47153 matches found
Apple iOS (iOS) security vulnerabilities
Privilege escalation, code execution via PDF documents...
XSS in Tiki Wiki CMS Groupware
Vulnerability ID: HTB23027 Reference: http://www.htbridge.ch/advisory/xssintikiwikicmsgroupware.html Product: Tiki Wiki CMS Groupware Vendor: info.tiki.org http://info.tiki.org Vulnerable Version: 7.0 and probably prior Tested on: 7.0 Vendor Notification: 29 June 2011 Vulnerability Type: XSS Cros...
Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Indonesia Web Design link-directory.php?cid link-directory.php?pid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.webhostingbali.com/ Persian Gulf 4 Ever! Dork : "Powere...
[SECURITY] [DSA 2284-1] opensaml2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2284-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 25, 2011 http://www.debian.org/security/faq -...
[PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker
---------------------------------------------------------------------- PT-2011-25 Positive Technologies Security Advisory SQL injection vulnerabilities in Support Incident Tracker ---------------------------------------------------------------------- --- Vulnerable software SiT! Version 3.63p1 an...
[ MDVSA-2011:119 ] libsndfile
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:119 http://www.mandriva.com/security/ Package : libsndfile Date : July 25, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability was discovered and correcte...
APPLE-SA-2011-07-20-2 iWork 9.1 Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-2 iWork 9.1 Update iWork 9.1 Update is now available and addresses the following: Numbers Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Excel file may lead to an unexpected application termination or...
ZDI-11-238: Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability
ZDI-11-238: Oracle Secure Backup validatelogin Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-238 July 21, 2011 -- CVE ID: CVE-2011-2261 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Oracle -- Affected Products: Oracle Secu...
Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability - Security Advisory - SOS-11-009
Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102 Patch12 build b31g-fcs verified and possibly others Severi...
NGS00042 Patch Notification: Solaris USB configuration descriptor kernel stack overflow
Solaris USB configuration descriptor kernel stack overflow CVE-2011-2295 25 July 2011 Andy Davis of NGS Secure has discovered a High risk vulnerability in Oracle Solaris. A local attacker can send a malformed USB configuration descriptor via a malicious USB device and trigger a kernel stack...
Apache mod_authnz_external module SQL injection
SQL injection via username...
CA20110720-01: Security Notice for CA Gateway Security and Total Defense
-----BEGIN PGP SIGNED MESSAGE----- CA20110720-01: Security Notice for CA Gateway Security and Total Defense Issued: July 20, 2011 CA Technologies support is alerting customers to a security risk with CA Gateway Security. A vulnerability exists that can allow a remote attacker to execute arbitrary...
[SECURITY] [DSA 2280-1] libvirt security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2280-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq -...
libvirt integer overflow
No description provided...
Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure
Name: Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure Vulnerability Author: Adi Cohen of IBM Rational Application Security [email protected] Date: June 14, 2011 Risk: Medium CVE: CVE-2011-1252 Introduction ------------- The JavaScript function toStaticHTML, which i...
iDefense Security Advisory 07.20.11: Multiple Vendor WebKit MathML Use-After-Free Vulnerability
iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND MathML is an XML-based markup language used to describe mathematical operations. It can be embedded inside of HTML and is supported by the WebKit engine. II. DESCRIPTION Remote...
APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 Safari 5.1 and Safari 5.0.6 are now available and address the following: CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross-...
Microsoft Internet Explorer multiple security vulnerabilities
mhtml handler cross application scripting, VML processor memory corruption, multiple internet explorer memory corruptions, information leakage...
iDefense Security Advisory 07.20.11: Safari WebKit TIFF Use-After-Free Vulnerability
iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see the vendor's sit...
iDefense Security Advisory 07.20.11: Multiple Vendor WebKit SVG animVal Memory Corruption Vulnerability
iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see the vendor's sit...
Foxit Reader Insecure Library Loading
Vulnerability title: Foxit Reader Insecure Library Loading CVSS Risk Rating: 2.9 Low Product: Foxit Reader Application Vendor: Foxit Vendor URL: http://www.foxitsoftware.com Public disclosure date: 7/21/2011 Discovered by: Jose Hernandez and Solutionary Engineering Research Team SERT Solutionary...
ZDI-11-237: CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability
ZDI-11-237: CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-237 July 20, 2011 -- CVE ID: CVE-2011-2667 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Tota...
iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability
iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see the vendor's sit...
