47153 matches found
iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability
iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browse...
ZDI-11-218: Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability
ZDI-11-218: Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-218 June 14, 2011 -- CVE ID: CVE-2011-2095 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Adobe -- Affected Products: Adobe Reader ...
ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability
ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-204 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Playe...
ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability
ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-220 June 15, 2011 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products:...
ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability
ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-209 June 14, 2011 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player ...
ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability
ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-202 June 14, 2011 -- CVE ID: CVE-2011-2119 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
[USN-1153-1] libxml2 vulnerability
========================================================================== Ubuntu Security Notice USN-1153-1 June 16, 2011 libxml2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Adobe Shockwave Player multiple security vulnerabilities
Multiple memory corruptions, buffer overflow, code execution...
ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability
ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-214 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
CORE-2011-0203 - MS HyperV Persistent DoS Vulnerability
Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ MS HyperV Persistent DoS Vulnerability 1. Advisory Information Title: MS HyperV Persistent DoS Vulnerability Advisory ID: CORE-2011-0203 Advisory URL:...
TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability
TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-10 June 15, 2011 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player ...
iDefense SecurityiDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerabilityr Signedness Vulnerability
iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browse...
NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability
NSFOCUS Security AdvisorySA2011-01 Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability Release Date: 2011-06-15 CVE ID: CVE-2011-1250 http://www.nsfocus.com/en/advisories/1101.html Affected Software and System: ============================= Microsoft Internet...
[BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution
Affected Vendors: Adobe Affected Products: Shockwave Player CVE ID: CVE-2011-2122 Risk Level: High Vulnerability: Memory Corruption Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interacti...
[USN-1152-1] libvirt vulnerabilities
========================================================================== Ubuntu Security Notice USN-1152-1 June 16, 2011 libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Microsoft Hyper-V DoS
Hang on VMBus commands processing...
CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ IBM WebSphere Application Server Cross-Site Request Forgery 1. Advisory Information Title: IBM WebSphere Application Server Cross-Site Request Forgery Advisory ID:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability
TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-06 June 15, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...
Oracle Java multiple security vulnerabilities
Multiple integer overflows on ICC profiles parsing. Java Web Start shell commands execution...
ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability
ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-222 June 15, 2011 -- CVE ID: CVE-2011-2113 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected...
HTB23012: Gogago YouTube Video Converter ActiveX Control "Download()" Buffer Overflow Vulnerability
Vulnerability ID: HTB23012 Reference: http://www.htbridge.ch/advisory/gogagoyoutubevideoconverteractivexcontroldownloadbufferoverflowvulnerability.html Product: Gogago YouTube Video Converter Vendor: Gogago http://www.gogago.net/ Vulnerable Version: 1.1.6 3/29/2011 and probably prior Tested on:...
HTB23004: Multiple Vulnerabilities in e107
Vulnerability ID: HTB23004 Reference: http://www.htbridge.ch/advisory/multiplevulnerabilitiesine1071.html Product: e107 website system Vendor: e107 http://e107.org/ Vulnerable Version: 0.7.25 and probably prior Tested on: 0.7.25 Vendor Notification: 25 May 2011 Vulnerability Type: Multiple...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability
ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-215 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave...
HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS
Vulnerability ID: HTB23010 Reference: http://www.htbridge.ch/advisory/multiplexssinfreesimplecms.html Product: Free Simple CMS Vendor: Dustin Cowell Enterprises http://www.freesimplesoft.com/ Vulnerable Version: 1.0 and probably prior Tested on: 1.0 Vendor Notification: 25 May 2011 Vulnerability...
Adobe Flash Player memory corruption
No description provided...
HTB23008: Multiple XSS & CSRF (Cross-Site Request Forgery) in miniblog
Vulnerability ID: HTB23008 Reference: http://www.htbridge.ch/advisory/multiplexssinminiblog.html Product: miniblog Vendor: spyka Web Group http://www.spyka.net Vulnerable Version: 1.0.0 and probably prior Tested on: 1.0.0 Vendor Notification: 25 May 2011 Vulnerability Type: XSS Cross Site Scripti...
HTB23005: Multiple XSS in N-13 News
Vulnerability ID: HTB23005 Reference: http://www.htbridge.ch/advisory/multiplexssinn13news.html Product: N-13 News Vendor: Network-13 http://network-13.com/ Vulnerable Version: 4.0.1 and probably prior Tested on: 4.0.1 Vendor Notification: 25 May 2011 Vulnerability Type: XSS Cross Site Scripting...
DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...
ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability
ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-217 June 14, 2011 -- CVE ID: CVE-2011-2109 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability
ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-216 June 14, 2011 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave...
ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-203 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwa...
Microsoft .Net Framework multiple security vulnerabilities
Array index overflow, JIT compiler code execution...
Microsoft Forefront Threat Management Gateway Firewall Client memory corruption
Buffer overflow in NSPLookupServiceNext...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
Microsoft Excel multiple security vulnerabilities
Multiple vulnerabilities on different record types parsing...
Microsoft XML Editor information leakage
Information leakage via .disco files...
phion netfence / Barracuda NG Firewall: Remote Command Execution with root Privileges
Security Advisory --------------------------------------- Vulnerable Software: Barracuda NG Firewall / phion netfence Homepage: http://www.barracudanetworks.com/ Found by: Wolfgang Neudorfer, Lukas Nothdurfter Impact: Remote Command Execution with root Privileges Severity: Critical Product...
Microsoft Certificate Services crossite scripting
Crossite scripting in Active Directory Certificate Services Web Enrollment...
Javascript Injection in Microsoft Lync 4.0.7577.0
============================================================================ Foofus.net Security Advisory: foofus-20110610 ============================================================================ Title: Javascript Injection in Microsoft Lync Version: 4.0.7577.0 Vendor: Microsoft Release Date:...
Barracuda NG Firewall / phion netfence code execution
Unescaped shell characters vulnerability during authentication...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SECURITY] [DSA 2259-1] fex security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2259-1 [email protected] http://www.debian.org/security/ Nico Golde June 12, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2254-1] oprofile security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------------- Debian Security Advisory DSA 2254-1 [email protected] http://www.debian.org/security/ Luciano Bello June 3, 2011 http://www.debian.org/security/faq -...
TRENDnet / Digicom / iPUX / ZoneNet / AirLink101 IP camera products multiple security vulnerabilities
Undocumented productmaker:ftvsbannedcode account may access camera via Web interface. Different vulnerabilities allows to obtain full administrative access via this account...
Novell iPrint multiple security vulnerabilities
Code execution via op-printer-list-all-jobs URI handler and cookie, Multiple ActiveX code execution vulnerabilities...
ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability
ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-178 June 6, 2011 -- CVE ID: CVE-2011-1705 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...
ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability
ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-181 June 6, 2011 -- CVE ID: CVE-2011-1707 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...