47153 matches found
IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit
See attached, zipped in hopes that it doesn't get flagged as malicious/spam :P Thanks, Jeremy...
New vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
IBM Tivoli Endpoint buffer overflows
Buffer overflow in lcfd.exe on TCP/9495 traffic parsing...
Cisco AnyConnect Secure Mobility Client security vulnerabilities
Local privilege escalation, signature is not checked for downloaded application components...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...
Sybase OneBridge Mobile Data Suite format string vulnerability
Format string vulnerability during IMAPs/SMTPs requests parsing...
[CVE-ID REQUEST] vBulletin - Multiple Open Redirects
Product: vBulletin Version: 3 - 4.1.3 Release Date: 06/02/2011 Risk: Low Authentication: Not required to exploit. Remote: Yes Description: Multiple Open Redirect vulnerabilities in vBulletin version 4.1.3 and below allow remote attackers to redirect users to arbitrary web sites and conduct phishi...
ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability
ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-171 June 3, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase OneBridge -- TippingPointTM IPS...
WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability
WebSVN 2.3.2 Unproper Metacharacters Escaping exec Remote Commands Injection Vulnerability tested against: Microsoft Windows Server R2 SP2 PHP 5.3.6 VC9 with magicquotesgpc = off default Apache 2.2.17 VC9 Introduction: This is a very special vulnerabilty, given the incredibly high number of...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
AST-2011-007
Asterisk Project Security Advisory - AST-2011-007 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |...
Asterisk DoS
Crash on processing SIP response headers...
iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability
iDefense Security Advisory 06.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 01, 2011 I. BACKGROUND Cisco's AnyConnect VPN solution provides remote access to customers via the Web browser. This is accomplished through the use of an ActiveX control. The control itself is provided...
Citadel Jabber server / Jabberd / ejabberd DoS
DoS on XML data parsing...
[CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities
Hi, This is regarding multiple XSS Cross Site Scripting Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Project: Apache Archiva Severity: High Versions: 1.3.0 - 1.3.4. The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Exploit...
[USN-1142-1] GDM vulnerability
========================================================================== Ubuntu Security Notice USN-1142-1 June 01, 2011 gdm vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Cross-Site Scripting vulnerability in Nagios
Advisory: Cross-Site Scripting vulnerability in Nagios Advisory ID: SSCHADV2011-006 Author: Stefan Schurtz Affected Software: Successfully tested on: nagios 3.2.3 Vendor URL: http://www.nagios.org Vendor Status: informed CVE-ID: - ========================== Vulnerability Description:...
Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar Advisory ID: cisco-sa-20110601-cnr Revision 1.0 For Public Release 2011 June 01 1600 UTC GMT +---------------------------------------------------------------------...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. Which I've found in your modem. In April I've already drew attention of Ukrtelecom's representativ...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. Which I've found in your modem. In April I've already drew attention of Ukrtelecom's representativ...
Linux kernel multiple DoS conditions
epoll DoS conditions, tkill privilege escalation, buffer overflows in bluetooth stack...
Post Revolution 0.8.0c Multiple Remote Vulnerabilities
info ——————————— Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities Class: Design Error && Input Validation Error CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954 Remote: Yes Local: No Credit : Javier Bassi javierbassi at gmail dot com Vulnerable : All versions prior to and including...
Wireshark multiple security vulnerabilities
Multiple vulnerabilities on .pcap files parsing...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Advisory ID: cisco-sa-20110601-ac Revision 1.0 For Public Release 2011 June 01 1600 UTC GMT...
Gnome GDM information leak
Under some conditions it's possible to launch broser to access some files...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SECURITY] [DSA 2250-1] citadel security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2250-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...
CodeMeter WebAdmin Cross-site Scripting (XSS) Vulnerability
Vulnerability title: CodeMeter WebAdmin Cross-site Scripting XSS Vulnerability CVSS Risk Rating: 3.9 Low Product: CodeMeter WebAdmin Application Vendor: Wibu-Systems Vendor URL: http://www.codemeter.de Public disclosure date: 5/30/2011 Discovered by: Rob Kraus and the Solutionary Engineering...
Cross-Site Scripting vulnerability in Icinga
Advisory: Cross-Site Scripting vulnerability in Icinga Advisory ID: SSCHADV2011-005 Author: Stefan Schurtz Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.4.0 Vendor URL: http://www.icinga.org Vendor Status: Resolved CVE-ID: - ========================== Vulnerability Descriptio...
Cisco Network Registrar default credentials
Default password for administrator account...
Cisco Unified IP Phones 7900 series security vulnerabilites
Privilege escalation, signature check bypass for software images...
[SECURITY] [DSA 2251-1] subversion security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2251-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 02, 2011 http://www.debian.org/security/faq -...
[CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities
Hi, This is regarding multiple CSRF Cross Site Request Forgery Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Title: Multiple CSRF Vulnerabilities in Apache Archiva 1.3.4 --------------------------------------------------------------------...
[SECURITY] [DSA 2247-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2247-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 31, 2011 http://www.debian.org/security/faq -...
[ MDVSA-2011:105 ] wireshark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:105 http://www.mandriva.com/security/ Package : wireshark Date : June 1, 2011 Affected: 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: This advisory updates wireshark to the latest version...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...
[USN-1141-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1141-1 May 31, 2011 linux, linux-ec2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
HTB22997: XSS in A Really Simple Chat (ARSC)
Vulnerability ID: HTB22997 Reference: http://www.htbridge.ch/advisory/xssinareallysimplechatarsc.html Product: A Really Simple Chat ARSC Vendor: http://www.reallysimplechat.org/ http://www.reallysimplechat.org/ Vulnerable Version: 3.3-rc2 Vendor Notification: 12 May 2011 Vulnerability Type: XSS...
[SECURITY] [DSA 2248-1] ejabberd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2248-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2249-1] jabberd14 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2249-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series Advisory ID: cisco-sa-20110601-phone Revision 1.0 For Public Release 2011 June 1 1600 UTC GMT +----------------------------------------------------------------...
CodeMeter crossite scripting
Crossite scripting in web administration interface...
HTB22999: Multiple SQL Injections in A Really Simple Chat (ARSC)
Vulnerability ID: HTB22999 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsinareallysimplechatarsc.html Product: A Really Simple Chat ARSC Vendor: http://www.reallysimplechat.org/ http://www.reallysimplechat.org/ Vulnerable Version: 3.3-rc2 Vendor Notification: 12 May 2011...
Cisco Media Experience Engine 5600 default account
Default password for root account...
Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600 Advisory ID: cisco-sa-20110601-mxe Revision 1.0 For Public Release 2011 June 01 1600 UTC GMT...
ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability
ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-169 May 31, 2011 -- CVE ID: CVE-2011-1220 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM -- Affected Products: IBM Tivoli Endpoint --...
Linux DBus-GLib / NetworkManager / ModemManager privilege escalation
Access flags for exported object are not checked...
[SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability
CVE-2011-1077: Apache Archiva Multiple XSS vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: The multiple XSS issues found are both Stored Persistent and Reflect...