47153 matches found
ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability
ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-256 August 16, 2011 -- CVE ID: CVE-2011-0248 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
Nortel / Avaya Media Application Server buffer overflow
Buffer overflow on TCP/52005 request parsing...
ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication On-Premise Advisories Updated August 11, 2011 Summary: An issue with Adaptive Authentication On-Premise was discovered which in certain circumstances...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CA20110809-01: Security Notice for CA ARCserve D2D
CA20110809-01: Security Notice for CA ARCserve D2D Issued: August 9, 2011 CA Technologies support is alerting customers to a security risk associated with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to access credentials and execute arbitrary commands. CA Technologies...
[security bulletin] HPSBHF02699 SSRT100592 rev.1 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02950841 Version: 1 HPSBHF02699 SSRT100592 rev.1 - HP ProLiant SL Advanced Power Manager SL-APM, Remote User Validation Failure NOTICE: The information in this Security Bulletin should be acted...
[oCERT-2011-002] libavcodec insufficient boundary check
2011-002 libavcodec insufficient boundary check Description: The libavcodec library, an open source video encoding/decoding library part of the FFmpeg and Libav projects, performs insufficient boundary check against a buffer index. The missing check can result in arbitrary read/write of data...
libavcodec / FFmpeg / MPlayer buffer overflow
Buffer overflow in CAVS decoding...
CA ARCserve D2D unauthorized access
Information leakage and code execution while processing TCP/8014 HTTP RPC request...
[security bulletin] HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02937744 Version: 1 HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon...
Adobe Flash Media Server DoS
Memory corruption...
Adobe Photoshop memory corruption
Memory corruption on GIF parsing...
[security bulletin] HPSBPI02698 SSRT100404 rev.1 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02949847 Version: 1 HPSBPI02698 SSRT100404 rev.1 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be...
HP ProLiant SL Advanced Power Manager unauthorized access
No description provided...
iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow
iDefense Security Advisory 08.09.11 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 09, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash lets you put animation and movies on a...
iDefense Security Advisory 08.09.11: Adobe Flash Player ActionScript Display Memory Corruption Vulnerability
iDefense Security Advisory 08.09.11 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 09, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash lets you put animation and movies on a...
[SECURITY] [DSA 2289-1] typo3-src security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2289-1 [email protected] http://www.debian.org/security/ Florian Weimer August 07, 2011 http://www.debian.org/security/faq -...
[security bulletin] HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02945437 Version: 1 HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon...
HP Palm WebOS crossite scripting
Crossite scripting in Contacts and Calendar applications...
Mambo CMS 4.6.x (4.6.5) | SQL Injection
Mambo CMS 4.6.x 4.6.5 | SQL Injection 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to complex corporate applications. It is used...
[USN-1188-1] eCryptfs vulnerabilities
========================================================================== Ubuntu Security Notice USN-1188-1 August 09, 2011 ecryptfs-utils vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
HP OpenView Performance Insight security vulnerabilities
Crossite scripting, unauthorized access...
Amigot Corp (story.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Amigot Corp story.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://amigot.com/ Persian Gulf 4 Ever! Dork : "Powered By Amigot Corp" "inurl:story.php?id=" Exploite:...
Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials
FYI, we have published a fix for this issue. https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO33517&os=W INDOWS&actionID=3 A formal security notice will be published next week. Thanks and regards, Ken Williams, Director CA Technologies Product Vulnerability Response Team CA...
Multiple XSS in eShop for Wordpress
Vulnerability ID: HTB23034 Reference: http://www.htbridge.ch/advisory/multiplexssineshopforwordpress.html Product: eShop for Wordpress Vendor: Rich Pedley http://wordpress.org/extend/plugins/eshop/ Vulnerable Version: 6.2.8 and probably prior Tested on: 6.2.8 Vendor Notification: 20 July 2011...
Android application spoofing
Application can emulate logon window of different application...
6House Design (product_details.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability 6House Design productdetails.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://sixhousedesign.com/ Persian Gulf 4 Ever! Dork : "Designed By: 6House Design"...
TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability
TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-12 August 8, 2011 -- CVSS: 8.3, AV:N/AC:M/Au:N/C:P/I:P/A:C -- Affected Vendors: McAfee -- Affected Products: McAfee...
Arte Dude (collections.php?id) (property.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Arte Dude collections.php?id property.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.artdudegraphics.com/ Persian Gulf 4 Ever! Dork : "inurl:property.php?id=" "an...
