License Manager http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&objid=10805384&treeLang=en Versions: = 500.0.122.1 Platforms: Windows Bugs: A Service licensekey serial...
Siemens SIMATIC WinCC flexible multiple security vulnerabilities
HmiLoad and miniweb multiple security vulnerabilities...
ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-332 November 28, 2011 - -- CVE ID: CVE-2011-4248 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-335 November 28, 2011 - -- CVE ID: CVE-2011-4252 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-334 November 28, 2011 - -- CVE ID: CVE-2011-4251 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2
Luigi Auriemma Application: 3S CoDeSys http://www.3s-software.com/index.shtml?enCoDeSysV3en Versions: = 3.4 SP4 Patch 2 Platforms: Windows Bugs: A GatewayService integer overflow B CmpWebServer stack overflow C CmpWebServer Content-Length NULL pointer D CmpWebServer invalid HTTP request NULL...
ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-331 November 28, 2011 - -- CVE ID: CVE-2011-4259 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-337 November 28, 2011 - -- CVE ID: CVE-2011-4256 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
Siemens Automation License Manager multiple security vulnerabilities
Code execution, unauthorized files access, DoS...
Oxide M0N0X1D3 HTTP server directory traversal
There are multiple weays to download arbitrary files...
ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-338 November 28, 2011 - -- CVE ID: CVE-2011-4258 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-336 November 28, 2011 - -- CVE ID: CVE-2011-4255 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
3S CoDeSys multiple security vulnerabilities
Buffer overflow, integer overflow, DoS conditions...
Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability
Title : Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability Software : Oxide M0N0X1D3 HTTP Server Software Version : 20040223 Vendor: http://sourceforge.net/projects/oxide-ws/ Vulnerability Published : 2011-11-15 Vulnerability Update Time : Status : Impact : Medium Bug Description : Oxid...
[SECURITY] [DSA 2355-1] clearsilver security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2355-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 30, 2011 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2
SWITCH-CERT SECURITY ADVISORY ============================= Vulnerability: Insecure Implementation of RSA Encryption Affected Products: jCryption, PEAR CryptRSA, PEAR CryptRSA2 Advisory Date: 2011-11-30 Advisory Author: Daniel Roethlisberger, SWITCH-CERT Introduction Web applications using...
Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2
Luigi Auriemma Application: Siemens SIMATIC WinCC flexible Runtime http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/Pages/Default.aspx Versions: 2008 SP2 + security patch 1 Platforms: Windows Bugs: A HmiLoad strings sta...
ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-333 November 28, 2011 - -- CVE ID: CVE-2011-4250 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affecte...
MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter
CVE: CVE-2011-4025 Vendor: EllisLab Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3 Vulnerabilities: xssclean filter bypass, leading to Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html 1...
[security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 1 HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should b...
Multiple vulnerabilities in OrangeHRM
Vulnerability ID: HTB23057 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinorangehrm.html Product: OrangeHRM Vendor: OrangeHRM Inc. http://www.orangehrm.com Vulnerable Version: 2.6.11 and probably prior Tested Version: 2.6.11 Vendor Notification: 09 November 2011 Vulnerabilit...
Уязвимости в Zeema CMS
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force, Cross-Site Scripting и Full path disclosure уязвимостях в системе Zeema CMS. Это украинская коммерческая CMS. Brute Force WASC-11: http://site/cms/ XSS WASC-08:...
Ariadne 2.7.6 Multiple XSS vulnerabilities
Advisory: Ariadne 2.7.6 Multiple XSS vulnerabilities Advisory ID: SSCHADV2011-038 Author: Stefan Schurtz Affected Software: Successfully tested on Ariadne 2.7.6 Vendor URL: http://www.ariadne-cms.org/ Vendor Status: informed ========================== Vulnerability Description...
