ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability

ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-180 June 6, 2011 -- CVE ID: CVE-2011-1708 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability

ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-172 June 6, 2011 -- CVE ID: CVE-2011-1699 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPointTM IPS...

[SECURITY] [DSA 2254-1] oprofile security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------------- Debian Security Advisory DSA 2254-1 [email protected] http://www.debian.org/security/ Luciano Bello June 3, 2011 http://www.debian.org/security/faq -...

ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability

ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-181 June 6, 2011 -- CVE ID: CVE-2011-1707 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability

ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-175 June 6, 2011 -- CVE ID: CVE-2011-1702 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability

ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-174 June 6, 2011 -- CVE ID: CVE-2011-1701 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability

ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-179 June 6, 2011 -- CVE ID: CVE-2011-1706 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint -...

Java HotSpot Cryptographic Provider signature verification vulnerability

An attacker can add a cryptographic provider containing cipher implementation signed by an untrusted certificate. The attacker can also create his or her own jurisdiction policy files signed by an untrusted certificate. In order to achieve this, the attacker must first of all add a fake...

ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability

ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-178 June 6, 2011 -- CVE ID: CVE-2011-1705 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

Multiple vulnerabilities in several IP camera products

Multiple vulnerabilities in several IP camera products ====================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities in several IP camera products Release date: 08/06/2011 Last update: 08/06/2011 Credits: Roberto Paleari, Emaze Networks S.p.A...

ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability

ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-177 June 6, 2011 -- CVE ID: CVE-2011-1704 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

VMware Tools Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: VMware Tools Multiple Vulnerabilities Release Date: 2011-06-03 Application: VMware Guest Tools Severity:...

ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability

ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-173 June 6, 2011 -- CVE ID: CVE-2011-1700 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint --...

iDefense Security Advisory 05.03.11: Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability

iDefense Security Advisory 05.03.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 03, 2011 I. BACKGROUND Tom Sawyer Software's GET Extension Factory is a component used for graph visualization applications development. It is included in VMWare Infrastructure Client. For more...

ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability

ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-176 June 6, 2011 -- CVE ID: CVE-2011-1703 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPointTM IPS...

HP Service Manager / HP Service Center multiple security vulnerabilities

Uauthorized access, privilege escalation, information leakage, HTTP session hijack, crossite scripting...

HP OpenView Storage Data Protector code execution

No description provided...

vlc player integer overflow

Integer overflow on XSPF playlists parsing...

ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability

ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-186 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Ja...

VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability

ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-189 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java...

[SECURITY] [DSA 2257-1] vlc security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2257-1 [email protected] http://www.debian.org/security/ Nico Golde June 10, 2011 http://www.debian.org/security/faq -...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability

ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-183 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Jav...

ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability

ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-191 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability

ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-188 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime ...

[security bulletin] HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02712867 Version: 1 HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as...

ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability

ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-187 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability

ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-185 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability

ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-184 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products:...

VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

[security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02863015 Version: 1 HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP...

PDFill Insecure Library Loading

Vulnerability title: PDFill Insecure Library Loading CVSS Risk Rating: 2.9 Low Product: PDFill PDF Editor 8.0 Application Vendor: PlotSoft Vendor URL: http://www.plotsoft.com Public disclosure date: 6/9/2011 Discovered by: Jose Hernandez and Solutionary Engineering Research Team SERT Solutionary...

ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability

ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-182 June 8, 2011 -- CVE ID: CVE-2011-0817 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracl...

VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability

ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-190 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability

ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-192 June 8, 2011 -- CVE ID: CVE-2011-0863 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtim...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

FontForge buffer overflow

Buffer overflow on BDF files parsing...

Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS

Advisory: Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS Advisory ID: SSCHADV2011-007 Author: Stefan Schurtz Affected Software: Successfully tested on: version 4.2.1.f Vendor URL: http://www.blogcms.com Vendor Status: resolved CVE-ID: - ========================== Vulnerability...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

PopScript Multiple Vulnerabilities

Exploit Title: PopScript Multiple Vulnerabilities home : http://www.D99Y.com Google Dork: Do as you would be done by ; Date: 5/6/2011 Author: NassRawI Software Link: http://www.popscript.com/ 1 SQL injection http://localhost/PopScript/index.php?act=inbox&mode=1 SQL injection 2 File inclusion =...

IL и XSS уязвимости во многих темах для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage и Cross-Site Scripting уязвимостях во многих темах для WordPress. В разных шаблонах имеется test.php - скрипт с phpinfo - что приводит к Information Leakage утечка FPD и другой важной информации о сервере и XSS в PHP 4.4.1,...

[SECURITY] [DSA 2253-1] fontforge security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2253-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 3, 2011 http://www.debian.org/security/faq -...

Squiz Matrix - Cross-Site Scripting Vulnerability

Squiz Matrix - Cross-Site Scripting Vulnerability http://www.osisecurity.com.au/advisories/squiz-matrix-cross-site-scripting Release Date: 06-Jun-2011 Software: Squiz - Matrix http://www.squiz.net/ "Squiz Matrix delivers highly flexible and robust business integration engine and application...

IBM Tivoli Endpoint buffer overflows

Buffer overflow in lcfd.exe on TCP/9495 traffic parsing...

fetchmail DoS

No timeout enforced for SSL operations...