47153 matches found
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
libcurl GSSAPI security vulnerability
Client's security credentials are unconditionally delegated...
[USN-1158-1] curl vulnerabilities
========================================================================== Ubuntu Security Notice USN-1158-1 June 24, 2011 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...
Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities
Mambo CMS 4.6.x 4.6.5 | Multiple Cross Site Scripting Vulnerabilities 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to...
XSS и AoF уязвимости в Drupal
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Abuse of Functionality уязвимостях в Drupal. XSS WASC-08: При добавлении или изменении данных в любых внутренних формах добавление/изменение поста и т.д. можно провести persistent XSS атаку. XSS код выполнится при посещении...
HTB23015: Easewe FTP ActiveX Control Multiple Insecure Methods
Vulnerability ID: HTB23015 Reference: http://www.htbridge.ch/advisory/easeweftpocxactivexcontrolexecuteinsecuremethod.html Product: Easewe FTP OCX ActiveX Control Vendor: Easewe Software http://www.ftpocx.com Vulnerable Version: 4.5.0.9 and probably prior Tested on: 4.5.0.9 Vendor Notification: 0...
New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...
Easewe FTP OCX ActiveX Control code execution
Unsafe methods allow data access and code execution...
ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability
ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-225 June 21, 2011 -- CVE ID: CVE-2011-0085 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox --...
ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability
ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-223 June 21, 2011 -- CVE ID: CVE-2011-0083 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox --...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, buffer overflows, integer overflows, cross domain data access...
ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability
ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-224 June 21, 2011 -- CVE ID: CVE-2011-2363 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox --...
CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability
ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-211 June 14, 2011 -- CVE ID: CVE-2011-2113 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products...
ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability
ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-210 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave...
ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability
ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-208 June 14, 2011 -- CVE ID: CVE-2011-2109 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability
iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browse...
ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability
ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-213 June 14, 2011 -- CVE ID: CVE-2011-2114 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe...
JFreeChart - Path Disclosure vulnerability
JFreeChart - Path Disclosure http://www.osisecurity.com.au/advisories/jfreechart-path-disclosure Release Date: 17-Jun-2011 Software: JFree.org - JFreeChart http://www.jfree.org/ "A free Java chart library. JFreeChart supports pie charts 2D and 3D, bar charts horizontal and vertical, regular and...
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-197 June 14, 2011 -- CVE ID: CVE-2011-1266 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft Interne...
CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ IBM WebSphere Application Server Cross-Site Request Forgery 1. Advisory Information Title: IBM WebSphere Application Server Cross-Site Request Forgery Advisory ID:...
VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038)
VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability MS11-038 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical...
libvirt security vulnerabilities
DoS, off-by-one...
ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability
ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-199 June 14, 2011 -- CVE ID: CVE-2011-0802 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...
iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability
iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browse...
ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability
ZDI-11-198: Pwn2Own Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-198 June 14, 2011 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer --...
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-196 June 14, 2011 -- CVE ID: CVE-2011-1262 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
EQDKP plus Cross Site Scripting and Bypass file extension
Hello! I have found a vulnerability in the EQDKP Plus. More precisely in the plugin mediacenter. Because of incorrectly checks the file extension it is possible to upload the "htm" file and execute XSS attack. But with some restrictions. The plugin checks the contents for tags:...
ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability
ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-201 June 14, 2011 -- CVE ID: CVE-2011-2120 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -...
ZDI-11-212: Adobe Shockwave KEY* Chunk Invalid Size Remote Code Execution Vulnerability
ZDI-11-212: Adobe Shockwave KEY Chunk Invalid Size Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-212 June 14, 2011 -- CVE ID: CVE-2011-2111 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability
TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-07 June 15, 2011 -- CVE ID: CVE-2011-2111 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -...
TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability
TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-08 June 15, 2011 -- CVE ID: CVE-2011-2111 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Play...
[SECURITY] [DSA 2261-1] redmine security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2261-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 15, 2011 http://www.debian.org/security/faq -...
ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability
ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-193 June 14, 2011 -- CVE ID: CVE-2011-1256 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-195 June 14, 2011 -- CVE ID: CVE-2011-1261 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Interne...
ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability
ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-200 June 14, 2011 -- CVE ID: CVE-2011-2121 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Play...
TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability
TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-11 June 15, 2011 -- CVE ID: CVE-2011-2116 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability
ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-206 June 14, 2011 -- CVE ID: CVE-2011-2111 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
[SECURITY] [DSA 2262-1] moodle security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...
ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability
ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-207 June 14, 2011 -- CVE ID: CVE-2011-2118 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave...
IBM WebSphere crossite request forgery
Crossite request forgery via administration console...
ZDI-11-219: Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability
ZDI-11-219: Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-219 June 14, 2011 -- CVE ID: CVE-2011-2094 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...
myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique
myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique Software: myBloggie 2.1.6 Severity: High Author: Robin Verton info at robinverton dot de Date: Jun. 12 2011 Vendor: http://mybloggie.mywebland.com/ Software Description: "myBloggie is considered one of the most simple,...
Adobe Reader / Acrobat multiple security vulnerabilities
Buffer overflow, memory corruption, code execution, cross document scripting...
[SECURITY] [DSA 2263-1] movabletype-opensource security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2263-1 [email protected] http://www.debian.org/security/ Florian Weimer June 16, 2011 http://www.debian.org/security/faq -...
ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability
ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-221 June 15, 2011 -- CVE ID: CVE-2011-2114 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected...
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-194 June 14, 2011 -- CVE ID: CVE-2011-1260 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
Microsoft Windows multiple security vulnerabilities
Buffer overflow on WMF files parsing. Uninitialized pointers on OTF parsing. DFS memory corruptions. SMB client and server memory corruptions. afd.sys privilege escalation...