logrotate multiple security vulnerabilities

Race conditions, unfiltered shell characters vulnerability, DoS...

HTC Android devices directory traversal

OBEX FTP bluetooth request directory traversal...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

FreeRADIUS OCSP vulnerability

Revoked certificate may be used due to validation error...

opie security vulnerabilities

Privilege escalation, off-by-one buffer overflow...

D-link DPH 150SE/E/F1 IP Phones multiple security vulnerabilities

Multiple web interface unauthorized access possibilities...

Wireshark sniffer DoS

Infinite loop on Lucent/Ascend files parsing...

Cisco ASR 9000 DoS

Crash on IP packet processing...

Shibboleth / opensaml signature wrapping attacks

It's possible to spoof signed content...

kvm code execution

virtio commands processing code execution...

libpng library multiple security vulnerabilities

Multiple vulnerabilities on PNG parsing...

Securstar DriveCrypt multiple security vulnerabilities

DoS, information leakage, privilege escalation...

Elitecore Cyberoam UTM crossite scripting

Crossite scripting in Web interface...

Apple iOS (iOS) security vulnerabilities

Privilege escalation, code execution via PDF documents...

Likewise Open SQL injection

Privilege escalation is possible...

Apple iWork multiple security vulnerabilities

Memory corruptions on Word and Excel files processing...

libsndfile buffer overflow

Buffer overflow on Ensoniq PARIS Audio Format PAF parsing...

HTC / Android OBEX FTP Service Directory Traversal Vulnerability

Title: HTC / Android OBEX FTP Service Directory Traversal Author: Alberto Moreno Tablado Vendor: HTC Products: - HTC devices running Android 2.1 - HTC devices running Android 2.2 References:...

Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new multiple security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem wa...

APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update iOS 4.3.5 Software Update is now available and addresses the following: Data Security Available for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 GSM, iOS 3.1 through 4.3.4 for iPod touch 3rd...

Funnel Web (directory.php?cid) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web directory.php?cid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web"...

[SECURITY] [DSA 2282-1] qemu-kvm security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2282-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 25, 2011 http://www.debian.org/security/faq -...

[ MDVSA-2011:119 ] libsndfile

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:119 http://www.mandriva.com/security/ Package : libsndfile Date : July 25, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability was discovered and correcte...

Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities

Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting XSS Vulnerabilities 1. OVERVIEW Joomla! 1.7.0-RC and versions of 1.6.x are vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system CMS for publishing content on the Worl...

[SECURITY] [DSA 2285-1] mapserver security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2285-1 [email protected] http://www.debian.org/security/ Nico Golde July 26, 2011 http://www.debian.org/security/faq -...

Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability Advisory ID: cisco-sa-20110720-asr9k Revision 1.0 For Public Release 2011 July 20 1600 UTC GMT...

[USN-1175-1] libpng vulnerabilities

========================================================================== Ubuntu Security Notice USN-1175-1 July 26, 2011 libpng vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Funnel Web (selected_product.php?t) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web selectedproduct.php?t AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web"...

CobraScripts (search_result.php?cid) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability CobraScripts searchresult.php?cid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://cobrascripts.com/ Persian Gulf 4 Ever! Dork : "Powered by CobraScripts"...

Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Indonesia Web Design link-directory.php?cid link-directory.php?pid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.webhostingbali.com/ Persian Gulf 4 Ever! Dork : "Powere...

phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability

View here: https://www.stevenroddis.com/phpbb-ajax-chatshoutbox-mod-csrf-vulnerability/ Title: phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability Release Date: 2011-04-30 Product Affected: http://startrekaccess.com/community/viewtopic.php?f=127&t=8675 Responsible Disclosure: After repeated attempts ...

APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone iOS 4.2.10 Software Update for iPhone is now available and addresses the following: Data Security Available for: iOS 4.2.5 through 4.2.9 for iPhone 4 CDMA Impact: An attacker with a privilege...

[DSB-2011-01] Security Advisory FreeRADIUS 2.1.11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DFN-CERT Services GmbH - Security Advisory ========================================== Advisory: DSB-2011-01 Version: 1.0 Released on: 2011-07-22 Updated on: 2011-07-22 Product: FreeRADIUS 2.1.11 2011-06-29 Summary - ------- FreeRADIUS is a RADIUS serv...

Precision (products.php?cat_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Precision products.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.groupprecision.com/ Persian Gulf 4 Ever! Dork : "powered by Precision"...

CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution

?php / CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution PoC product homepage: http://arcserve.com/us/default.aspx file tested: CAARCserveD2DSetupBMR.zip tested against: Microsoft Windows Server 2003 r2 sp2 This software installs a Tomcat HTTP server...

Zones Web Solution (index.php?manufacturers_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Zones Web Solution index.php?manufacturersid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.zones.in/ Persian Gulf 4 Ever! Dork : "Powered By : Zones Web Solution"...

[USN-1171-1] Likewise Open vulnerability

========================================================================== Ubuntu Security Notice USN-1171-1 July 20, 2011 likewise-open vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

Funnel Web (pages.php?page) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web pages.php?page AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web"...

Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities Advisory ID: cisco-sa-20110720-sa500 Revision 1.0 For Public Release 2011 July 20 1600 UTC GMT...

[PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1

---------------------------------------------------------------------- PT-2011-08 Positive Technologies Security Advisory Multiple vulnerabilities in Dlink DPH 150SE/E/F1 ---------------------------------------------------------------------- --- Vulnerable platform Dlink DPH 150s IP Phone Firmwar...

OSI Security: Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability

Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability http://www.osisecurity.com.au/advisories/cyberoam-authenticated-cross-site-scripting Release Date: 20-Jul-2011 Software: Elitecore Technologies - Cyberoam http://www.cyberoam.com/ "Cyberoam Unified Threat Management...

Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web items.php?&catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web" "inurl:items.ph...

DotComEgypt (products.php?cat_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability DotComEgypt products.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.dotcomegypt.com/ Persian Gulf 4 Ever! Dork : "Powered by DotCom" "inurl:products.php?catid=...

Lava (news_item.php?id) (album.php?id) (basket.php?baction) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Lava newsitem.php?id album.php?id basket.php?baction AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.lava.com.ua/ Persian Gulf 4 Ever! Dork : " "Lava""...

[ MDVSA-2011:118 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:118 http://www.mandriva.com/security/ Package : wireshark Date : July 24, 2011 Affected: 2010.1, Enterprise Server 5.0 Problem Description: This advisory updates wireshark to the latest version 1.2.18, fixin...

PHP-Barcode 0.3pl1 Remote Code Execution

PHP-Barcode 0.3pl1 Remote Code Execution ================================= The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows...

APPLE-SA-2011-07-20-2 iWork 9.1 Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-2 iWork 9.1 Update iWork 9.1 Update is now available and addresses the following: Numbers Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Excel file may lead to an unexpected application termination or...

[SECURITY] [DSA 2281-1] opie security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2281-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 21, 2011 http://www.debian.org/security/faq -...

[PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker

---------------------------------------------------------------------- PT-2011-25 Positive Technologies Security Advisory SQL injection vulnerabilities in Support Incident Tracker ---------------------------------------------------------------------- --- Vulnerable software SiT! Version 3.63p1 an...

[PT-2011-05] Cross-Site Scripting in Koha Library Software

---------------------------------------------------------------------- PT-2011-05 Positive Technologies Security Advisory Cross-Site Scripting in Koha Library Software ---------------------------------------------------------------------- --- Vulnerable software Koha Library Software version 3.2....