Multiple vulnerabilities in RoundCube
Hello 3APA3A! I want to warn you about multiple vulnerabilities in RoundCube. These are Brute Force, Content Spoofing, Cross-Site Scripting and Clickjacking vulnerabilities. CS and XSS are in TinyMCE, which is included with RoundCube. ------------------------- Affected products:...
Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress 1-jquery-photo-gallery-slideshow-flash plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities...
Sql injection in SugarCRM
Vulnerability ID: HTB23051 Reference: https://www.htbridge.ch/advisory/sqlinjectioninsugarcrm.html Product: SugarCRM Vendor: SugarCRM Inc. http://www.sugarcrm.com Vulnerable Version: Community Edition 6.3.0RC1 and probably prior Tested Version: Community Edition 6.3.0RC1 Vendor Notification: 05...
[security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03082368 Version: 1 HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service NOTICE: The information in this Securi...
[ MDVSA-2011:178 ] glibc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:178 http://www.mandriva.com/security/ Package : glibc Date : November 25, 2011 Affected: 2010.1, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities was discovered and fixed in glibc: Multipl...
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
---------------------------------------------------- WikkaWiki = 1.3.2 Multiple Security Vulnerabilities ---------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom software link.....: http://wikkawiki.org/...
Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress flash-album-gallery plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Download......:...
[PT-2011-43] Database information disclosure in Kayako Fusion
---------------------------------------------------------------------- PT-2011-43 Positive Technologies Security Advisory Database information disclosure in Kayako Fusion ---------------------------------------------------------------------- --- Vulnerable software Kayako Fusion Link:...
Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store
Vulnerability ID: HTB23044 Reference: https://www.htbridge.ch/advisory/heapmemorycorruptioninhpdeviceaccessmanagerforprotecttoolsinformationstore.html Product: HP Device Access Manager for Protect Tools Information Store Vendor: Hewlett-Packard Vulnerable Version: Prior to v.6.1.0.1 Tested Versio...
glibc multiple security vulnerabilities
Privilege escalation via shared libraries, fnmatch buffer overflow, DoS conditions, crypt blowfish weak ecnryption implementation...
Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress skysa-official plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities Download......:...
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...
FreeBSD libc code execution
lib/nsscompat.so.1 library in chroot environment is loaded. Vulnerability is used in-the-wild remotely against FTP-servers...
Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress alert-before-your-post Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities Download......:...
NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution
High Risk Vulnerability in FFmpeg 23 November 2011 Phillip Langlois of NGS Secure has discovered a High risk vulnerability in FFmpeg Impact: Remote code execution Versions affected include: FFmpeg 0.7.8 This issue is addressed in v 0.7.8 and v0.8.7, which can be downloaded at:...
Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress featurific-for-wordpress plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Www.Aria-security.com/forum/ Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Download......: Download......:...
Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications
Hello 3APA3A! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is...
ldns buffer overflow
Buffer overflow on records parsing...
[SECURITY] [DSA 2353-1] ldns security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2353-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2011 http://www.debian.org/security/faq -...
0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10
================ Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple XSS vulnerabilities exist within HP NNMi. In the case of GET...
[security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03091656 Version: 1 HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access NOTICE: The information in this Security...
Blogs manager <= 1.101 SQL Injection Vulnerability
Dear all, I have found a SQL injection vulnerability in Blogs manager = 1.101 It seems to be version 1.101 as you can see in the files section of sourceforge. I reported the vulnerability to the vendor but no response as stated in the advisory. Best, muuratsalo -- ADVISORY --...
[SECURITY] [DSA 2352-1] puppet security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2352-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 22, 2011 http://www.debian.org/security/faq -...
[USN-1273-1] Pidgin vulnerabilities
========================================================================== Ubuntu Security Notice USN-1273-1 November 21, 2011 pidgin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
HP Integrated Lights-Out unauthorized access
Unauthorized access if HP Directories Support is used...
[USN-1270-1] Software Center vulnerability
========================================================================== Ubuntu Security Notice USN-1270-1 November 21, 2011 software-center vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...