Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Unified Contact Center Express Directory Traversal Vulnerability Advisory ID: cisco-sa-20111026-uccx Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +--------------------------------------------------------------------- Summary...

ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability

ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-299 October 26, 2011 -- CVE ID: CVE-2011-2435 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability...

Cisco Nexus switches protection bypass

It's possible to bypass ACL limitation. Local code execution...

ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability

ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-307 October 26, 2011 -- CVE ID: CVE-2011-3545 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle...

HP Network Node Manager i information leakage

No description provided...

ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability

ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-313 October 27, 2011 -- CVE ID: CVE-2011-3223 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple...

Cisco Video Surveillance DoS

Crash on RTSP packet parsing...

tor information discosure

Combined attacks may be used to deaninmize user...

ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability

ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-315 October 27, 2011 -- CVE ID: CVE-2011-3249 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability

ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-309 October 26, 2011 -- CVE ID: CVE-2011-3173 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Novell -- Affected Products: Novell...

Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Unified Communications Manager Directory Traversal Vulnerability Advisory ID: cisco-sa-20111026-cucm Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +--------------------------------------------------------------------- Summary...

Adobe Acrobat / Reader multiple security vulnerabilities

Privilege escalation, memory leakage, code executions, multiple buffer overflows...

ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability

ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-304 October 26, 2011 -- CVE ID: CVE-2011-3252 -- CVSS: 8.3, AV:N/AC:M/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple...

HP-UX Containers privilege escalation

No description provided...

ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability

ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-301 October 26, 2011 -- CVE ID: CVE-2011-2434 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...

ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability

ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-314 October 27, 2011 -- CVE ID: CVE-2011-3247 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability

ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-316 October 27, 2011 -- CVE ID: CVE-2011-3251 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability

ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-302 October 26, 2011 -- CVE ID: CVE-2011-2432 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -...

Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras Advisory ID: cisco-sa-20111026-camera Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +--------------------------------------------------------------------- Summary...

TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite

TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite Published: 2011/10/24 Advisory-Version: 1.0 References: - Alcatel Lucent Vulnerability Statement 2011003 Multiple vulnerabilities in OmniTouch Instant Communication Suite - CVE-2011-4058 - multiple XSS vulnerabilitie...

[SECURITY] [DSA 2326-1] pam security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2326-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 24, 2011 http://www.debian.org/security/faq -...

[ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 201110-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

D-Bus symbolic links vulnerability

configure script insecure file creation...

cyrus-imapd DoS

Crash on parsing message References: header...

Alcatel Lucent OmniTouch Instant Communication Suite multiple security vulnerabilities

Crossite scripting, request forgery...

[CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Cisco Nexus OS NX-OS - Command "injection" / sanitization issues. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Discovery by: 1 Peter Adkins [email protected] Access: 1 Local;...

zFTP FTP server buffer overflow

Buffer overflow on STAT and CWD commands processing...

pam buffer overflow

pamenv module buffer overflow...

ClamAV antivirus DoS

Crash on high recurson level...

zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability

zFtp Server = 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability 1. OVERVIEW The zFTP server is found to be vulnerable to denial of service in handling multiple STAT and CWD command requests. 2. BACKGROUND The zFTP server is a Windows based FTP server with focus on clever Active...

Contao 2.10.1 Cross-site scripting vulnerability

Advisory: Contao 2.10.1 Cross-site scripting vulnerability Advisory ID: SSCHADV2011-025 Author: Stefan Schurtz Affected Software: Successfully tested on Contao 2.10.1 Vendor URL: http://www.contao.org/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...

foofus.net Security Advisory - Toshiba eStudio Multifunction Printer Authentication Bypass

============================================================================ Foofus.net Security Advisory: foofus-20111016 ============================================================================ Title: Toshiba EStudio Multifunction Printer Authentication Bypass Version: e-Studio series devic...

[PT-2011-14] SQL injection vulnerability in BoonEx Dolphin

---------------------------------------------------------------------- PT-2011-14 Positive Technologies Security Advisory SQL injection vulnerability in BoonEx Dolphin 6.1 ---------------------------------------------------------------------- --- Vulnerable platform BoonEx Dolphin 6.1 Link:...

HP Data Protector Notebook Extension multiple security vulnerabilities

No description provided...

MIT krb5 FTP server privilege escalation

Daemon group privileges are not dropped. DoS conditions in different backends...

Security-Assessment.com Advisory: Destination Search Admin Console Access Control Bypass

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Destination Search Admin Console Access Control Bypass Vendor link: http://www.localmatters.com/ PDF:...

HP MFP Digital Sending Software information leakage

No description provided...

inCommand Technologies, Inc. Cross-site Scripting Vulnerability

------------In The Name Of God------------ inCommand Technologies, Inc. Cross-site Scripting Vulnerability AUTHOR: md.r00t Mail: [email protected] Website: www.r00t.gigfa.com Forum: http://ajaxtm.com/forum Google D0rk: "Website Design by inCommand Technologies, Inc." xss EXPLOIT:...

Asterisk uninitilized memory reference

Crash on SIP request processing...

Multiple vulnerabilities in Tine 2.0

Vulnerability ID: HTB23050 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintine20.html Product: Tine 2.0 Vendor: Metaways Infosystems GmbH http://www.tine20.org Vulnerable Version: Maischa 2011/05 and probably prior Tested Version: Maischa 2011/05 Vendor Notification: 28...

TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN function)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes Authentication to Database Server is needed Credits: This vulnerability was discovered a...

ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability

ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-295 October 18, 2011 -- CVE ID: CVE-2011-3222 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime...

Cisco Show and Share security vulnerabilities

Authentication bypass, code execution...

TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR2, 11gR1 and 11gR2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of...

openEngine 2.0 'key' Blind SQL Injection vulnerability

Advisory: openEngine 2.0 'key' Blind SQL Injection vulnerability Advisory ID: SSCHADV2011-026 Author: Stefan Schurtz Affected Software: Successfully tested on openEngine 2.0 100226 Vendor URL: http://www.openengine.de/ Vendor Status: informed CVE-ID: - ========================== Vulnerability...

Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection

-------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection -------------------------------------------------------------------- author...............: EgiX mail.................: n0b0d13satgmaildotcom software link........:...

[security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03058866Version: 1 HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon a...

Metasploit 4.1.0 Web UI stored XSS vulnerability

Advisory: Metasploit 4.1.0 Web UI stored XSS vulnerability Advisory ID: SSCHADV2011-033 Author: Stefan Schurtz Affected Software: Successfully tested on Metasploit Community Edition Vendor URL: http://metasploit.com/ Vendor Status: fixed EDB-ID: 18012 ========================== Vulnerability...

Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability

Advisory: Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability Advisory ID: SSCHADV2011-020 Author: Stefan Schurtz Affected Software: Successfully tested on Active CMS 1.2.0 Vendor URL: http://www.activedev.net/ Vendor Status: informed CVE-ID: - ========================== Vulnerability...

WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012

Sense of Security - Security Advisory - SOS-11-012 Release Date. 17-Oct-2011 Vendor Notification Date. 14-Oct-2011 Product. BackWPUp Platform. WordPress Affected versions. 2.1.4 Severity Rating. High Impact. System access Attack Vector. Remote without authentication Solution Status. Upgrade to...