47153 matches found
HP Operations Agent / HP Performance Agent unauthorized access
No description provided...
Software Center certificate spoofing
insufficient check for server certificates...
MaraDNS buffer overflow
Buffer overflow on request parsing...
NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution
High Risk Vulnerability in FFmpeg 23 November 2011 Phillip Langlois of NGS Secure has discovered a High risk vulnerability in FFmpeg Impact: Remote code execution Versions affected include: FFmpeg 0.7.8 This issue is addressed in v 0.7.8 and v0.8.7, which can be downloaded at:...
Multiple vulnerabilities in Dolibarr
Vulnerability ID: HTB23056 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesindolibarr.html Product: Dolibarr Vendor: Dolibarr foundation http://www.dolibarr.org/ Vulnerable Version: 3.1.0 RC and probably prior Tested Version: 3.1.0 RC Vendor Notification: 02 November 2011...
NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution
High Risk Vulnerability in FFmpeg 23 November 2011 Phillip Langlois of NGS Secure has discovered a High risk vulnerability in FFmpeg Impact: Remote code execution Versions affected include: FFmpeg 0.7.8 This issue is addressed in v0.7.8 and v0.8.7, which can be downloaded at:...
PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability
------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...
Linux kernel multiple security vulnerabilities
Multiple DoS conditions...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress meenews 5.1 plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Aria Security Team - Persian Network Security http://Aria-Security.Com/forum/ Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities Download......:...
Valid tiny-erp <= 1.6 SQL Injection Vulnerability
Dear all, I have found a SQL injection vulnerability in Valid tiny-erp = 1.6. It seems to be version 1.6 as you can see in the 'project' section of www.valid.gr. Anyway there is not any specific number version in the sourceforge page. I reported the vulnerability to the vendor but no response as...
CMS Balitbang 3.x SQL Injection Vulnerability
========================================================================= CMS Balitbang 3.x SQL Injection Vulnerability ========================================================================= :-----------------------------------------------------------...
HP-UX System Administration Manager privilege escalation
No description provided...
freetype library multiple security vulnerabilities
Memory corruptions on fonts parsing...
icomex cms (Content Management Solutions) sql injection vulnerability
Exploit Title: icomex cms sql injection vulnerability Author : XaDaL Link : http://www.icomex.com/ Tested on : windows google dork : This site is powered by Content Management Systems from icomex === POC === =x= http://site/html/Home.htm?articleid=SQL =x= http://site/html/services.htm?articleid=S...
ffmpeg library multiple security vulnerabilities
Memory corruption on MKV and AVS/CAVS containers parsing...
[USN-1268-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1268-1 November 21, 2011 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Wordpress enable-latex plugin Remote File Include Vulnerabilities
a bug in Wordpress enable-latex plugin that allows to us to occur a Remote File Include on a Remote machin. Aria Security Team - Persian Network Security http://Aria-Security.Com/forum/ Wordpress enable-latex plugin Remote File Include Vulnerabilities Download......:...
Wordpress adminimize Plugin Vulnerabilities
a bug in Wordpress adminimize Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir Wordpress adminimize.1.7.21 Plugin Cross-Site Scripting Vulnerabilities Download......: http://wordpress.org/extend/plugins/adminimize/...
wordpress Lanoba Social Plugin Xss Vulnerabilities
a bug in wordpress Lanoba Social Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir wordpress Lanoba Social Plugin Xss Vulnerabilities Download......: wordpress.org/extend/plugins/lanoba-social-plugin/...
Wordpress advanced-text-widget Plugin Vulnerabilities
a bug in Wordpress advanced-text-widget Plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir Wordpress advanced-text-widget Plugin Cross-Site Scripting Vulnerabilities Download......:...
[security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03089106 Version: 2 HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager SAM, Local Increase in Privilege NOTICE: The information in this Security Bulletin should be acted...
[USN-1281-1] Linux (OMAP4) vulnerabilities
========================================================================== Ubuntu Security Notice USN-1281-1 November 24, 2011 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
[SECURITY] [DSA 2349-1] spip security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2349-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 19, 2011 http://www.debian.org/security/faq -...
Google Сhrome multiple security vulnerabilities
Code execution, privilege escalation, DoS...
OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Scripting Vulnerabilities
The OWASP Academy-Portal is proud to announce the first free online OWASP TOP 10 security lab based on Hacking-Lab.com! Hacking-Lab is supporting the OWASP mission and made their online training environment available for OWASP on free-to-use basis! The Hacking-Lab is not just a common "hackme"...
