Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications

Hello 3APA3A! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is...

Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress alert-before-your-post Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities Download......:...

Google Сhrome multiple security vulnerabilities

Code execution, privilege escalation, DoS...

wordpress Lanoba Social Plugin Xss Vulnerabilities

a bug in wordpress Lanoba Social Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir wordpress Lanoba Social Plugin Xss Vulnerabilities Download......: wordpress.org/extend/plugins/lanoba-social-plugin/...

Wordpress advanced-text-widget Plugin Vulnerabilities

a bug in Wordpress advanced-text-widget Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir Wordpress advanced-text-widget Plugin Cross-Site Scripting Vulnerabilities Download......:...

freetype library multiple security vulnerabilities

Memory corruptions on fonts parsing...

HP Network Node Manager i multiple security vulnerabilities

Crossite scripting, unauthorized access, information disclosure...

ffmpeg library multiple security vulnerabilities

Memory corruption on MKV and AVS/CAVS containers parsing...

HP Operations Agent / HP Performance Agent unauthorized access

No description provided...

[security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03082086 Version: 1 HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon ...

[security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03082006 Version: 1 HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access NOTICE: The information i...

HP Integrated Lights-Out unauthorized access

Unauthorized access if HP Directories Support is used...

Software Center certificate spoofing

insufficient check for server certificates...

Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability

Support Incident Tracker = 3.65 translate.php Remote Code Execution Vulnerability author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom software link........: http://sitracker.org/ affected versions....: from 3.45 to 3.65 - vulnerable code in /translate.php 23...

Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress clickdesk-live-support-chat plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Www.Aria-security.com/forum/ Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities Download......:...

[SECURITY] [DSA 2353-1] ldns security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2353-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2011 http://www.debian.org/security/faq -...

Linux kernel multiple security vulnerabilities

Multiple DoS conditions...

Puppet multiple security vulnerabilities

Multiple file overwrite vulnerabilities, certificates spooging...

Freelancer calendar <= 1.01 SQL Injection Vulnerability

Dear all, I have found multiple a SQL injection vulnerability in Freelancer calendar = 1.01. It seems to be version 1.01 as you can see in the 'Files' section of the Sourceforge page. I reported the vulnerability to the vendor but no response as stated in the advisory. Best, muuratsalo -- ADVISOR...

TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181

TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 Published: 2011/11/16 Version 1.0 Affected products: iTop version 1.1.181, 1.2.0-RC-282 maybe earlier versions as well http://sourceforge.net/projects/itop/ References: CVE-2011-4275 - Multiple web-vulnerabilities in iTop...

Wordpress enable-latex plugin Remote File Include Vulnerabilities

a bug in Wordpress enable-latex plugin that allows to us to occur a Remote File Include on a Remote machin. Aria Security Team - Persian Network Security http://Aria-Security.Com/forum/ Wordpress enable-latex plugin Remote File Include Vulnerabilities Download......:...

HP-UX System Administration Manager privilege escalation

No description provided...

Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress meenews 5.1 plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Aria Security Team - Persian Network Security http://Aria-Security.Com/forum/ Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities Download......:...

ldns buffer overflow

Buffer overflow on records parsing...

Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress featurific-for-wordpress plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Www.Aria-security.com/forum/ Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Download......: Download......:...

[USN-1281-1] Linux (OMAP4) vulnerabilities

========================================================================== Ubuntu Security Notice USN-1281-1 November 24, 2011 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

MaraDNS buffer overflow

Buffer overflow on request parsing...

[USN-1270-1] Software Center vulnerability

========================================================================== Ubuntu Security Notice USN-1270-1 November 21, 2011 software-center vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

Blogs manager <= 1.101 SQL Injection Vulnerability

Dear all, I have found a SQL injection vulnerability in Blogs manager = 1.101 It seems to be version 1.101 as you can see in the files section of sourceforge. I reported the vulnerability to the vendor but no response as stated in the advisory. Best, muuratsalo -- ADVISORY --...

[USN-1273-1] Pidgin vulnerabilities

========================================================================== Ubuntu Security Notice USN-1273-1 November 21, 2011 pidgin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

HP StorageWorks P4000 code execution

No description provided...

Valid tiny-erp <= 1.6 SQL Injection Vulnerability

Dear all, I have found a SQL injection vulnerability in Valid tiny-erp = 1.6. It seems to be version 1.6 as you can see in the 'project' section of www.valid.gr. Anyway there is not any specific number version in the sourceforge page. I reported the vulnerability to the vendor but no response as...

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability

------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

icomex cms (Content Management Solutions) sql injection vulnerability

Exploit Title: icomex cms sql injection vulnerability Author : XaDaL Link : http://www.icomex.com/ Tested on : windows google dork : This site is powered by Content Management Systems from icomex === POC === =x= http://site/html/Home.htm?articleid=SQL =x= http://site/html/services.htm?articleid=S...

[security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03089106 Version: 2 HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager SAM, Local Increase in Privilege NOTICE: The information in this Security Bulletin should be acted...

Mozilla Foundation Security Advisory 2011-50

Mozilla Foundation Security Advisory 2011-50 Title: Cross-origin data theft using canvas and Windows D2D Impact: High Announced: November 8, 2011 Reporter: Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Mozilla developer Bas Schouten reported that the introductio...

Mozilla Foundation Security Advisory 2011-47

Mozilla Foundation Security Advisory 2011-47 Title: Potential XSS against sites using Shift-JIS Impact: High Announced: November 8, 2011 Reporter: Yosuke Hasegawa Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Yosuke Hasegawa...

Mozilla Foundation Security Advisory 2011-51

Mozilla Foundation Security Advisory 2011-51 Title: Cross-origin image theft on Mac with integrated Intel GPU Impact: High Announced: November 8, 2011 Reporter: Claus Wahlers Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Claus Wahlers reported that random images...

Mozilla Foundation Security Advisory 2011-52

Mozilla Foundation Security Advisory 2011-52 Title: Code execution via NoWaiverWrapper Impact: Critical Announced: November 8, 2011 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Mozilla security researcher mozbugra4 reported that an internal...

Mozilla Foundation Security Advisory 2011-49

Mozilla Foundation Security Advisory 2011-49 Title: Memory corruption while profiling using Firebug Impact: Critical Announced: November 8, 2011 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Marc...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Crossite scripting, code execution, memory corruptions, information leakage...

Mozilla Foundation Security Advisory 2011-48

Mozilla Foundation Security Advisory 2011-48 Title: Miscellaneous memory safety hazards rv:8.0 Impact: Critical Announced: November 8, 2011 Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Mozilla developers fixed several memory safety bugs in the browser engine us...

Mozilla Foundation Security Advisory 2011-46

Mozilla Foundation Security Advisory 2011-46 Title: loadSubScript unwraps XPCNativeWrapper scope parameter 1.9.2 branch Impact: Critical Announced: November 8, 2011 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 3.6.24 Thunderbird 3.1.16 Description Mozilla security research...

Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Vulnerability

Wordpress Zingiri Web Shop Plugin = 2.2.3 Remote Code Execution Vulnerability author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom software link........: http://wordpress.org/extend/plugins/zingiri-web-shop/ affected versions....: from 0.9.12 to 2.2.3 -...

Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error Advisory ID: cisco-sa-20111109-telepresence-c-ex-series Revision 1.0 For Public Release 2011 November 9 16:00 UTC GMT...

Tiki Wiki CMS Groupware Multiple XSS vulnerabilities

Advisory: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities Advisory ID: INFOSERVE-ADV2011-01 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Tiki 7.2 & 8.0 RC1 Vendor URL: http://info.tiki.org/ Vendor Status: fixed for Tiki 7 New Tiki 6 LTS...

CA20111116-01: Security Notice for CA Directory

-----BEGIN PGP SIGNED MESSAGE----- CA20111116-01: Security Notice for CA Directory Issued: November 16, 2011 CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition...

FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability

FreeWebshop = 2.2.9 R2 ajaxsavename.php Remote Code Execution Vulnerability author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom software link........: http://www.freewebshop.org/ affected versions....: from 0.9.12 to 2.2.3 - vulnerable code in...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...