CA Gateway Security / Total Defense memory corruption
Memory corruption on TCP/8080 HTTP request parsing...
[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2279-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq -...
iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability
iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND Safari is Apple's web browser, and is based on the open source WebKit browser engine. MobileSafari is Safari for Apple's mobile devices including the iPad and iPhone. For more...
Apache Tomcat information leakage
Some security limitations are not checked for sendfile...
Torque Server buffer overflow
Buffer overflow on oversized job name...
EMC Documentum eRoom
HummingBird Client Connector buffer overflow and code execution...
Oracle / Sun / Peoplesoft applications multiple security vulnerabilities
CPU closes nearly 90 of different vulnerabilities in different applications...
Citrix Access Gateway ActiveX buffer overflow
Buffer overflow on server data parsing...
Code Execution уязвимости в TinyBrowser
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Code Execution уязвимостях в TinyBrowser. Code Execution WASC-31: Возможно исполнения кода в TinyBrowser на веб серверах IIS и Apache. Которое возможно через обход защитных фильтров веб приложения. Код исполнится через загрузку файла. Программа...
Alice (Telefonica Germany) Modem 1111 DoS + XSS
German ISP 'Alice' has been shipping custom embedded devices DSL modems/routers etc. for the past few years. Their first self-branded DSL modem, Alice Modem 1111, using firmware version 4.19, is prone to at least the following two security vulnerabilities after it has passed initial configuration...
Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal() Remote Registry Dump Vulnerability
!-- Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal Remote Registry Dump Vulnerability download uri: ftp://ftp.us.dell.com/sysman/OM-ITAssistant-Dell-Web-WIN-6.5.0-2247A01.21.exe ActiveX settings: CLSID: 6286EF1A-B56E-48EF-90C3-743410657F3C ProgID:...
Alice 1111 ADSL modem security vulnerabilities
DoS, crossite scripting...
Torque Server Buffer Overflow Vulnerability
Name: Torque Server Buffer Overflow Vulnerability Author: Adam Zabrocki [email protected] Bartlomiej Balcerek [email protected] Maciej Kotowicz [email protected] Date: March 27, 2011 Risk: Moderate CVE: CVE-2011-2193 Description: TORQUE Resource Manager provides control over batch jobs and...
Dell IT Assistant ActiveX information leakage
readRegVal allows registry values access...
CVE-2010-2404 | Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment - E-Business Suite
Advisory: Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment File Uploading Module- E-Business Suite CVE-2010-2404 Version Affected - 11.5.10.2, 12.0.6, 12.1.3 About: Oracle I-Recruitment Suite Oracle iRecruitment is a web based full-cycle recruiting solution that gives manager...
[SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-2526: Apache Tomcat Information disclosure and availability vulnerabilities Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.18 Tomcat 6.0.0 to 6.0.32 Tomcat 5.5.0 to 5.0.33 Previous, unsupported...
ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability EMC Identifier: ESA-2011-022 CVE Identifier: CVE-2011-1741 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected...
ZDI-11-236: EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability
ZDI-11-236: EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-236 July 18, 2011 -- CVE ID: CVE-2011-1741 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: EMC -- Affected Products:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[oCERT-2011-001] Chyrp input sanitization errors
2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...
iDefense Security Advisory 07.14.11: Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability
iDefense Security Advisory 07.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 14, 2011 I. BACKGROUND Citrix's Access Gateway solution provides remote access to customers via the Web browser. This is accomplished through the use of an ActiveX control that enables an SSL based VPN...
Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new multiple security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem wa...
Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new multiple security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem wa...
APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update iOS 4.3.4 Software Update is now available and addresses the following: CoreGraphics Available for: iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 GSM, iOS 3.1 through 4.3.3 for iPod touch 3rd...
APPLE-SA-2011-07-15-2 iOS 4.2.9 Software Update for iPhone
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-15-2 iOS 4.2.9 Software Update for iPhone iOS 4.2.9 Software Update for iPhone is now available and addresses the following: CoreGraphics Available for: iOS 4.2.5 through 4.2.8 for iPhone 4 CDMA Impact: Viewing a maliciously crafted P...
PalTalk messenger ActiveX insecure methods
It's possible to save files into arbitrary locations...
apt GPG signature check vulnerability
GPG sugnatures are incorrectly validated...