47153 matches found
APPLE-SA-2011-10-26-1 QuickTime 7.7.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-26-1 QuickTime 7.7.1 QuickTime 7.7.1 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application...
ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability
ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-312 October 27, 2011 -- CVE ID: CVE-2011-3221 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple...
[SECURITY] [DSA 2331-1] tor security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2331-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 28, 2011 http://www.debian.org/security/faq -...
Cisco Video Surveillance DoS
Crash on RTSP packet parsing...
ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-311 October 27, 2011 -- CVE ID: CVE-2011-3220 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability
ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-299 October 26, 2011 -- CVE ID: CVE-2011-2435 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability...
ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability
ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-308 October 26, 2011 -- CVE ID: CVE-2011-4004 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Cisco -- Affected Products: Cisco WebEx --...
ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability
ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-297 October 26, 2011 -- CVE ID: CVE-2011-2437 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability...
ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability
ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-301 October 26, 2011 -- CVE ID: CVE-2011-2434 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...
ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability
ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-300 October 26, 2011 -- CVE ID: CVE-2011-2433 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...
Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras Advisory ID: cisco-sa-20111026-camera Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +--------------------------------------------------------------------- Summary...
ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability
ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-302 October 26, 2011 -- CVE ID: CVE-2011-2432 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -...
DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315]
Title ----- DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal CVE-2011-3315 Severity -------- High Date Discovered --------------- August 9, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description...
HP Network Node Manager i information leakage
No description provided...
[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 1 HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...
ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability
ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-305 October 26, 2011 -- CVE ID: CVE-2011-3544 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...
RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.
Hello, This is Paul Oxman with Cisco PSIRT. Please confirms the vulnerability reported by Peter Adkins, and has published an Intellishield response http://tools.cisco.com/security/center/viewAlert.x?alertId=24458 Additional information below. For current updates to Cisco PSIRT response, please se...
ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability
ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-314 October 27, 2011 -- CVE ID: CVE-2011-3247 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability
ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-306 October 26, 2011 -- CVE ID: CVE-2011-3521 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java...
[CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Cisco Nexus OS NX-OS - Command "injection" / sanitization issues. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Discovery by: 1 Peter Adkins [email protected] Access: 1 Local;...
zFTP FTP server buffer overflow
Buffer overflow on STAT and CWD commands processing...
cyrus-imapd DoS
Crash on parsing message References: header...
[ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 201110-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
D-Bus symbolic links vulnerability
configure script insecure file creation...
[SECURITY] [DSA 2326-1] pam security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2326-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 24, 2011 http://www.debian.org/security/faq -...
pam buffer overflow
pamenv module buffer overflow...
TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite
TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite Published: 2011/10/24 Advisory-Version: 1.0 References: - Alcatel Lucent Vulnerability Statement 2011003 Multiple vulnerabilities in OmniTouch Instant Communication Suite - CVE-2011-4058 - multiple XSS vulnerabilitie...
ClamAV antivirus DoS
Crash on high recurson level...
zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
zFtp Server = 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability 1. OVERVIEW The zFTP server is found to be vulnerable to denial of service in handling multiple STAT and CWD command requests. 2. BACKGROUND The zFTP server is a Windows based FTP server with focus on clever Active...
Alcatel Lucent OmniTouch Instant Communication Suite multiple security vulnerabilities
Crossite scripting, request forgery...
Multiple vulnerabilities in BugFree
Vulnerability ID: HTB23048 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinbugfree.html Product: BugFree Vendor: www.bugfree.org.cn http://www.bugfree.org.cn/ Vulnerable Version: 2.1.3 and probably prior Tested Version: 2.1.3 Vendor Notification: 21 September 2011 Vulnerabili...
Code Execution and FPD vulnerabilities in Simple:Press Forum for WordPress
Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Simple:Press Forum for WordPress. These are Code Execution and Full path disclosure vulnerabilities. Code Execution WASC-31: Execution of arbitrary code is possible via TinyBrowser. As I already told concerning...
Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection
-------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection -------------------------------------------------------------------- author...............: EgiX mail.................: n0b0d13satgmaildotcom software link........:...
Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability
Advisory: Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability Advisory ID: SSCHADV2011-020 Author: Stefan Schurtz Affected Software: Successfully tested on Active CMS 1.2.0 Vendor URL: http://www.activedev.net/ Vendor Status: informed CVE-ID: - ========================== Vulnerability...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-006 MIT krb5 Security Advisory 2011-006 Original release: 2011-10-18 Last update: 2011-10-18 Topic: KDC denial of service vulnerabilities CVE-2011-1527: null pointer dereference in KDC LDAP back end CVSSv2 Vector:...
MIT krb5 FTP server privilege escalation
Daemon group privileges are not dropped. DoS conditions in different backends...
Multiple vulnerabilities in Pretty Link WordPress Plugin
Vulnerability ID: HTB23049 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinprettylinkwordpressplugin.html Product: Pretty Link WordPress Plugin Vendor: Caseproof http://blairwilliams.com/ Vulnerable Version: 1.4.56 and probably prior Tested Version: 1.4.56 Vendor Notification...
Microsoft Internet Explorer multiple security vulnerabilities
Multiple memory corruptions with code execution...
DNS Poisoning via Port Exhaustion
Hey, Today we are releasing a very interesting whitepaper which describes a DNS poisoning attack against stub resolvers. It discloses two vulnerabilities: 1. A vulnerability in Java CVE-2011-3552, CVE-2010-4448 which enables remote DNS poisoning using Java applets. This vulnerability can be...
msgid:[email protected][email protected]&[email protected]&folder=\\3APA3A\Bugtraq&subject=Related%20POC%20for%20JCE%20Joomla%20Extension%20<%3D2
After release of vendor supplied patch for JCE's vulnerabilities, AmnPardaz is going to submit related POC for this issue in Perl and PHP after one month for educational purposes. PHP Version: ?php www.bugreport.ir AmnPardaz Security Research & Penetration Testing Group Title: Exploit for JCE...
Multiple vulnerabilities in Tine 2.0
Vulnerability ID: HTB23050 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintine20.html Product: Tine 2.0 Vendor: Metaways Infosystems GmbH http://www.tine20.org Vulnerable Version: Maischa 2011/05 and probably prior Tested Version: Maischa 2011/05 Vendor Notification: 28...
ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability
ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-295 October 18, 2011 -- CVE ID: CVE-2011-3222 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime...
Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities
Advisory: Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-031 Author: Stefan Schurtz Affected Software: Successfully tested on Yet Another CMS 1.0 Vendor URL: http://yetanothercms.codeplex.com/ Vendor Status: informed EDB-ID: 17997 ==========================...
openEngine 2.0 'key' Blind SQL Injection vulnerability
Advisory: openEngine 2.0 'key' Blind SQL Injection vulnerability Advisory ID: SSCHADV2011-026 Author: Stefan Schurtz Affected Software: Successfully tested on openEngine 2.0 100226 Vendor URL: http://www.openengine.de/ Vendor Status: informed CVE-ID: - ========================== Vulnerability...
ZOHO ManageEngine ADSelfService Plus Administrative Access
ZOHO ManageEngine ADSelfService Plus Administrative Access ========================================================== ADVISORY INFORMATION Title: ZOHO ManageEngine ADSelfService Plus Administrative Access Release date: 10/10/2011 Last update: 10/10/2011 Credits: Roberto Paleari, Emaze Networks...
HP Data Protector Notebook Extension multiple security vulnerabilities
No description provided...
Site@School 2.4.10 SQL Injection & XSS vulnerabilities
Advisory: Site@School 2.4.10 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-030 Author: Stefan Schurtz Affected Software: Successfully tested on Site@School 2.4.10 Vendor URL: http://sourceforge.net/projects/siteatschool/ Vendor Status: insecure and no longer maintained CVE-ID: -...
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability tested against: Microsoft Windows 2k3 r2 sp2 Oracle Hyperion Performance Management and BI v11.1.2.1.0 download url of the Oracle Hyperion suite:...
tor multiple security vulnerabilities
Heap buffer overflow, DoS, key information leak...