47153 matches found
VUPEN Security Research - Novell GroupWise "TZNAME" Remote Buffer Overflow Vulnerability
VUPEN Security Research - Novell GroupWise Calendar "TZNAME" Remote Buffer Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Novell GroupWise is a messaging and collaborative software platform that...
Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability Advisory ID: cisco-sa-20110928-ipv6 Revision 1.0 For Public Release 2011 September 28 1600 UTC GMT +--------------------------------------------------------------------...
Cisco Unified Communications Manager memory leak
Memory leaks in SIP implementation...
Secunia Research: Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability
====================================================================== Secunia Research 27/09/2011 - Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability - ====================================================================== Table of Contents Affected...
Cisco Security Advisory: Cisco 10000 Series Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco 10000 Series Denial of Service Vulnerability Advisory ID: cisco-sa-20110928-c10k Revision 1.0 For Public Release 2011 September 28 1600 UTC GMT +---------------------------------------------------------------------...
Cisco IOS multiple security vulnerabilities
IP SLA DoS, smart install TCP/4786 code execution, memory leaks in IPS and firewall features, multiple SIP vulnerailibites, multiple protocols NAT translation DoS, multiple IPv6 DoS, DLSw DoS...
Novell Groupwise multiple security vulnerabilities
Multiple memory corruptions, buffer overflows, integer overflows, heap array overflow...
Secunia Research: Novell GroupWise Internet Agent HTTP Interface Buffer Overflow
====================================================================== Secunia Research 27/09/2011 - Novell GroupWise Internet Agent HTTP Interface Buffer Overflow - ====================================================================== Table of Contents Affected...
Cisco Security Advisory: Cisco IOS Software Data-Link Switching Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Data-Link Switching Vulnerability Advisory ID: cisco-sa-20110928-dlsw Revision 1.0 For Public Release 2011 September 28 1600 UTC GMT +---------------------------------------------------------------------...
iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability
iDefense Security Advisory 09.26.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 26, 2011 I. BACKGROUND GroupWise is Novell's messaging platform, and includes support for email, calendaring, and instant messaging. More information is available at the following website:...
Barracuda Backup multiple security vulnerabilities
Authentication bypass, crossite scripting...
mutt SSL certificate validation vulnerability
SMTP and POP3 certificate hostname is not validated correctly...
[ MDVSA-2011:138 ] wireshark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:138 http://www.mandriva.com/security/ Package : wireshark Date : September 28, 2011 Affected: 2011. Problem Description: This advisory updates wireshark to the latest version 1.6.2, fixing several security...
Mozilla Foundation Security Advisory 2011-44
Mozilla Foundation Security Advisory 2011-44 Title: Use after free reading OGG headers Impact: Critical Announced: September 27, 2011 Reporter: sczimmer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Thunderbird 7.0 SeaMonkey 2.4 Description sczimmer reported that Firefox crashed...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities
Advisory: Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities Advisory ID: SSCHADV2011-021 Author: Stefan Schurtz Affected Software: Successfully tested on Bitweaver 2.8.1 Vendor URL: http://www.bitweaver.org Vendor Status: informed CVE-ID: - ========================== Vulnerability...
Multiple vulnerabilities in Traq
Vulnerability ID: HTB23046 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintraq.html Product: Traq Vendor: Jack Polgar http://traqproject.org/ Vulnerable Version: 2.2 and probably prior Tested Version: 2.2 Vendor Notification: 07 September 2011 Vulnerability Type: XSS, SQL...
[USN-1221-1] Mutt vulnerability
========================================================================== Ubuntu Security Notice USN-1221-1 September 29, 2011 mutt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
NCSS memory corruption
Memory corruption on S0 files parsing...
Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities
Joomla! 1.7.0 | Multiple Cross Site Scripting XSS Vulnerabilities 1. OVERVIEW Joomla! 1.7.0 stable version is vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system CMS for publishing content on the World Wide Web and intranets...
XSS и FPD уязвимости в Adobe ColdFusion
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых уязвимостях в Adobe ColdFusion. Это Cross-Site Scripting и Full path disclosure уязвимости. XSS WASC-08: http://site/CFIDE/componentutils/componentdetail.cfm?component=3Cbody20onload=alertdocument.cookie3E...
