47153 matches found
XSS vulnerability in Joomla 1.6.3
Information -------------------- Name : XSS vulnerability in Joomla 1.6.3. Software : All 1.6.x installs prior to and including 1.6.3 are affected. Vendor Hompeage : http://www.joomla.org Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut at mavitunasecurity...
DVR Remote ActiveX code execution
It's possible to load dynamic library via DVRobot.DLL...
ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-330 November 16, 2011 - -- CVE ID: CVE-2011-4051 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...
New XSS vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites
Hello 3APA3A! I want to warn you about new Cross-Site Scripting vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites. Earlier I wrote about XSS vulnerability in WP-Cumulus, which I've disclosed in 2009 http://securityvulns.com/Wdocument842.html, and many...
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability
FreeWebshop = 2.2.9 R2 ajaxsavename.php Remote Code Execution Vulnerability author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom software link........: http://www.freewebshop.org/ affected versions....: from 0.9.12 to 2.2.3 - vulnerable code in...
Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error Advisory ID: cisco-sa-20111109-telepresence-c-ex-series Revision 1.0 For Public Release 2011 November 9 16:00 UTC GMT...
wordpress Flexible Custom Post Type plugin Xss Vulnerabilities
a bug in wordpress Flexible Custom Post Type plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Download......:...
[security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03035744 Version: 1 HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security...
Multiple vulnerabilities in webERP
Vulnerability ID: HTB23055 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinweberp.html Product: webERP Vendor: www.weberp.org http://www.weberp.org Vulnerable Version: 4.05 and probably prior Tested Version: 4.05 Vendor Notification: 26 October 2011 Vulnerability Type: XSS, S...
[FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities
============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2011-004 - Original release date: November 10, 2011 - Discovered by: Jose Carlos de Arriba - Senior Security Analyst at Foreground Security - Contact: jcarriba at foregroundsecurity dot com, dade a...
Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus
Vulnerability ID: VRPTH-2011-001 Reference: http://jameswebb.me/vulns/vrpth-2011-001.txt Vulnerability Summary ====================== Non-persistent XSS in Zoho ManageEngine ADSelfService Plus Test Environment ================= Windows 2008RC2 fully patched. ManageEngine ADSelfServicePlus version...
[ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 201111-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
ProFTPD memory corruption
Use after free...
[ GLSA 201111-04 ] phpDocumentor: Function call injection
Gentoo Linux Security Advisory GLSA 201111-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
Advisory: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities Advisory ID: INFOSERVE-ADV2011-01 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Tiki 7.2 & 8.0 RC1 Vendor URL: http://info.tiki.org/ Vendor Status: fixed for Tiki 7 New Tiki 6 LTS...
Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability
====================================================================== Secunia Research 17/11/2011 - DVR Remote ActiveX Control DVRobot Library Loading Vulnerability - ====================================================================== Table of Contents Affected...
[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 2 HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...
ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-329 November 16, 2011 - -- CVE ID: CVE-2011-4052 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...
InduSoft WebStudio ActiveX buffer overflow
Different ActiveX methods buffer overflows...
[security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02788734 Version: 2 HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access NOTICE: The information in this Security...
[SECURITY] [DSA 2346-1] proftpd-dfsg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2346-1 [email protected] http://www.debian.org/security/ Florian Weimer November 15, 2011 http://www.debian.org/security/faq -...
CA Directory buffer overflow
Buffer overflow on SNMP-packet parsing...
CA20111116-01: Security Notice for CA Directory
-----BEGIN PGP SIGNED MESSAGE----- CA20111116-01: Security Notice for CA Directory Issued: November 16, 2011 CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition...
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability
DSECRG-11-038 SAP RSTXSCRP report - smb relay vulnerability SAP RSTXSCRP Report has path traversal vulnerability which can lead to SMB relay attack and full control on system. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: Path traversal, SMBRelay...
[DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS
SAP NetWeaver JavaMailExamples has linked XSS vulnerability. Digital Security Research Group DSecRG Advisory Internal DSecRG-00135 Application: SAP NetWeaver Versions Affected: SAP NetWeaver JavaMailExamples Vendor URL: http://www.SAP.com Bugs: XSS Exploits: YES Reported: 11.05.2010 Vendor...
[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering)
DSECRG-11-041 SAP NetWeaver - Authentication bypass Verb Tampering Authentication bypass vulnerability in SAP NetWeaver CTC service can be exploited for unauthorized user management and OS command execution. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.co...
system-config-printer content spoofing
Unsafe conneciton is used to download drivers...
SAP Crystal Report Server crossite scripting
Crossite scripting in pubDBLogon/...
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
DSECRG-11-031 SAP RFC EPSDELETEFILE - Authorisation bypass, smbrelay Security vulnerability was founded in sap EPSDELETEFILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack. Digital Security Research Group...
[USN-1264-1] Bind vulnerability
========================================================================== Ubuntu Security Notice USN-1264-1 November 16, 2011 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-1265-1] system-config-printer vulnerability
========================================================================== Ubuntu Security Notice USN-1265-1 November 17, 2011 system-config-printer vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
OpenLDAP buffer overflow
Off-by-one overflow on LDIF parsing...
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
DSECRG-11-032 SAP NetWeaver ipcpricing - information disclose com.sap.ipc.webapp.ipcpricing application has information disclose vulnerability Digital Security Research Group DSecRG Advisory DSECRG-11-032 Internal DSecRG-00197 Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL...
bind DNS server DoS
Crash on packet parsing...
[USN-1266-1] OpenLDAP vulnerability
========================================================================== Ubuntu Security Notice USN-1266-1 November 17, 2011 openldap vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[DSECRG-11-037] SAP BW Doc - Multiple XSS
DSECRG-11-037 SAP BW Doc - Multiple XSS BW DOC metadata application in SAP NetWeaver is vulnerable to XSS attack. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: XSS Reported: 14.03.2011 Vendor response: 16.03.2011 Date of Public Advisory: 11.11.20...
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability
DSECRG-11-033 SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability XSS vulnerability found in pubDBLogon.jsp page of SAP Crystal Report Server 2008. Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Linked...
[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW)
DSECRG-11-039 SAP NetWeaver THGREP module - Code injection vulnerability NEW THGREP report is vulnerable for command execution vulnerability which is working with previous patch note 1433101. Remote OS command execution is possible Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendo...
SAP NetWeaver multiple security vulnerabilities
Authentication bypass, crosste scripting, code injection, information leakage...
[DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS
DSECRG-11-036 SAP NetWaver Virus Scan Interface - multiple XSS SAP Netweaver Virus Scan Interface has linked XSS vulnerabilities. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: XSS Reported: 01.04.2010 Vendor response: 08.04.2010 Date of Public...
[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose
DSECRG-11-034 SAP NetWeaver J2EE MeSync – information disclose Attacker can get information about mobile engine version and sometimes the name of the technical user. Application: SAP NetWeaver Versions Affected: SAP NetWeaver MI 2 Vendor URL: http://www.SAP.com Bugs: information disclosure...
[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation
DSECRG-11-040 SAP NetWeaver SPML - XML CSRF user creation Attacker can create a new user in J2EE Engine using CSRF attack on SPML service. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: CSRF Reported: 14.03.2011 Vendor response: 15.03.2011 Date of...
Jetty Web server / VMware vCenter directory traversal
No description provided...
VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2011-0014 Synopsis: VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability Issue date:...
APPLE-SA-2011-11-14-1 iTunes 10.5.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-14-1 iTunes 10.5.1 iTunes 10.5.1 is now available and addresses the following: iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attacker may offer software that appears to...
Apple iTunes insecure updates
Software updtes were checked insecurely...
CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL:...
Apple Mac Os X sandbox protection bypass
It's possible to bypass sandbox restriction by controlling different applications...
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update iOS 5.0.1 Software Update is now available and addresses the following: CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch 3rd...
Apple iPhone multiple security vulnerabilities
URL spoofing, memory corruption, protection bypass...