47153 matches found
ISC DHCP dhclient DHCP client shell unfiltered characters vulnerability
Shell characters vulnerability on server options processing...
Apple iPhone multiple security vulnerabilities
URL spoofing, memory corruption, protection bypass...
Cisco CUCM - Multiple Vulnerabilities
Recurity Labs GmbH http://www.recurity-labs.com [email protected] Date: 08.11.2011 Vendor: Cisco Systems Product: CUCM Environment Cisco Unified Communications Manager CallManager Cisco IP Phone CP-7975G Vulnerability: Directory Traversal Reversible Obfuscation Algorithm SCCP service...
Новые уязвимости в poMMo
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage, Insufficient Anti-automation и Abuse of Functionality уязвимостях в poMMo. Information Leakage WASC-13: После введения емайла на subscribe.php, на странице http://site/pommo/user/process.php выводится pendingcode в качестве...
TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon
Trustwave's SpiderLabs Security Advisory TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt Published: 2011-11-04 Version: 1.0 Vendor: Merethis http://www.merethis.com and http://www.centreon.com Product: Centreon Version...
Multiple security vulnerabilities in AShop
Advisory: Multiple security vulnerabilities in AShop Advisory ID: INFOSERVE-ADV2011-02 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on AShop513 Vendor URL: http://www.ashopsoftware.com/ Vendor Status: fixed in Version 5.1.4 =========================...
LabWiki <= 1.1 Multiple Vulnerabilities
------------------------------------------------------------------------ LabWiki = 1.1 Multiple Vulnerabilities ------------------------------------------------------------------------ author............: muuratsalo Revshell.com contact...........: muuratsaloatgmaildotcom download..........:...
OrderSys <= 1.6.4 Sql Injection Vulnerabilities
Dear All, I have found multiple sql injection vulnerabilities in OrderSys = 1.6.4. The vendor knows the vulnerabilities and he is fixing them as stated in the enclosed advisory. See also http://www.bioinformatics.org/phplabware/labwiki/index.php?page=releasenotes Since the developer is currently...
[CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities
CAL-2011-0054Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities CALID: CAL-2011-0054 CVE ID: CVE-2011-2448 Discover: instruder of code audit labs of vulnhunt.com http://www.adobe.com/support/security/bulletins/apsb11-27.html 1 Affected Products...
Xen multiple security vulnerabilities
Multiple DoS conditions, PCI passthorough privilege escalation...
"Digicert Sdn. Bhd." weak certificates
Few weak certificates were issued by intermediate CA...
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Advisory ID: INFOSERVE-ADV2011-03 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected Vendor URL: http://www.dolibarr.org/ Vendo...
Local file inclusion in VtigerCRM
Vulnerability ID: HTB23054 Reference: https://www.htbridge.ch/advisory/localfileinclusioninvtigercrm.html Product: VtigerCRM Vendor: vtiger.com http://www.vtiger.com Vulnerable Version: 5.2.1 and probably prior Tested Version: 5.2.1 Vendor Notification: 19 October 2011 Vulnerability Type: Local...
Adobe Shockwave Player multiple security vulnerabilities
Multiple memory corruptions...
Cisco Unified Communications Manager / Cisco Unified Contact Center Express directory traversal
Directory traversal in embedded web services on TCP/8080 and TCP/9080 ports...
LabStoRe <= 1.5.4 Sql Injection Vulnerabilities
Dear All, I have found multiple sql injection vulnerabilities in LabStoRe = 1.5.4. The vendor knows the vulnerabilities and he is fixing them as stated in the enclosed advisory. See also http://www.bioinformatics.org/phplabware/labwiki/index.php?page=releasenotes Since the developer is currently...
Apache Tomcat privilege escalation
Privilege escalation via manager app...
osCSS2 "_ID" parameter Local file inclusion
Advisory: osCSS2 "ID" parameter Local file inclusion Advisory ID: SSCHADV2011-034 Author: Stefan Schurtz Affected Software: Successfully tested on osCSS2 2.1.0 latest version Vendor URL: http://oscss.org/ Vendor Status: Fixed in svn branche 2.1.0 and reported in develop version 2.1.1...
[SECURITY] [DSA 2343-1] openssl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2343-1 [email protected] http://www.debian.org/security/ Raphael Geissert November 09, 2011 http://www.debian.org/security/faq -...
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X...
[SECURITY] [DSA 2335-1] man2html security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2335-1 [email protected] http://www.debian.org/security/ Nico Golde November 5th, 2011 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.21 Description: This issue only affects environments running web applications that are n...