Puppet multiple security vulnerabilities
Multiple file overwrite vulnerabilities, certificates spooging...
[security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03082086 Version: 1 HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon ...
[security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03082006 Version: 1 HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access NOTICE: The information i...
HP StorageWorks P4000 code execution
No description provided...
HP Network Node Manager i multiple security vulnerabilities
Crossite scripting, unauthorized access, information disclosure...
AdaptCMS 2.x SQL Injection Vulnerability
========================================================================= AdaptCMS 2.x SQL Injection Vulnerability =========================================================================...
Freelancer calendar <= 1.01 SQL Injection Vulnerability
Dear all, I have found multiple a SQL injection vulnerability in Freelancer calendar = 1.01. It seems to be version 1.01 as you can see in the 'Files' section of the Sourceforge page. I reported the vulnerability to the vendor but no response as stated in the advisory. Best, muuratsalo -- ADVISOR...
Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities
a bug in Wordpress clickdesk-live-support-chat plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Www.Aria-security.com/forum/ Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities Download......:...
Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability
Support Incident Tracker = 3.65 translate.php Remote Code Execution Vulnerability author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom software link........: http://sitracker.org/ affected versions....: from 3.45 to 3.65 - vulnerable code in /translate.php 23...
TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181
TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 Published: 2011/11/16 Version 1.0 Affected products: iTop version 1.1.181, 1.2.0-RC-282 maybe earlier versions as well http://sourceforge.net/projects/itop/ References: CVE-2011-4275 - Multiple web-vulnerabilities in iTop...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Crossite scripting, code execution, memory corruptions, information leakage...
Mozilla Foundation Security Advisory 2011-48
Mozilla Foundation Security Advisory 2011-48 Title: Miscellaneous memory safety hazards rv:8.0 Impact: Critical Announced: November 8, 2011 Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Mozilla developers fixed several memory safety bugs in the browser engine us...
Mozilla Foundation Security Advisory 2011-46
Mozilla Foundation Security Advisory 2011-46 Title: loadSubScript unwraps XPCNativeWrapper scope parameter 1.9.2 branch Impact: Critical Announced: November 8, 2011 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 3.6.24 Thunderbird 3.1.16 Description Mozilla security research...
Mozilla Foundation Security Advisory 2011-47
Mozilla Foundation Security Advisory 2011-47 Title: Potential XSS against sites using Shift-JIS Impact: High Announced: November 8, 2011 Reporter: Yosuke Hasegawa Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Yosuke Hasegawa...
Mozilla Foundation Security Advisory 2011-51
Mozilla Foundation Security Advisory 2011-51 Title: Cross-origin image theft on Mac with integrated Intel GPU Impact: High Announced: November 8, 2011 Reporter: Claus Wahlers Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Claus Wahlers reported that random images...
Mozilla Foundation Security Advisory 2011-50
Mozilla Foundation Security Advisory 2011-50 Title: Cross-origin data theft using canvas and Windows D2D Impact: High Announced: November 8, 2011 Reporter: Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Mozilla developer Bas Schouten reported that the introductio...
Mozilla Foundation Security Advisory 2011-49
Mozilla Foundation Security Advisory 2011-49 Title: Memory corruption while profiling using Firebug Impact: Critical Announced: November 8, 2011 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Marc...
Mozilla Foundation Security Advisory 2011-52
Mozilla Foundation Security Advisory 2011-52 Title: Code execution via NoWaiverWrapper Impact: Critical Announced: November 8, 2011 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Mozilla security researcher mozbugra4 reported that an internal...
CA20111116-01: Security Notice for CA Directory
-----BEGIN PGP SIGNED MESSAGE----- CA20111116-01: Security Notice for CA Directory Issued: November 16, 2011 CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition...
iGuard Biometric Access Control - Multiple Vulnerabilities
Title: ====== iGuard Biometric Access Control - Multiple Vulnerabilities Date: ===== 2011-11-08 References: =========== 2011/Q3-4 URL: http://vulnerability-lab.com/getcontent.php?id=104 VL-ID: ===== 104 Introduction: ============= Each iGuard Biometric / Smart Card Security Appliance has a built-...
OpenTTD DoS
Multiple DoS conditions...
IL, DoS и FPD уязвимости в Adobe ColdFusion
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых уязвимостях в Adobe ColdFusion. Это Information Leakage, Denial of Service и Full path disclosure уязвимости. Information Leakage WASC-13: http://site/CFIDE/componentutils/packagelist.cfm Утечка списка всех компонентов установленных на серве...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
iGuard Biometric Access Control multiples security
No description provided...