Securityvulns - Page 182 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2011/07/06 12:0 a.m.•57 views

[security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02872182 Version: 3 HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as...

10CVSS1.1AI score0.89159EPSS

securityvulns•added 2011/07/06 12:0 a.m.•66 views

Multiple Cross-Site Scripting vulnerabilities in WebCalendar

Advisory: Multiple Cross-Site Scripting vulnerabilities in WebCalendar Advisory ID: SSCHADV2011-008 Author: Stefan Schurtz Affected Software: Version 1.2.3 and probably prior versions Vendor URL: http://www.k5n.us/webcalendar.php Vendor Status: informed CVE-ID: - ==========================...

securityvulns•added 2011/07/06 12:0 a.m.•75 views

Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD)

OpenSSH FreeBSD Remote Root Exploit By Kingcope Year 2011 Unlocks SSH-1.99-OpenSSH3.4p1 FreeBSD-20020702 Unlocks SSH-1.99-OpenSSH3.4p1 FreeBSD-20030924 run like ./ssh -1 -z yourip target setup a netcat, port 443 on yourip first a statically linked linux binary of the exploit can be found below...

securityvulns•added 2011/07/06 12:0 a.m.•60 views

bcksrvr format string in Sybase Adaptive Server 15.5

Luigi Auriemma Application: Sybase Adaptive Server http://www.sybase.com/products/databasemanagement/adaptiveserverenterprise Versions: = 15.5 Platforms: Solaris, Windows, Linux, AIX, HP Bug: format string in bcksrvr Exploitation: remote, versus server Date: 27 Jun 2011 found 28 Oct 2010 Author:...

securityvulns•added 2011/07/06 12:0 a.m.•42 views

Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2

Luigi Auriemma Application: Novell ZenWorks Handheld Management http://www.novell.com/products/zenworks/handhelds/ Versions: = 7.0.2.61213 Platforms: Windows, Linux, NetWare Bug: upload directory traversal Exploitation: remote, versus server Date: 27 Jun 2011 found 25 Apr 2011 Author: Luigi...

securityvulns•added 2011/07/06 12:0 a.m.•53 views

NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow

Apple Mac OS X ImageIO TIFF Heap Overflow - CVE-2011-0204 28/06/2011 Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Versions affected...

6.8CVSS0.4AI score0.04475EPSS

securityvulns•added 2011/07/06 12:0 a.m.•69 views

CORE-2011-0514: Multiple vulnerabilities in HP Data Protector

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protector Advisory ID: CORE-2011-0514 Advisory URL:...

10CVSS0.3AI score0.89159EPSS

securityvulns•added 2011/07/06 12:0 a.m.•46 views

NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows

======= Summary ======= Name: OS X 10.6.6 Camera Raw Library Memory Corruption Release Date: 28 June 2011 Reference: NGS00052 Discoverer: Paul Harrington [email protected] Vendor: Apple Vendor Reference: 140299872 Systems Affected: OS X 10.6.6 with RawCamera.bundle 3.6 Risk: High...

securityvulns•added 2011/07/06 12:0 a.m.•46 views

NetBSD 5.1 libc/net multiple functions stack buffer overflow

NetBSD 5.1 libc/net multiple functions stack buffer overflow Author: Maksymilian Arciemowicz http://netbsd.org/donations/ Date: - Dis.: 01.04.2011 - Pub.: 01.07.2011 CVE: CVE-2011-1656 CWE: CWE-121 Affected software: - NetBSD 5.1 fixed Affected functions: - getservbyname3 - getservbynamer3 -...

securityvulns•added 2011/07/06 12:0 a.m.•243 views

Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

securityvulns•added 2011/07/06 12:0 a.m.•62 views

CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ HP Data Protector EXECCMD Buffer Overflow Vulnerability 1. Advisory Information Title: HP Data Protector EXECCMD Buffer Overflow Vulnerability Advisory ID: CORE-2011-0606...

10CVSS0.3AI score0.56812EPSS

securityvulns•added 2011/07/06 12:0 a.m.•56 views

[security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02901775 Version: 1 HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager UAM and Endpoint Admission Defense EAD, Remote Execution of Arbitrary Code NOTICE: The...

10CVSS0.8AI score0.4584EPSS

securityvulns•added 2011/07/06 12:0 a.m.•58 views

ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability

ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-230 June 29, 2011 -- CVE ID: CVE-2011-0211 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktim...

6.8CVSS0.7AI score0.01404EPSS

securityvulns•added 2011/07/06 12:0 a.m.•53 views

[SECURITY] [DSA 2270-1] qemu-kvm security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2270-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 01, 2011 http://www.debian.org/security/faq -...

