47153 matches found
ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability
ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-201 June 14, 2011 -- CVE ID: CVE-2011-2120 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -...
ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability
ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-209 June 14, 2011 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player ...
ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability
ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-206 June 14, 2011 -- CVE ID: CVE-2011-2111 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability
ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-213 June 14, 2011 -- CVE ID: CVE-2011-2114 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe...
ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability
ZDI-11-198: Pwn2Own Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-198 June 14, 2011 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer --...
[USN-1153-1] libxml2 vulnerability
========================================================================== Ubuntu Security Notice USN-1153-1 June 16, 2011 libxml2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-195 June 14, 2011 -- CVE ID: CVE-2011-1261 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Interne...
[USN-1152-1] libvirt vulnerabilities
========================================================================== Ubuntu Security Notice USN-1152-1 June 16, 2011 libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-194 June 14, 2011 -- CVE ID: CVE-2011-1260 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability
ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-199 June 14, 2011 -- CVE ID: CVE-2011-0802 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...
JFreeChart - Path Disclosure vulnerability
JFreeChart - Path Disclosure http://www.osisecurity.com.au/advisories/jfreechart-path-disclosure Release Date: 17-Jun-2011 Software: JFree.org - JFreeChart http://www.jfree.org/ "A free Java chart library. JFreeChart supports pie charts 2D and 3D, bar charts horizontal and vertical, regular and...
ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability
ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-211 June 14, 2011 -- CVE ID: CVE-2011-2113 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products...
[SECURITY] [DSA 2261-1] redmine security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2261-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 15, 2011 http://www.debian.org/security/faq -...
ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability
ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-214 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability
iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browse...
ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability
ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-204 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Playe...
CORE-2011-0203 - MS HyperV Persistent DoS Vulnerability
Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ MS HyperV Persistent DoS Vulnerability 1. Advisory Information Title: MS HyperV Persistent DoS Vulnerability Advisory ID: CORE-2011-0203 Advisory URL:...
[SECURITY] [DSA 2262-1] moodle security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability
ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-202 June 14, 2011 -- CVE ID: CVE-2011-2119 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
Adobe Flash Player memory corruption
No description provided...
HTB23012: Gogago YouTube Video Converter ActiveX Control "Download()" Buffer Overflow Vulnerability
Vulnerability ID: HTB23012 Reference: http://www.htbridge.ch/advisory/gogagoyoutubevideoconverteractivexcontroldownloadbufferoverflowvulnerability.html Product: Gogago YouTube Video Converter Vendor: Gogago http://www.gogago.net/ Vulnerable Version: 1.1.6 3/29/2011 and probably prior Tested on:...
HTB23004: Multiple Vulnerabilities in e107
Vulnerability ID: HTB23004 Reference: http://www.htbridge.ch/advisory/multiplevulnerabilitiesine1071.html Product: e107 website system Vendor: e107 http://e107.org/ Vulnerable Version: 0.7.25 and probably prior Tested on: 0.7.25 Vendor Notification: 25 May 2011 Vulnerability Type: Multiple...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-203 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwa...
HTB23008: Multiple XSS & CSRF (Cross-Site Request Forgery) in miniblog
Vulnerability ID: HTB23008 Reference: http://www.htbridge.ch/advisory/multiplexssinminiblog.html Product: miniblog Vendor: spyka Web Group http://www.spyka.net Vulnerable Version: 1.0.0 and probably prior Tested on: 1.0.0 Vendor Notification: 25 May 2011 Vulnerability Type: XSS Cross Site Scripti...
DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...
ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability
ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-215 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave...
HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS
Vulnerability ID: HTB23010 Reference: http://www.htbridge.ch/advisory/multiplexssinfreesimplecms.html Product: Free Simple CMS Vendor: Dustin Cowell Enterprises http://www.freesimplesoft.com/ Vulnerable Version: 1.0 and probably prior Tested on: 1.0 Vendor Notification: 25 May 2011 Vulnerability...
ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability
ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-216 June 14, 2011 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave...
ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability
ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-217 June 14, 2011 -- CVE ID: CVE-2011-2109 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
HTB23005: Multiple XSS in N-13 News
Vulnerability ID: HTB23005 Reference: http://www.htbridge.ch/advisory/multiplexssinn13news.html Product: N-13 News Vendor: Network-13 http://network-13.com/ Vulnerable Version: 4.0.1 and probably prior Tested on: 4.0.1 Vendor Notification: 25 May 2011 Vulnerability Type: XSS Cross Site Scripting...
ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability
ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-222 June 15, 2011 -- CVE ID: CVE-2011-2113 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected...
Microsoft .Net Framework multiple security vulnerabilities
Array index overflow, JIT compiler code execution...
Barracuda NG Firewall / phion netfence code execution
Unescaped shell characters vulnerability during authentication...
Microsoft Certificate Services crossite scripting
Crossite scripting in Active Directory Certificate Services Web Enrollment...
Microsoft Forefront Threat Management Gateway Firewall Client memory corruption
Buffer overflow in NSPLookupServiceNext...
Microsoft Excel multiple security vulnerabilities
Multiple vulnerabilities on different record types parsing...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Microsoft XML Editor information leakage
Information leakage via .disco files...
phion netfence / Barracuda NG Firewall: Remote Command Execution with root Privileges
Security Advisory --------------------------------------- Vulnerable Software: Barracuda NG Firewall / phion netfence Homepage: http://www.barracudanetworks.com/ Found by: Wolfgang Neudorfer, Lukas Nothdurfter Impact: Remote Command Execution with root Privileges Severity: Critical Product...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
Javascript Injection in Microsoft Lync 4.0.7577.0
============================================================================ Foofus.net Security Advisory: foofus-20110610 ============================================================================ Title: Javascript Injection in Microsoft Lync Version: 4.0.7577.0 Vendor: Microsoft Release Date:...
[SECURITY] [DSA 2259-1] fex security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2259-1 [email protected] http://www.debian.org/security/ Nico Golde June 12, 2011 http://www.debian.org/security/faq -...
VMWare VirtualCenter ActiveX memory corruption
Tom Sawyer's Default GET Extension Factory ActiveX memory corruption...
VMWare Tools privilege escalations
Privilege escalation via mount.vmhgfs and vmware-user-suid-wrapper suid utilities...
TRENDnet / Digicom / iPUX / ZoneNet / AirLink101 IP camera products multiple security vulnerabilities
Undocumented productmaker:ftvsbannedcode account may access camera via Web interface. Different vulnerabilities allows to obtain full administrative access via this account...
Novell iPrint multiple security vulnerabilities
Code execution via op-printer-list-all-jobs URI handler and cookie, Multiple ActiveX code execution vulnerabilities...
OProfile privilege escalation
Privilege escalation via opcontrol...