McAfee Security-as-a-Service ActiveX code execution
Insecure methods in MyAsUtil5.2.0.603.dll, myCIOScn.dll...
Microsoft Windows DNS server security vulnerabilities
Memory corruption on NAPTR record handling, uninitialized memory access on non-existent domain lookup...
Webdesigns-studio (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities
IRANIAN THE BEST HACKERS IN THE WORLD Cross Site Scripting Vulnerabilities Webdesigns-studio sysMsg.php?errMsg AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://webdesigns-studio.com/ Persian Gulf 4 Ever! Dork : "Designed and Developed by...
Liberating IT (picture.php?gid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Liberating IT picture.php?gid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.liberatingit.com/ Persian Gulf 4 Ever! Dork : "Web Design by LiberatingIT.com"...
SEO New York (prod.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability SEO New York prod.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.eyesonnet.com/ Persian Gulf 4 Ever! Dork : "Powered by:SEO New York" "inurl:prod.php?id" Exploite...
Chezola Systems (display-section.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Chezola Systems display-section.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://chezolasystems.com/ Persian Gulf 4 Ever! Dork : "Powered by Chezola Systems Canada Inc"...
Microsoft Internet Explorer multiple security vulnerabilities
Multiple memory corruptions, crossite data access, code execution...
Web Design Sydney (news-item.php?id) (news-item.php?newsid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Web Design Sydney news-item.php?id news-item.php?newsid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.milkdigital.com.au/ Persian Gulf 4 Ever! Dork : "web design sydney...
XWeavers (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities
IRANIAN THE BEST HACKERS IN THE WORLD Cross Site Scripting Vulnerabilities XWeavers sysMsg.php?errMsg AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://xweavers.com/ Persian Gulf 4 Ever! Dork : "Designed and Developed by XWeavers.com" Exploite:...
SQL injection in Social Slider
Vulnerability ID: HTB23033 Reference: http://www.htbridge.ch/advisory/sqlinjectioninsocialslider.html Product: Social Slider Vendor: Lukasz Wiecek http://wiecek.pl Vulnerable Version: 5.6.2 and probably prior Tested on: 5.6.2 Vendor Notification: 20 July 2011 Vulnerability Type: SQL Injection Ris...
Многичесленные уязвимости в Register Plus Redux для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною многочисленных Cross-Site Scripting уязвимостях в плагине Register Plus Redux для WordPress. XSS persistent WASC-08: Есть много persistent XSS уязвимостей в настойках плагина http://site/wp-admin/options-general.php?page=register-plus-redux. В...
Fwd: {Lostmonґs Group} Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability
Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability Vendor URL: http://www.microsoft.com Advisore: http://lostmon.blogspot.com/2011/08/internet-explorer-6-7-and-8-windowopen.html Coordinate Dislcosure: YES exploit available: Private CVE-2011-1257 and MS011-57 Microsoft Internet...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Synchrony Infotech (product_details.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Synchrony Infotech productdetails.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.synchrony.co.in/ Persian Gulf 4 Ever! Dork : "Designed by synchrony infotech."...
ZDI-11-247: Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability
ZDI-11-247: Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-247 August 9, 2011 -- CVE ID: CVE-2011-1963 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Avant-Garde Technologies display-section.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.agtsindia.com/ Persian Gulf 4 Ever! Dork : "Powered by Avant-Garde...
[security bulletin] HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02942411 Version: 1 HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access NOTICE: The information in this Security Bulletin should be acted up...
EasyContent CMS (participant.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability EasyContent CMS participant.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.emmattweb.com/ Persian Gulf 4 Ever! Dork : "Powered by EasyContent CMS"...
ZDI-11-248: Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability
ZDI-11-248: Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-248 August 9, 2011 -- CVE ID: CVE-2011-1964 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
TWSL2011-008: Focus Stealing Vulnerability in Android
Trustwave's SpiderLabs Security Advisory TWSL2011-008: Focus Stealing Vulnerability in Android https://www.trustwave.com/spiderlabs/advisories/TWSL2011-008.txt Published: 2011-08-06 Version: 1.0 Vendor: Google http://www.android.com/ Product: Android Versions affected: Tested on 2.1 - 2.3 Other...
ZDI-11-249: (Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability
ZDI-11-249: Pwn2Own Microsoft Internet Explorer Protected Mode Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-249 August 9, 2011 -- CVSS: 6.4, AV:N/AC:L/Au:N/C:P/I:P/A:N -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPointTM IPS...