47153 matches found
XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3
Information -------------------- Name : XSS and SQL Injection Vulnerabilities on Symphony CMS Software : Symphony CMS 2.2.3 and possibly below Vendor Homepage : http://symphony-cms.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Mesut Timur mesut a...
jara 1.6 sql injection vulnerability
jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/jara/view.php?id=SQL Injection...
Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting
Advisory: Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities Advisory ID: SSCHADV2011-017 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 with Karma Ranking Plugin version 1.1 Vendor URL: http://www.s9y.org Vendor Status: fixed...
Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Advisory: Serendipity 'serendipityfilterbp.ALT' Cross-Site Scripting vulnerability Advisory ID: SSCHADV2011-015 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 Vendor URL: http://www.s9y.org Vendor Status: fixed CVE-ID: - ========================== Vulnerability...
[security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01915145 Version: 1 HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be act...
[security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01908983 Version: 1 HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted...
HP OpenVMS unauthorized access via POP3/IMAP server
No description provided...
Open VMS SMTP server DoS
No description provided...
RSA Key Manager Appliance session termination vulnerabilty
Session may be not properly terminated after logout...
ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. EMC Identifier: ESA-2011-032 CVE Identifier: CVE-2011-2739 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: EMC SW: EMC Documentum eRoom 7.3...
Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability Advisory ID: cisco-sa-20111102-srp500 Revision 1.0 For Public Release 2011 November 2 16:00 UTC GMT...
Wireshark sniffer multipe security vulnerabilities
Uninitialized memory dereference, buffer overflow...
Cisco Small Business SRP500 crossite request forgery
Crossite request forgery in administration interface...
Oracle Hyperion ActiveX security vulnerabilities
Buffer overflow in ODBC driver used by ActiveX component, unsafe methods...
ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1 Advisories Updated October 28, 2011 Summary: RSA has delivered an update on RSA Key Manager...
EMC Documentum eRoom protection bypass
It's possible to bypass file type upload limitations...
Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability
Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability tested against: Internet Explorer 8 Microsoft Windows Server 2003 r2 sp2 download url: http://www.oracle.com/technetwork/middleware/epm/downloads/index.html files tested: SystemInstaller-11121-win32.zi...
YaTFTPSvr TFTP Server directory traversal
No description provided...
Apple Mail.app DoS
Crash on large number of MIME parts...
YaTFTPSvr TFTP Server Directory Traversal Vulnerability
Title: YaTFTPSvr TFTP Server Directory Traversal Vulnerability Software : YaTFTPSvr TFTP Server Software Version : 1.0.1.200 Vendor: http://sites.google.com/site/zhaojieding2/ Vulnerability Published : 2011-07-11 Vulnerability Update Time : Status : Impact : Medium Bug Description : YaTFTPSvr TFT...
PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow
Title: PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow Software: PlotLineControl ActiveX ControlVersion 2.0 Vulnerability Published :2011-10-30 Vulnerability Update Time :2010-06-10 Vendor: No vendor response Impact: Median Bug Description: PlotLineControl is a free ActiveX Contro...
D-Link DIR-300 multiple security vulnerabilities
Router management system for D-Link DIR-300 information leakage...
Nova weak cryptography
It's possible to computer EC2SECRETKEY with known EC2ACCESSKEY...
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow EDB-ID: 18007 CVE: N/A OSVDB-ID: N/A Author: rgod Published: 2011-10-20 Verified: Exploit Code: Vulnerable App: N/A Rating Overall: 0.0 Oracle DataDirect Multiple Native Wire Protocol ODBC...
[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router
---------------------------------------------------------------------- PT-2011-30 Positive Technologies Security Advisory Disclosure of sensitive information in D-Link DIR-300 Router ---------------------------------------------------------------------- ---Vulnerable software Router management...
PlotLineControl ActiveX integer overflow
Integer overflow in LinePutPoint method...
[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300
---------------------------------------------------------------------- PT-2011-29 Positive Technologies Security Advisory Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300. ---------------------------------------------------------------------- ---Vulnerable...
Apple's Mail.app mail of death
OVERVIEW Mail.app mail client is vulnerable to a DoS by sending a crafted email. VENDOR Apple Inc. Vendor contacted: 25 July 2011 Vendor reply: 20 September 2011. Vendor's actions: Details confidential. VULNERABILITY DESCRIPTION Send an email with 2023 MIME attachments to the vicim client. Upon...
[SECURITY] [DSA 2323-1] radvd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq -...
radvd multiple security vulnerabilities
Privilege escalation, buffer overflow, DoS...
[USN-1247-1] Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1247-1 October 25, 2011 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability
ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-298 October 26, 2011 -- CVE ID: CVE-2011-2436 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerabili...
ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability
ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-309 October 26, 2011 -- CVE ID: CVE-2011-3173 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Novell -- Affected Products: Novell...
ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability
ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-304 October 26, 2011 -- CVE ID: CVE-2011-3252 -- CVSS: 8.3, AV:N/AC:M/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple...
HP-UX Containers privilege escalation
No description provided...
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Advisory ID: cisco-sa-20111026-webex Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +----------------------------------------------------------------...
[security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057703 Version: 2 HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers SRP, Local Unauthorized Access and Increased Privileges NOTICE: The information in this Security Bulletin should be acted upon ...
Adobe Acrobat / Reader multiple security vulnerabilities
Privilege escalation, memory leakage, code executions, multiple buffer overflows...
tor information discosure
Combined attacks may be used to deaninmize user...
Novell iPrint buffer overflow
GetDriverSettings function buffer overflow...
Cisco Nexus switches protection bypass
It's possible to bypass ACL limitation. Local code execution...
ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability
ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-313 October 27, 2011 -- CVE ID: CVE-2011-3223 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple...
ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability
ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-296 October 26, 2011 -- CVE ID: CVE-2011-2438 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...
ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability
ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-310 October 26, 2011 -- CVE ID: CVE-2011-2441 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader...
ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability
ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-316 October 27, 2011 -- CVE ID: CVE-2011-3251 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Unified Communications Manager Directory Traversal Vulnerability Advisory ID: cisco-sa-20111026-cucm Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +--------------------------------------------------------------------- Summary...
ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability
ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-315 October 27, 2011 -- CVE ID: CVE-2011-3249 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Unified Contact Center Express Directory Traversal Vulnerability Advisory ID: cisco-sa-20111026-uccx Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +--------------------------------------------------------------------- Summary...
ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability
ZDI-11-303 : Apple QuickTime H264 Stream framecropping Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-303 October 26, 2011 -- CVE ID: CVE-2011-3219 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability
ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-307 October 26, 2011 -- CVE ID: CVE-2011-3545 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle...