Integer overflow in Sterling Trader 7.0.2

Luigi Auriemma Application: Sterling Trader http://www.sterlingtrader.com/TradingPlatforms/tradingplatforms2.html Versions: = 7.0.2 Platforms: Windows Bug: integer overflow Exploitation: remote Date: 25 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2...

Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability Advisory ID: cisco-sa-20110928-cucm Revision 1.0 For Public Release 2011 September 28 1600 UTC GMT...

Secunia Research: Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability

====================================================================== Secunia Research 27/09/2011 - Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability - ====================================================================== Table of Contents Affected...

Vulnerabilities in EViews 7.2

Luigi Auriemma Application: EViews http://www.eviews.com Versions: = 7.0.0.1 aka 7.2 Platforms: Windows Bugs: A memory corruption B heap overflow Exploitation: file Date: 19 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bugs 3 The Code 4 Fix...

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20110928-sip Revision 1.0 For Public Release 2011 September 28 1600 UTC GMT...

Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC GMT +--------------------------------------------------------------------...

Cisco Security Advisory: Cisco 10000 Series Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco 10000 Series Denial of Service Vulnerability Advisory ID: cisco-sa-20110928-c10k Revision 1.0 For Public Release 2011 September 28 1600 UTC GMT +---------------------------------------------------------------------...

Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities Advisory ID: cisco-sa-20110928-zbfw Revision 1.0 For Public Release 2011 September 28 1600 UTC GMT...

VUPEN Security Research - Novell GroupWise "RRULE" Remote Buffer Overflow Vulnerability

VUPEN Security Research - Novell GroupWise Calendar "RRULE" Remote Buffer Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Novell GroupWise is a messaging and collaborative software platform that...

Cisco Security Advisory: Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability Advisory ID: cisco-sa-20110928-xcpcupsxml Revision 1.0 For Public Release 2011 September 28 1600 UTC GMT...

NCSS memory corruption

Memory corruption on S0 files parsing...

Barracuda Backup multiple security vulnerabilities

Authentication bypass, crossite scripting...

mutt SSL certificate validation vulnerability

SMTP and POP3 certificate hostname is not validated correctly...

Wireshark multiple security vulnerabilities

DoS on different protocols dissectors, unsafe dynamic library loading...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

European Security Services GPS v1.0 - Multiple Vulnerabilities

Title: ====== European Security Services GPS 1.x - Multiple Vulnerabilities Date: ===== 2011-09-28 VL-ID: ===== 63 Reference: ========== http://www.vulnerability-lab.com/getcontent.php?id=63 Introduction: ============= Fur eine geringe Ortungsgebuhr erhalten Sie einen Zugang zu unserem Online...

Mozilla Foundation Security Advisory 2011-39

Mozilla Foundation Security Advisory 2011-39 Title: Defense against multiple Location headers due to CRLF Injection Impact: Moderate Announced: September 27, 2011 Reporter: Ian Graham Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4...

Arbitrary memory corruption in NCSS 07.1.21

Luigi Auriemma Application: NCSS aka NCSS 2007 http://www.ncss.com/ncss.html Versions: = 07.1.21 Platforms: Windows Bug: array overflow with write2 Exploitation: file Date: 28 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix...

[ MDVSA-2011:138 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:138 http://www.mandriva.com/security/ Package : wireshark Date : September 28, 2011 Affected: 2011. Problem Description: This advisory updates wireshark to the latest version 1.6.2, fixing several security...

Mozilla Foundation Security Advisory 2011-41

Mozilla Foundation Security Advisory 2011-41 Title: Potentially exploitable WebGL crashes Impact: Critical Announced: September 27, 2011 Reporter: Michael Jordan, Ben Hawkes Products: Firefox, SeaMonkey Fixed in: Firefox 7.0 SeaMonkey 2.4 Description Michael Jordon of Context IS reported that in...

Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities

Advisory: Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities Advisory ID: SSCHADV2011-021 Author: Stefan Schurtz Affected Software: Successfully tested on Bitweaver 2.8.1 Vendor URL: http://www.bitweaver.org Vendor Status: informed CVE-ID: - ========================== Vulnerability...

Barracuda Backup v2.0 - Multiple Web Vulnerabilities

Title: ====== Barracuda Backup v2.0 - Multiple Web Vulnerabilities Date: ===== 2011-09-28 References: =========== Barracuda Backup Application v2.0 VL-ID: ===== 31 Introduction: ============= Barracuda Networks - Worldwide leader in email and Web security. Barracuda Backup Service is a complete a...

Multiple vulnerabilities in Traq

Vulnerability ID: HTB23046 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintraq.html Product: Traq Vendor: Jack Polgar http://traqproject.org/ Vulnerable Version: 2.2 and probably prior Tested Version: 2.2 Vendor Notification: 07 September 2011 Vulnerability Type: XSS, SQL...

openEngine 2.0 'id' Blind SQL Injection vulnerability

Advisory: openEngine 2.0 'id' Blind SQL Injection vulnerability Advisory ID: SSCHADV2011-019 Author: Stefan Schurtz Affected Software: Successfully tested on openEngine 2.0 100226 Vendor URL: http://www.openengine.de/ Vendor Status: informed CVE-ID: - ========================== Vulnerability...

