IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit

See attached, zipped in hopes that it doesn't get flagged as malicious/spam :P Thanks, Jeremy...

New vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 fetchmail-SA-2011-01: Denial of service possible in STARTTLS mode Topics: fetchmail denial of service in STARTTLS protocol phases Author: Matthias Andree Version: 1.0 Announced: 2011-06-06 Type: Unguarded blocking I/O can cause indefinite application...

Asterisk DoS

Crash on processing SIP response headers...

Sybase OneBridge Mobile Data Suite format string vulnerability

Format string vulnerability during IMAPs/SMTPs requests parsing...

Cisco AnyConnect Secure Mobility Client security vulnerabilities

Local privilege escalation, signature is not checked for downloaded application components...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

AST-2011-007

Asterisk Project Security Advisory - AST-2011-007 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |...

ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability

ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-171 June 3, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase OneBridge -- TippingPointTM IPS...

WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability

WebSVN 2.3.2 Unproper Metacharacters Escaping exec Remote Commands Injection Vulnerability tested against: Microsoft Windows Server R2 SP2 PHP 5.3.6 VC9 with magicquotesgpc = off default Apache 2.2.17 VC9 Introduction: This is a very special vulnerabilty, given the incredibly high number of...

iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability

iDefense Security Advisory 06.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 01, 2011 I. BACKGROUND Cisco's AnyConnect VPN solution provides remote access to customers via the Web browser. This is accomplished through the use of an ActiveX control. The control itself is provided...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...

[CVE-ID REQUEST] vBulletin - Multiple Open Redirects

Product: vBulletin Version: 3 - 4.1.3 Release Date: 06/02/2011 Risk: Low Authentication: Not required to exploit. Remote: Yes Description: Multiple Open Redirect vulnerabilities in vBulletin version 4.1.3 and below allow remote attackers to redirect users to arbitrary web sites and conduct phishi...

Wireshark multiple security vulnerabilities

Multiple vulnerabilities on .pcap files parsing...

Linux kernel multiple DoS conditions

epoll DoS conditions, tkill privilege escalation, buffer overflows in bluetooth stack...

Cisco Unified IP Phones 7900 series security vulnerabilites

Privilege escalation, signature check bypass for software images...

Cisco Network Registrar default credentials

Default password for administrator account...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Gnome GDM information leak

Under some conditions it's possible to launch broser to access some files...

Citadel Jabber server / Jabberd / ejabberd DoS

DoS on XML data parsing...

Cisco Media Experience Engine 5600 default account

Default password for root account...

CodeMeter crossite scripting

Crossite scripting in web administration interface...

ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability

ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-169 May 31, 2011 -- CVE ID: CVE-2011-1220 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM -- Affected Products: IBM Tivoli Endpoint --...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. Which I've found in your modem. In April I've already drew attention of Ukrtelecom's representativ...

[SECURITY] [DSA 2248-1] ejabberd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2248-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Advisory ID: cisco-sa-20110601-ac Revision 1.0 For Public Release 2011 June 01 1600 UTC GMT...

[CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities

Hi, This is regarding multiple CSRF Cross Site Request Forgery Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Title: Multiple CSRF Vulnerabilities in Apache Archiva 1.3.4 --------------------------------------------------------------------...

[SECURITY] [DSA 2247-1] rails security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2247-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 31, 2011 http://www.debian.org/security/faq -...

Post Revolution 0.8.0c Multiple Remote Vulnerabilities

info ——————————— Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities Class: Design Error && Input Validation Error CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954 Remote: Yes Local: No Credit : Javier Bassi javierbassi at gmail dot com Vulnerable : All versions prior to and including...

[USN-1141-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1141-1 May 31, 2011 linux, linux-ec2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

[SECURITY] [DSA 2250-1] citadel security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2250-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...

HTB22999: Multiple SQL Injections in A Really Simple Chat (ARSC)

Vulnerability ID: HTB22999 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsinareallysimplechatarsc.html Product: A Really Simple Chat ARSC Vendor: http://www.reallysimplechat.org/ http://www.reallysimplechat.org/ Vulnerable Version: 3.3-rc2 Vendor Notification: 12 May 2011...

CodeMeter WebAdmin Cross-site Scripting (XSS) Vulnerability

Vulnerability title: CodeMeter WebAdmin Cross-site Scripting XSS Vulnerability CVSS Risk Rating: 3.9 Low Product: CodeMeter WebAdmin Application Vendor: Wibu-Systems Vendor URL: http://www.codemeter.de Public disclosure date: 5/30/2011 Discovered by: Rob Kraus and the Solutionary Engineering...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series Advisory ID: cisco-sa-20110601-phone Revision 1.0 For Public Release 2011 June 1 1600 UTC GMT +----------------------------------------------------------------...

Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar Advisory ID: cisco-sa-20110601-cnr Revision 1.0 For Public Release 2011 June 01 1600 UTC GMT +---------------------------------------------------------------------...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...

Cross-Site Scripting vulnerability in Icinga

Advisory: Cross-Site Scripting vulnerability in Icinga Advisory ID: SSCHADV2011-005 Author: Stefan Schurtz Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.4.0 Vendor URL: http://www.icinga.org Vendor Status: Resolved CVE-ID: - ========================== Vulnerability Descriptio...

Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600 Advisory ID: cisco-sa-20110601-mxe Revision 1.0 For Public Release 2011 June 01 1600 UTC GMT...

[SECURITY] [DSA 2251-1] subversion security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2251-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 02, 2011 http://www.debian.org/security/faq -...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. Which I've found in your modem. In April I've already drew attention of Ukrtelecom's representativ...

[CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities

Hi, This is regarding multiple XSS Cross Site Scripting Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Project: Apache Archiva Severity: High Versions: 1.3.0 - 1.3.4. The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Exploit...

[USN-1142-1] GDM vulnerability

========================================================================== Ubuntu Security Notice USN-1142-1 June 01, 2011 gdm vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

[SECURITY] [DSA 2249-1] jabberd14 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2249-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...

Cross-Site Scripting vulnerability in Nagios

Advisory: Cross-Site Scripting vulnerability in Nagios Advisory ID: SSCHADV2011-006 Author: Stefan Schurtz Affected Software: Successfully tested on: nagios 3.2.3 Vendor URL: http://www.nagios.org Vendor Status: informed CVE-ID: - ========================== Vulnerability Description:...

HTB22997: XSS in A Really Simple Chat (ARSC)

Vulnerability ID: HTB22997 Reference: http://www.htbridge.ch/advisory/xssinareallysimplechatarsc.html Product: A Really Simple Chat ARSC Vendor: http://www.reallysimplechat.org/ http://www.reallysimplechat.org/ Vulnerable Version: 3.3-rc2 Vendor Notification: 12 May 2011 Vulnerability Type: XSS...

[ MDVSA-2011:105 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:105 http://www.mandriva.com/security/ Package : wireshark Date : June 1, 2011 Affected: 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: This advisory updates wireshark to the latest version...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Linux DBus-GLib / NetworkManager / ModemManager privilege escalation

Access flags for exported object are not checked...

Google Chrome multiple security vulnerabilities

Memory corruptions, privilege escalation race conditions, DoS...