5.8CVSS1.9AI score0.00602EPSS

securityvulns•added 2011/07/06 12:0 a.m.•34 views

NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation

======= Summary ======= Name: Cisco VPN Client Privilege Escalation Release Date: 28 June 2011 Reference: NGS00051 Discoverer: Gavin Jones [email protected] Vendor: Cisco Vendor Reference: Systems Affected: Cisco VPN client Windows 64 Bit Risk: High Status: Fixed ======== TimeLine =======...

securityvulns•added 2011/07/06 12:0 a.m.•51 views

[USN-1163-1] Bind vulnerability

========================================================================== Ubuntu Security Notice USN-1163-1 July 05, 2011 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

5CVSS0.2AI score0.16206EPSS

securityvulns•added 2011/07/06 12:0 a.m.•30 views

in_midi multiple vulnerabilities in Winamp 5.61

Luigi Auriemma Application: Winamp http://www.winamp.com Versions: = 5.61 Platforms: Windows Bugs: A inmidi Controller messages heap overflow B inmidi Note On messages heap overflow C inmidi MTrk heap overflow Date: 27 Jun 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1...

securityvulns•added 2011/07/06 12:0 a.m.•65 views

Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities

Joomla! 1.6.3 and lower | Multiple Cross Site Scripting XSS Vulnerabilities 1. OVERVIEW Joomla! 1.6.3 and lower are vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system CMS for publishing content on the World Wide Web and...

securityvulns•added 2011/07/06 12:0 a.m.•73 views

FCKeditor Multiple 0day Vulnerabilities

========================================== FCKeditor Multiple 0day Vulnerabilities ========================================== The largest Exploit Database in the world ! Greetz to Inj3ct0r Cr3w 1337day.com Greetz to R0073r "Sid3^effects - Were ya @ Bro" indoushka XroGuE gunslinger KedAns-Dz L0rd...

securityvulns•added 2011/07/06 12:0 a.m.•40 views

ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability

ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-232 July 1, 2011 -- CVE ID: CVE-2011-1867 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...

10CVSS0.6AI score0.4584EPSS

securityvulns•added 2011/07/06 12:0 a.m.•52 views

NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow

======= Summary ======= Name: Apple Mac OS X ImageIO TIFF Integer Overflow Release Date: 28 June 2011 Reference: NGS00057 Discoverer: Dominic Chell [email protected] Vendor: Apple Vendor Reference: 142522746 Systems Affected: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through...

securityvulns•added 2011/07/06 12:0 a.m.•155 views

SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress

SEC Consult Vulnerability Lab Security Advisory 20110701-0 ======================================================================= title: Multiple SQL Injection Vulnerabilities product: WordPress vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions fixed version: 3.1.4/3.2-RC3 impact:...

securityvulns•added 2011/07/06 12:0 a.m.•83 views

Apple Mac OS X multiple security vulnerabilities

DoS conditions, buffer overflows, information leaks, code execution in different subsystems...

10CVSS2.8AI score0.2471EPSS

Exploits21References7Affected Software1

securityvulns•added 2011/07/04 12:0 a.m.•20 views

Ashampoo 3D CAD ActiveX unsafe method

Unsafe SaveData method allows to create files...

Exploits0References1

securityvulns•added 2011/07/04 12:0 a.m.•20 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References1

securityvulns•added 2011/07/04 12:0 a.m.•26 views

Citrix EdgeSight buffer overflow

Buffer overflow on TCP/18747 request parsing...

Exploits0References1

securityvulns•added 2011/07/04 12:0 a.m.•29 views

Novell File Reporter Engine buffer overflow

Buffer overflow on TCP/3035 HTTPs response parsing...

10CVSS2.2AI score0.28938EPSS

Exploits0References1

securityvulns•added 2011/07/04 12:0 a.m.•51 views

Apple QuickTime multiple security vulnerabilities

Memory corruptions on MPEG, Sorenson, AVI, JP2, FlashPix, GIF, PICT, QTVR and another video formats parsing...

9.3CVSS4AI score0.08EPSS

Exploits4References7Affected Software1

securityvulns•added 2011/07/04 12:0 a.m.•54 views

Asterisk user account enumeration

Different replies on mismatched usernames and passwords...

5CVSS2.4AI score0.00187EPSS

Exploits0References1Affected Software1

securityvulns•added 2011/07/04 12:0 a.m.•41 views

pidgin instant messenger DoS

Memory exhaustion on GIF icons parsing...

4.3CVSS3.9AI score0.00677EPSS

Exploits1References1Affected Software1

securityvulns•added 2011/07/04 12:0 a.m.•63 views

smallftp DoS

Connection flood causes server to hang or crash...

Exploits0References1Affected Software1

securityvulns•added 2011/07/04 12:0 a.m.•66 views

ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability

ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-227 June 27, 2011 -- CVE ID: CVE-2011-2220 -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P -- Affected Vendors: Novell -- Affected Products: Novell File...