Mozilla Foundation Security Advisory 2011-42

Mozilla Foundation Security Advisory 2011-42 Title: Potentially exploitable crash in the YARR regular expression library Impact: Critical Announced: September 27, 2011 Reporter: Aki Helin Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Thunderbird 7.0 SeaMonkey 2.4 Description...

Mozilla Foundation Security Advisory 2011-36

Mozilla Foundation Security Advisory 2011-36 Title: Miscellaneous memory safety hazards rv:7.0 / rv:1.9.2.23 Impact: Critical Announced: September 27, 2011 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0...

Mozilla Foundation Security Advisory 2011-38

Mozilla Foundation Security Advisory 2011-38 Title: XSS via plugins and shadowed window.location object Impact: High Announced: September 27, 2011 Reporter: Boris Zbarsky Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 6.0 Firefox 3.6.23 Thunderbird 6.0 SeaMonkey 2.3 Description Mozil...

Mozilla Foundation Security Advisory 2011-37

Mozilla Foundation Security Advisory 2011-37 Title: Integer underflow when using JavaScript RegExp Impact: Critical Announced: September 27, 2011 Reporter: Mark Kaplan Products: Firefox 3.6 Fixed in: Firefox 3.6.23 Description Mark Kaplan reported a potentially exploitable crash due to integer...

NGS00109 Patch Notification: ImpressPages CMS Remote code execution

High Risk Vulnerability in ImpressPages CMS 27 September 2011 David Middlehurst of NGS Secure has discovered a High risk vulnerability in ImpressPages CMS v1.0.12. Impact: Remote code execution Please update all instances of Impress Pages to the 1.0.13 release:...

[USN-1221-1] Mutt vulnerability

========================================================================== Ubuntu Security Notice USN-1221-1 September 29, 2011 mutt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities

Joomla! 1.7.0 | Multiple Cross Site Scripting XSS Vulnerabilities 1. OVERVIEW Joomla! 1.7.0 stable version is vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system CMS for publishing content on the World Wide Web and intranets...

Mozilla Foundation Security Advisory 2011-40

Mozilla Foundation Security Advisory 2011-40 Title: Code installation through holding down Enter Impact: Critical Announced: September 27, 2011 Reporter: Mariusz Mlynski Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4 Description Marius...

[USN-1223-1] Puppet vulnerabilities

========================================================================== Ubuntu Security Notice USN-1223-1 September 30, 2011 puppet vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

Mozilla Foundation Security Advisory 2011-45

Mozilla Foundation Security Advisory 2011-45 Title: Inferring keystrokes from motion data Impact: Moderate Announced: September 27, 2011 Products: Firefox, SeaMonkey Fixed in: Firefox 7.0 SeaMonkey 2.4 Description University of California, Davis researchers Liang Cai and Hao Chen presented a pape...

XSS и FPD уязвимости в Adobe ColdFusion

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых уязвимостях в Adobe ColdFusion. Это Cross-Site Scripting и Full path disclosure уязвимости. XSS WASC-08: http://site/CFIDE/componentutils/componentdetail.cfm?component=3Cbody20onload=alertdocument.cookie3E...

Mozilla Foundation Security Advisory 2011-44

Mozilla Foundation Security Advisory 2011-44 Title: Use after free reading OGG headers Impact: Critical Announced: September 27, 2011 Reporter: sczimmer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Thunderbird 7.0 SeaMonkey 2.4 Description sczimmer reported that Firefox crashed...

Mozilla Foundation Security Advisory 2011-43

Mozilla Foundation Security Advisory 2011-43 Title: loadSubScript unwraps XPCNativeWrapper scope parameter Impact: Critical Announced: September 27, 2011 Reporter: David Rees Products: Firefox, SeaMonkey Fixed in: Firefox 7.0 SeaMonkey 2.4 Description David Rees reported that the JSSubScriptLoade...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple memory corruptions, crossite scripting, code executions, etc...

PHP is_a function vulnerability

Function behaviour is changed, making different application relying upon it behavior potentially vulnerable...

Linux kernel multiple security vulnerabilities

Multipe local DoS conditions, information leaks, IPv6 remote DoS, X.25 code execution...

Dolphin Browser HD / Opera Mobile XAS

Application can access browser's data...

Netgear CG814WG cable modem security vulnerability

CSRF, authentication bypass...

Apache Tomcat digest authentication vulnerabilities

Multiple implementation errors make authentication vulnerable to different attacks...

Sunway ForceControl multiple security vulnerabilities

Multiple buffer overflows, DoS conditions, directory traversal, ActiveX code execution...

Nomachine NX Server privilege escalation

shell code execution via environment variables manipulation for suid application...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

gimp memory corruption

Memory corruption on GIF LZW extraction...

Pantech Link/P7040P phones SSL certificate chain check vulnerabilities

Intermediate certificate basic constraints are not checked...

[USN-1211-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1211-1 September 21, 2011 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux

Vulnerable SUID script in nomachine NX Server for Linux 3.5.0-4 Advanced and Enterprise across redhat and debian hosts 21 September 2011 NGS Secure has discovered a High risk vulnerability in nomachine NX Server for Linux 3.5.0-4 Advanced and Enterprise across redhat and debian hosts. Impact:...