Wireshark multiple security vulnerabilities
DoS on different protocols dissectors, unsafe dynamic library loading...
Mozilla Foundation Security Advisory 2011-42
Mozilla Foundation Security Advisory 2011-42 Title: Potentially exploitable crash in the YARR regular expression library Impact: Critical Announced: September 27, 2011 Reporter: Aki Helin Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Thunderbird 7.0 SeaMonkey 2.4 Description...
European Security Services GPS v1.0 - Multiple Vulnerabilities
Title: ====== European Security Services GPS 1.x - Multiple Vulnerabilities Date: ===== 2011-09-28 VL-ID: ===== 63 Reference: ========== http://www.vulnerability-lab.com/getcontent.php?id=63 Introduction: ============= Fur eine geringe Ortungsgebuhr erhalten Sie einen Zugang zu unserem Online...
NGS00109 Patch Notification: ImpressPages CMS Remote code execution
High Risk Vulnerability in ImpressPages CMS 27 September 2011 David Middlehurst of NGS Secure has discovered a High risk vulnerability in ImpressPages CMS v1.0.12. Impact: Remote code execution Please update all instances of Impress Pages to the 1.0.13 release:...
Mozilla Foundation Security Advisory 2011-41
Mozilla Foundation Security Advisory 2011-41 Title: Potentially exploitable WebGL crashes Impact: Critical Announced: September 27, 2011 Reporter: Michael Jordan, Ben Hawkes Products: Firefox, SeaMonkey Fixed in: Firefox 7.0 SeaMonkey 2.4 Description Michael Jordon of Context IS reported that in...
openEngine 2.0 'id' Blind SQL Injection vulnerability
Advisory: openEngine 2.0 'id' Blind SQL Injection vulnerability Advisory ID: SSCHADV2011-019 Author: Stefan Schurtz Affected Software: Successfully tested on openEngine 2.0 100226 Vendor URL: http://www.openengine.de/ Vendor Status: informed CVE-ID: - ========================== Vulnerability...
[USN-1223-1] Puppet vulnerabilities
========================================================================== Ubuntu Security Notice USN-1223-1 September 30, 2011 puppet vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
Arbitrary memory corruption in NCSS 07.1.21
Luigi Auriemma Application: NCSS aka NCSS 2007 http://www.ncss.com/ncss.html Versions: = 07.1.21 Platforms: Windows Bug: array overflow with write2 Exploitation: file Date: 28 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix...
Mozilla Foundation Security Advisory 2011-37
Mozilla Foundation Security Advisory 2011-37 Title: Integer underflow when using JavaScript RegExp Impact: Critical Announced: September 27, 2011 Reporter: Mark Kaplan Products: Firefox 3.6 Fixed in: Firefox 3.6.23 Description Mark Kaplan reported a potentially exploitable crash due to integer...
Mozilla Foundation Security Advisory 2011-39
Mozilla Foundation Security Advisory 2011-39 Title: Defense against multiple Location headers due to CRLF Injection Impact: Moderate Announced: September 27, 2011 Reporter: Ian Graham Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4...
Mozilla Foundation Security Advisory 2011-38
Mozilla Foundation Security Advisory 2011-38 Title: XSS via plugins and shadowed window.location object Impact: High Announced: September 27, 2011 Reporter: Boris Zbarsky Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 6.0 Firefox 3.6.23 Thunderbird 6.0 SeaMonkey 2.3 Description Mozil...
Mozilla Foundation Security Advisory 2011-36
Mozilla Foundation Security Advisory 2011-36 Title: Miscellaneous memory safety hazards rv:7.0 / rv:1.9.2.23 Impact: Critical Announced: September 27, 2011 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0...
Mozilla Foundation Security Advisory 2011-45
Mozilla Foundation Security Advisory 2011-45 Title: Inferring keystrokes from motion data Impact: Moderate Announced: September 27, 2011 Products: Firefox, SeaMonkey Fixed in: Firefox 7.0 SeaMonkey 2.4 Description University of California, Davis researchers Liang Cai and Hao Chen presented a pape...
Mozilla Foundation Security Advisory 2011-40
Mozilla Foundation Security Advisory 2011-40 Title: Code installation through holding down Enter Impact: Critical Announced: September 27, 2011 Reporter: Mariusz Mlynski Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4 Description Marius...