[SECURITY] [DSA 2338-1] moodle security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2338-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 07, 2011 http://www.debian.org/security/faq -...
[USN-1255-1] libmodplug vulnerabilities
========================================================================== Ubuntu Security Notice USN-1255-1 November 09, 2011 libmodplug vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
libmodplug library multiple security vulnerabilities
Memory corruptions on different media formats...
Oracle Java multiple security vulnerabilities
Quarterly CPU fixes 20 different vulnerabilities...
[CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability
CAL-2011-0052Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability CAL ID: CAL-2011-0052 CVE ID: CVE-2011-2446 Discover: instruder of code audit labs of vulnhunt.com http://www.adobe.com/support/security/bulletins/apsb11-27.html 1 Affected Products ================= Te...
Microsoft Windows DoS
Crash on TTF fonts parsing...
Microsoft Windows active directory authentication bypass
Certificate revocation list is not checked on LDAPs access...
Microsoft Windows kernel UDP processing integer overflow
Integer overflow leads to code execution via the flow of UDP packets to closed port...
Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting
Advisory: Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities Advisory ID: SSCHADV2011-017 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 with Karma Ranking Plugin version 1.1 Vendor URL: http://www.s9y.org Vendor Status: fixed...
Strictly social XSS уязвимость в WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в WordPress. Которую я нашёл ещё 15.10.2008 и к которой уязвимы все версии WordPress. В WordPress имеет место Cross-Site Scripting уязвимость, в данном случае Strictly social XSS http://websecurity.com.ua/5469/, на...
foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage
============================================================================ Foofus.net Security Advisory: foofus-20111026 ============================================================================ Title: Toshiba eStudio Multifunction Printer Information Leakage Version: e-Studio series devices...
eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities
---------------------------------------------------------------- eFront = 3.6.10 build 11944 Multiple Security Vulnerabilities ---------------------------------------------------------------- author.............: EgiX mail...............: n0b0d13satgmaildotcom software link......:...
phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit
phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit author...............: EgiX mail.................: n0b0d13satgmaildotcom software link........: http://phpldapadmin.sourceforge.net/ affected versions....: from 1.2.0 to 1.2.1.1 - vulnerable code in /lib/functions.php 1002...
[ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection
Gentoo Linux Security Advisory GLSA 201110-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS
---------------------------------------------------------------------- PT-2011-21 Positive Technologies Security Advisory SQL injection vulnerability in OneOrZero AIMS ---------------------------------------------------------------------- ---Vulnerable software OneOrZero AIMS Version: 2.7.0 and...
Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Advisory: Serendipity 'serendipityfilterbp.ALT' Cross-Site Scripting vulnerability Advisory ID: SSCHADV2011-015 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 Vendor URL: http://www.s9y.org Vendor Status: fixed CVE-ID: - ========================== Vulnerability...
[PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS
---------------------------------------------------------------------- PT-2011-20 Positive Technologies Security Advisory Authorization bypass vulnerability in OneOrZero AIMS ---------------------------------------------------------------------- ---Vulnerable software OneOrZero AIMS Version: 2.7....
XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3
Information -------------------- Name : XSS and SQL Injection Vulnerabilities on Symphony CMS Software : Symphony CMS 2.2.3 and possibly below Vendor Homepage : http://symphony-cms.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Mesut Timur mesut a...
Singtel 2wire routers CSRF
Unchangable account, CSRF...
CmyDocument Content Management Application - XSS Vulnerabilities
Title: CmyDocument Content Management Application - XSS Vulnerabilities Software : CmyDocument Content Management Application Software Version : Unknownversion update : 2010-01-10 Vendor: http://cmydocument.com/ Vulnerability Published : 2011-07-11 Vulnerability Update Time : Status : Impact :...
Multiple vulnerabilities in Efront
Vulnerability ID: HTB23053 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinefront.html Product: Efront Vendor: EPIGNOSIS Ltd http://www.efrontlearning.net/ Vulnerable Version: 3.6.10 build 11944 and probably prior Tested Version: 3.6.10 build 11944 Vendor Notification: 12...
DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]
Title ----- DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal CVE-2011-1359 Severity -------- High Date Discovered --------------- July 28, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Javier Castro,...
jara 1.6 sql injection vulnerability
jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/jara/view.php?id=SQL Injection...
Toshiba eStudio authentication bypass
Known URLs can be accessed without authentication...
[SECURITY] [DSA 2330-1] simplesamlphp security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2330-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 27, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2334-1] mahara security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2334-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 04, 2011 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...