libcurl GSSAPI security vulnerability

Client's security credentials are unconditionally delegated...

HTB23017: XSS in FanUpdate

Vulnerability ID: HTB23017 Reference: http://www.htbridge.ch/advisory/xssinfanupdate.html Product: FanUpdate Vendor: fanupdate.co.uk http://fanupdate.co.uk/ Vulnerable Version: 3.0 and probably prior Tested on: 3.0 Vendor Notification: 01 June 2011 Vulnerability Type: XSS Cross Site Scripting Ris...

[USN-1158-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1158-1 June 24, 2011 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

XSS и AoF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Abuse of Functionality уязвимостях в Drupal. XSS WASC-08: При добавлении или изменении данных в любых внутренних формах добавление/изменение поста и т.д. можно провести persistent XSS атаку. XSS код выполнится при посещении...

Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities

Mambo CMS 4.6.x 4.6.5 | Multiple Cross Site Scripting Vulnerabilities 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to...

Easewe FTP OCX ActiveX Control code execution

Unsafe methods allow data access and code execution...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple memory corruptions, buffer overflows, integer overflows, cross domain data access...

ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability

ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-225 June 21, 2011 -- CVE ID: CVE-2011-0085 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox --...

ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability

ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-224 June 21, 2011 -- CVE ID: CVE-2011-2363 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox --...

HTB23015: Easewe FTP ActiveX Control Multiple Insecure Methods

Vulnerability ID: HTB23015 Reference: http://www.htbridge.ch/advisory/easeweftpocxactivexcontrolexecuteinsecuremethod.html Product: Easewe FTP OCX ActiveX Control Vendor: Easewe Software http://www.ftpocx.com Vulnerable Version: 4.5.0.9 and probably prior Tested on: 4.5.0.9 Vendor Notification: 0...

ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability

ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-223 June 21, 2011 -- CVE ID: CVE-2011-0083 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox --...

CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...

libvirt security vulnerabilities

DoS, off-by-one...

Oracle Java multiple security vulnerabilities

Multiple integer overflows on ICC profiles parsing. Java Web Start shell commands execution...

Microsoft Windows multiple security vulnerabilities

Buffer overflow on WMF files parsing. Uninitialized pointers on OTF parsing. DFS memory corruptions. SMB client and server memory corruptions. afd.sys privilege escalation...

Microsoft Hyper-V DoS

Hang on VMBus commands processing...

IBM WebSphere crossite request forgery

Crossite request forgery via administration console...

Adobe Shockwave Player multiple security vulnerabilities

Multiple memory corruptions, buffer overflow, code execution...

Adobe Reader / Acrobat multiple security vulnerabilities

Buffer overflow, memory corruption, code execution, cross document scripting...

ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability

ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-207 June 14, 2011 -- CVE ID: CVE-2011-2118 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave...

TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability

TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-07 June 15, 2011 -- CVE ID: CVE-2011-2111 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -...

TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability

TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-11 June 15, 2011 -- CVE ID: CVE-2011-2116 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...

ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability

ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-200 June 14, 2011 -- CVE ID: CVE-2011-2121 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Play...

ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability

ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-210 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave...

ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability

ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-221 June 15, 2011 -- CVE ID: CVE-2011-2114 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected...

TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability

TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-10 June 15, 2011 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player ...

iDefense SecurityiDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerabilityr Signedness Vulnerability

iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browse...

ZDI-11-205: Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability

ZDI-11-205: Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-205 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- TippingPointTM IPS...

iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability

iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browse...

NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability

NSFOCUS Security AdvisorySA2011-01 Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability Release Date: 2011-06-15 CVE ID: CVE-2011-1250 http://www.nsfocus.com/en/advisories/1101.html Affected Software and System: ============================= Microsoft Internet...

ZDI-11-212: Adobe Shockwave KEY* Chunk Invalid Size Remote Code Execution Vulnerability

ZDI-11-212: Adobe Shockwave KEY Chunk Invalid Size Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-212 June 14, 2011 -- CVE ID: CVE-2011-2111 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...

ZDI-11-219: Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability

ZDI-11-219: Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-219 June 14, 2011 -- CVE ID: CVE-2011-2094 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...

ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability

ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-196 June 14, 2011 -- CVE ID: CVE-2011-1262 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...

TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability

TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-06 June 15, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

EQDKP plus Cross Site Scripting and Bypass file extension

Hello! I have found a vulnerability in the EQDKP Plus. More precisely in the plugin mediacenter. Because of incorrectly checks the file extension it is possible to upload the "htm" file and execute XSS attack. But with some restrictions. The plugin checks the contents for tags:...

ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability

ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-197 June 14, 2011 -- CVE ID: CVE-2011-1266 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft Interne...

myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique

myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique Software: myBloggie 2.1.6 Severity: High Author: Robin Verton info at robinverton dot de Date: Jun. 12 2011 Vendor: http://mybloggie.mywebland.com/ Software Description: "myBloggie is considered one of the most simple,...

ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability

ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-220 June 15, 2011 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products:...

TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability

TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-08 June 15, 2011 -- CVE ID: CVE-2011-2111 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Play...

[BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution

Affected Vendors: Adobe Affected Products: Shockwave Player CVE ID: CVE-2011-2122 Risk Level: High Vulnerability: Memory Corruption Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interacti...

iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability

iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browse...

ZDI-11-218: Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability

ZDI-11-218: Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-218 June 14, 2011 -- CVE ID: CVE-2011-2095 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Adobe -- Affected Products: Adobe Reader ...

CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ IBM WebSphere Application Server Cross-Site Request Forgery 1. Advisory Information Title: IBM WebSphere Application Server Cross-Site Request Forgery Advisory ID:...

ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability

ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-193 June 14, 2011 -- CVE ID: CVE-2011-1256 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...

ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability

ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-208 June 14, 2011 -- CVE ID: CVE-2011-2109 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...

VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038)

VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability MS11-038 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical...

[SECURITY] [DSA 2263-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2263-1 [email protected] http://www.debian.org/security/ Florian Weimer June 16, 2011 http://www.debian.org/security/faq -...