Barracuda Backup v2.0 - Multiple Web Vulnerabilities
Title: ====== Barracuda Backup v2.0 - Multiple Web Vulnerabilities Date: ===== 2011-09-28 References: =========== Barracuda Backup Application v2.0 VL-ID: ===== 31 Introduction: ============= Barracuda Networks - Worldwide leader in email and Web security. Barracuda Backup Service is a complete a...
Mozilla Foundation Security Advisory 2011-43
Mozilla Foundation Security Advisory 2011-43 Title: loadSubScript unwraps XPCNativeWrapper scope parameter Impact: Critical Announced: September 27, 2011 Reporter: David Rees Products: Firefox, SeaMonkey Fixed in: Firefox 7.0 SeaMonkey 2.4 Description David Rees reported that the JSSubScriptLoade...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, crossite scripting, code executions, etc...
AdaptCMS 2.0.1 Multiple security vulnerabilities
Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities Advisory ID: SSCHADV2011-018 Author: Stefan Schurtz Affected Software: Successfully tested on AdaptCMS 2.0.1 Vendor URL: http://www.adaptcms.com/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...
Advisory: Opera Mobile Cache Poisoning XAS
1 Background ============= Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, Opera Mobile holds sensitive information such as cookies, cache and history, and this...
Re: NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux
Research@NGSSecure [email protected] wrote: Vulnerable SUID script in nomachine NX Server for Linux 3.5.0-4 Advanced and Enterprise across redhat and debian hosts 21 September 2011 NGS Secure has discovered a High risk vulnerability in nomachine NX Server for Linux 3.5.0-4 Advanced and...
Multiple vulnerabilities in AWStats
Hello 3APA3A! I want to warn you about multiple security vulnerabilities in AWStats. These are Cross-Site Scripting, Redirector, SQL Injection, HTTP Response Splitting and CRLF Injection vulnerabilities in AWStats in awredir. AWStats includes script Advanced Web Redirector awredir.pl. There were...
XSS Vulnerabilities in TWiki < 5.1.0
Information------------------Name : XSS vulnerability in TWikiSoftware : TWiki 5.0.2 and below.Vendor Hompeage : http://twiki.org/Vulnerability Type : Cross-Site ScriptingSeverity : HighResearcher : Mesut Timur mesut at mavitunasecurity dot comAdvisory Reference : NS-11-006CVE : CVE-2011-3010...
Multiple vulnerabilities in Help Desk Software
Vulnerability ID: HTB23041 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinhelpdesksoftware.html Product: Help Desk Software Vendor: freehelpdesk.org http://freehelpdesk.org/ Vulnerable Version: 1.1b and probably prior Tested Version: 1.1b Vendor Notification: 17 August 2011...
Sunway ForceControl multiple security vulnerabilities
Multiple buffer overflows, DoS conditions, directory traversal, ActiveX code execution...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Vulnerabilities in Sunway ForceControl 6.1 sp3 (SCADA)
Luigi Auriemma Application: Sunway ForceControl http://www.sunwayland.com.cn/pro.asp Versions: = 6.1 sp3 with AngelServer and WebServer updated Platforms: Windows Bugs: various stack overflows directory traversals third party ActiveX code execution various Denials of Service Exploitation: remote...
NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF - SOS-11-011
Sense of Security - Security Advisory - SOS-11-011 Release Date. 20-Sep-2011 Last Update. - Vendor Notification Date. 22-Mar-2011 Product. NETGEAR Wireless Cable Modem Gateway CG814WG Affected versions. Hardware 1.03, Software V3.9.26 R14 verified, possibly others Severity Rating. High Impact...
[email protected]
Research@NGSSecure [email protected] wrote: Vulnerable SUID script in nomachine NX Server for Linux 3.5.0-4 Advanced and Enterprise across redhat and debian hosts 21 September 2011 NGS Secure has discovered a High risk vulnerability in nomachine NX Server for Linux 3.5.0-4 Advanced and...
TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation
Trustwave's SpiderLabs Security Advisory TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation https://www.trustwave.com/spiderlabs/advisories/TWSL2011-014.txt Published: 2011-09-23 Version: 1.0 Vendor: Pantech http://www.pantechusa.com Product: Link P7040P, others may be vulnerab...