47153 matches found
[SECURITY] [DSA 2285-1] mapserver security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2285-1 [email protected] http://www.debian.org/security/ Nico Golde July 26, 2011 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SECURITY] [DSA 2281-1] opie security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2281-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 21, 2011 http://www.debian.org/security/faq -...
Apple iWork multiple security vulnerabilities
Memory corruptions on Word and Excel files processing...
APPLE-SA-2011-07-20-2 iWork 9.1 Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-2 iWork 9.1 Update iWork 9.1 Update is now available and addresses the following: Numbers Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Excel file may lead to an unexpected application termination or...
Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability Advisory ID: cisco-sa-20110720-asr9k Revision 1.0 For Public Release 2011 July 20 1600 UTC GMT...
Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Indonesia Web Design link-directory.php?cid link-directory.php?pid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.webhostingbali.com/ Persian Gulf 4 Ever! Dork : "Powere...
Shibboleth / opensaml signature wrapping attacks
It's possible to spoof signed content...
Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web items.php?&catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web" "inurl:items.ph...
CobraScripts (search_result.php?cid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability CobraScripts searchresult.php?cid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://cobrascripts.com/ Persian Gulf 4 Ever! Dork : "Powered by CobraScripts"...
HTC Android devices directory traversal
OBEX FTP bluetooth request directory traversal...
TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain
Trustwave's SpiderLabs Security Advisory TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt Published: 2011-07-25 Version: 1.0 Vendor: Apple http://www.apple.com Product: iOS Version affected: Versions Prior to...
Funnel Web (directory.php?cid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web directory.php?cid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web"...
libsndfile buffer overflow
Buffer overflow on Ensoniq PARIS Audio Format PAF parsing...
logrotate multiple security vulnerabilities
Race conditions, unfiltered shell characters vulnerability, DoS...
[ MDVSA-2011:118 ] wireshark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:118 http://www.mandriva.com/security/ Package : wireshark Date : July 24, 2011 Affected: 2010.1, Enterprise Server 5.0 Problem Description: This advisory updates wireshark to the latest version 1.2.18, fixin...
opie security vulnerabilities
Privilege escalation, off-by-one buffer overflow...
[USN-1175-1] libpng vulnerabilities
========================================================================== Ubuntu Security Notice USN-1175-1 July 26, 2011 libpng vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
libpng library multiple security vulnerabilities
Multiple vulnerabilities on PNG parsing...
[PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1
---------------------------------------------------------------------- PT-2011-08 Positive Technologies Security Advisory Multiple vulnerabilities in Dlink DPH 150SE/E/F1 ---------------------------------------------------------------------- --- Vulnerable platform Dlink DPH 150s IP Phone Firmwar...
[SECURITY] [DSA 2284-1] opensaml2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2284-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 25, 2011 http://www.debian.org/security/faq -...
APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone iOS 4.2.10 Software Update for iPhone is now available and addresses the following: Data Security Available for: iOS 4.2.5 through 4.2.9 for iPhone 4 CDMA Impact: An attacker with a privilege...
Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability
Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...
D-link DPH 150SE/E/F1 IP Phones multiple security vulnerabilities
Multiple web interface unauthorized access possibilities...
Wireshark sniffer DoS
Infinite loop on Lucent/Ascend files parsing...
HTC / Android OBEX FTP Service Directory Traversal Vulnerability
Title: HTC / Android OBEX FTP Service Directory Traversal Author: Alberto Moreno Tablado Vendor: HTC Products: - HTC devices running Android 2.1 - HTC devices running Android 2.2 References:...
Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new multiple security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem wa...
[ MDVSA-2011:119 ] libsndfile
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:119 http://www.mandriva.com/security/ Package : libsndfile Date : July 25, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability was discovered and correcte...
Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting XSS Vulnerabilities 1. OVERVIEW Joomla! 1.7.0-RC and versions of 1.6.x are vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system CMS for publishing content on the Worl...
[PT-2011-05] Cross-Site Scripting in Koha Library Software
---------------------------------------------------------------------- PT-2011-05 Positive Technologies Security Advisory Cross-Site Scripting in Koha Library Software ---------------------------------------------------------------------- --- Vulnerable software Koha Library Software version 3.2....
XSS in Tiki Wiki CMS Groupware
Vulnerability ID: HTB23027 Reference: http://www.htbridge.ch/advisory/xssintikiwikicmsgroupware.html Product: Tiki Wiki CMS Groupware Vendor: info.tiki.org http://info.tiki.org Vulnerable Version: 7.0 and probably prior Tested on: 7.0 Vendor Notification: 29 June 2011 Vulnerability Type: XSS Cros...
Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation
===============================ADVISORY=============================== Advisory: Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation Advisory ID: DSEC-2011-0001 Author: Neil Kettle, Digit Security Ltd Affected Software: Securstar DriveCrypt Vendor URL:...
FreeRADIUS OCSP vulnerability
Revoked certificate may be used due to validation error...
PHP-Barcode 0.3pl1 Remote Code Execution
PHP-Barcode 0.3pl1 Remote Code Execution ================================= The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows...
Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities Advisory ID: cisco-sa-20110720-sa500 Revision 1.0 For Public Release 2011 July 20 1600 UTC GMT...
[PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker
---------------------------------------------------------------------- PT-2011-25 Positive Technologies Security Advisory SQL injection vulnerabilities in Support Incident Tracker ---------------------------------------------------------------------- --- Vulnerable software SiT! Version 3.63p1 an...
Cisco ASR 9000 DoS
Crash on IP packet processing...
DotComEgypt (products.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability DotComEgypt products.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.dotcomegypt.com/ Persian Gulf 4 Ever! Dork : "Powered by DotCom" "inurl:products.php?catid=...
Likewise Open SQL injection
Privilege escalation is possible...
Funnel Web (selected_product.php?t) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web selectedproduct.php?t AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web"...
Funnel Web (pages.php?page) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web pages.php?page AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web"...
[USN-1172-1] logrotate vulnerabilities
========================================================================== Ubuntu Security Notice USN-1172-1 July 21, 2011 logrotate vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
phpMyAdmin 3.x Conditional Session Manipulation
phpMyAdmin 3.x Conditional Session Manipulation Advisory from ???????????????????????????????????????????????.??? ??':????:'?????????????????????????????????????????::?????'??'.? ????'.??.'?????????????????????????????????????????????????????? ?????'..'???????..???..?????????:':??????????...
Precision (products.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Precision products.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.groupprecision.com/ Persian Gulf 4 Ever! Dork : "powered by Precision"...
[DSB-2011-01] Security Advisory FreeRADIUS 2.1.11
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DFN-CERT Services GmbH - Security Advisory ========================================== Advisory: DSB-2011-01 Version: 1.0 Released on: 2011-07-22 Updated on: 2011-07-22 Product: FreeRADIUS 2.1.11 2011-06-29 Summary - ------- FreeRADIUS is a RADIUS serv...
[USN-1171-1] Likewise Open vulnerability
========================================================================== Ubuntu Security Notice USN-1171-1 July 20, 2011 likewise-open vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update iOS 4.3.5 Software Update is now available and addresses the following: Data Security Available for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 GSM, iOS 3.1 through 4.3.4 for iPod touch 3rd...
Elitecore Cyberoam UTM crossite scripting
Crossite scripting in Web interface...
kvm code execution
virtio commands processing code execution...
Securstar DriveCrypt multiple security vulnerabilities
DoS, information leakage, privilege escalation...