10CVSS0.5AI score0.28938EPSS

securityvulns•added 2011/07/04 12:0 a.m.•33 views

Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method

Vulnerability ID: HTB23019 Reference: http://www.htbridge.ch/advisory/ashampoo3dcadprofessional3activexcontrolinsecuremethod.html Product: Ashampoo 3D CAD Professional 3 Vendor: Ashampoo GmbH Co http://www.ashampoo.com Vulnerable Version: 3.0.1 and probably prior Tested on: 3.0.1 Vendor...

securityvulns•added 2011/07/04 12:0 a.m.•16 views

Multiple vulnerabilities in Winamp 5.61

Luigi Auriemma Application: Winamp http://www.winamp.com Versions: = 5.61 Platforms: Windows Bugs: A vp6 heap corruption B h263 heap corruption C nsvdecvp5 frame heap overflow D nsvdecvp6 frame integer overflow E nsvdecvp3 frame heap overflow F inmod heap corruption Date: 27 Jun 2011 Author: Luig...

securityvulns•added 2011/07/04 12:0 a.m.•38 views

ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability

ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-226 June 27, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Citrix -- Affected Products: Citrix EdgeSight -- TippingPointTM IPS Customer...

securityvulns•added 2011/07/04 12:0 a.m.•58 views

smallftpd <= 1.0.3-fix | Connection Saturation Remote Denial of Service Vulnerability

smallftpd = 1.0.3-fix | Connection Saturation Remote Denial of Service Vulnerability 1. OVERVIEW The smallftpd FTP server is found to be vulnerable to denial of service in handling multiple connection requests regardless of its maximum connection settings. Upon successful DoS exploit, the smallft...

securityvulns•added 2011/07/04 12:0 a.m.•44 views

Уязвимости в модуле Print для Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality и Insufficient Anti-automation уязвимостях в модуле Print для Drupal. Abuse of Functionality WASC-42: Форму отправки контента по электронной почте http://site/printmail/1 можно использовать для отправки спама, при этом можно...

securityvulns•added 2011/07/04 12:0 a.m.•54 views

ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability

ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-228 June 29, 2011 -- CVE ID: CVE-2011-0200 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Mail Apple OS X...

6.8CVSS0.8AI score0.04475EPSS

securityvulns•added 2011/07/04 12:0 a.m.•92 views

ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability

ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-229 June 29, 2011 -- CVE ID: CVE-2011-0209 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

6.8CVSS0.4AI score0.01404EPSS

securityvulns•added 2011/07/04 12:0 a.m.•52 views

ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability

ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-231 June 29, 2011 -- CVE ID: CVE-2010-3790 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

6.8CVSS0.04226EPSS

securityvulns•added 2011/07/04 12:0 a.m.•63 views

AST-2011-011: Possible enumeration of SIP users due to differing authentication responses

Asterisk Project Security Advisory - AST-2011-011 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Possible enumeration of SIP users due to | | | differing...

5CVSS6AI score0.00187EPSS

securityvulns•added 2011/07/04 12:0 a.m.•50 views

[slackware-security] pidgin (SSA:2011-178-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security pidgin SSA:2011-178-01 New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...

4.3CVSS7.4AI score0.00677EPSS

securityvulns•added 2011/07/04 12:0 a.m.•52 views

Off-by-one in Sybase Advantage Server 10.0.0.3

Luigi Auriemma Application: Sybase Advantage Server http://www.sybase.com/products/databasemanagement/advantagedatabaseserver Versions: = 10.0.0.3 Platforms: Windows, NetWare, Linux Bug: off-by-one Exploitation: remote, versus server Date: 27 Jun 2011 found 29 Oct 2010 Author: Luigi Auriemma...

securityvulns•added 2011/07/04 12:0 a.m.•62 views

ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability

ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-229 June 29, 2011 -- CVE ID: CVE-2011-0209 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

6.8CVSS0.4AI score0.01404EPSS

securityvulns•added 2011/07/04 12:0 a.m.•96 views

About the security content of Mac OS X v10.6.8 and Security Update 2011-004

About the security content of Mac OS X v10.6.8 and Security Update 2011-004 Last Modified: June 23, 2011 Article: HT4723 Email this article Print this page Summary This document describes of Mac OS X v10.6.8 and Security Update 2011-004, which can be downloaded and installed via Software Update...

10CVSS0.3AI score0.2471EPSS

securityvulns•added 2011/06/29 12:0 a.m.•25 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References3Affected Software3

securityvulns•added 2011/06/29 12:0 a.m.•65 views

XSS in FlatPress

Vulnerability ID: HTB23022 Reference: http://www.htbridge.ch/advisory/xssinflatpress.html Product: FlatPress Vendor: Edoardo Vacchi http://flatpress.org Vulnerable Version: 0.1010.1 and probably prior Tested on: 0.1010.1 Vendor Notification: 07 June 2011 Vulnerability Type: XSS Cross Site Scripti...

securityvulns•added 2011/06/29 12:0 a.m.•101 views

XSS и BF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Brute Force уязвимостях в Drupal. XSS WASC-08: На страницах с формами например на странице комментария http://site/comment/reply/1, как формах добавления, так и редактирования данных, которые защищены токеном от CSRF, возмож...

securityvulns•added 2011/06/29 12:0 a.m.•98 views

Multiple vulnerabilities in Open-Realty

Vulnerability ID: HTB23023 Reference: http://www.htbridge.ch/advisory/multiplevulnerabilitiesinopenrealty.html Product: Open-Realty Vendor: Transparent Technologies, Inc. http://www.open-realty.org/ Vulnerable Version: 3.1.5 and probably prior Tested on: 3.1.5 Vendor Notification: 07 June 2011...

securityvulns•added 2011/06/28 12:0 a.m.•34 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References3Affected Software3

Total number of security vulnerabilities47153