47153 matches found
FreeBSD Security Advisory FreeBSD-SA-11:02.bind
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:02.bind Security Advisory The FreeBSD Project Topic: BIND remote DoS with large RRSIG RRsets and negative caching Category: contrib Module: bind Announced:...
CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. These attacks should be conducted on modem owner, which is logged into control panel. Taking into...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...
Google Chrome multiple security vulnerabilities
Memory corruptions, privilege escalation race conditions, DoS...
[SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability
CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: An attacker can build a simple html page containing a hidden Image...
[USN-1138-1] DBus-GLib vulnerability
========================================================================== Ubuntu Security Notice USN-1138-1 May 26, 2011 dbus-glib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CSRF vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at Ukrtelecom about multiple...
ISC bind named DNS server DoS
Large RRSIG in negative response leads to assert...
[SECURITY] [DSA 2243-1] unbound security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2243-1 [email protected] http://www.debian.org/security/ Florian Weimer May 27, 2011 http://www.debian.org/security/faq -...
Unbound DNS server DoS
DoS against DNSSEC signed zone...
Vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Predictable Resource Location and Brute Force vulnerabilities. Predictable Resource Location WASC-34: http://192.168.1.1 web server on 80 and 8008 ports. The control...
[SECURITY] [DSA 2246-1] mahara security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2246-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...
[USN-1138-2] NetworkManager and ModemManager update
========================================================================== Ubuntu Security Notice USN-1138-2 May 27, 2011 network-manager, modemmanger update ========================================================================== A security issue affects these releases of Ubuntu and its...
2245
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2245-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2241-1] qemu-kvm security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2241-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2011 http://www.debian.org/security/faq -...
Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others
-==Description==- The RXS-3211 IP camera, among others, is vulnerable to remote password disclosure, which can be exploited by an unauthenticated attacker with a single UDP packet. The problem exists in the camera management protocol used by the devices, which sends the administrator password and...
Cisco RVS4000 / Cisco WRVS4400N routers multiple security vulnerabilities
Code execution, information leakage via Web interface...
[SECURITY] [DSA 2240-1] linux-2.6 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2240-1 [email protected] http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq -...
Cisco Content Delivery System DoS
Internet Streamer URL processing crash...
[USN-1136-1] rdesktop vulnerability
========================================================================== Ubuntu Security Notice USN-1136-1 May 25, 2011 rdesktop vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities Advisory ID: cisco-sa-20110525-rvs4000 Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT...
Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure
----------------------------------------------------------------------- Talsoft S.R.L. Security Advisory WordPress User IDs and User Names Disclosure ----------------------------------------------------------------------- I. Advisory information Title: WordPress User IDs and User Names Disclosure...
rdesktop directory traversal
Directory traversal in disk redirection feature...
Rosewill RXS-3211 IP camera information leakage
It's possible to retrieve administration password via UDP/13364 request...
KVM security vulnerabilities
DoS on guest system I/O processing...
iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow
iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can ...
iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow
iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can ...
iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can ...
[CVE-REQUEST] Plone XSS and permission errors
Hello all, As a member of the Plone security response team I hereby notify you that we have been made aware of three distinct security holes in Plone and are requesting CVE identifiers. 1. Reflected XSS attack A crafted URL can display arbitrary HTML output 2. Persistent XSS attack Certain valid...
iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow
iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can ...
Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability Advisory ID: cisco-sa-20110525-iosxr Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT +--------------------------------------------------------- Summary ======= Cisco IOS...
Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability Advisory ID: cisco-sa-20110525-iosxr-ssh Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT...
CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Lotus Notes XLS viewer malformed BIFF record heap overflow 1. Advisory Information Title: Lotus Notes XLS viewer malformed BIFF record heap overflow Advisory ID:...
Linux kernel security vulnerabilities
DoS via InfiniBand, DoS via InfinyBand disks, multiple DoS conditions, memory corruptions and information leaks, buffer overflow in IrDA, DoS via VLANs, CIFS authentication bypass, DoS via GRE...
Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability Advisory ID: cisco-sa-20110525-iosxrspa Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT...
IBM Lotus Notes multiple security vulnerabilities
Memory corruptions on BIFF, Applix, Microsoft Office, RTF and LZH files formats parsing...
Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability Advisory ID: cisco-sa-20110525-spcdn Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT...
Cisco IOS XR multiple security vulnerabilities
DoS on IP packets parsing including routed ones, DoS against SSH, DoS against SPA...
[ MDVSA-2011:101 ] dovecot
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:101 http://www.mandriva.com/security/ Package : dovecot Date : May 26, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 Problem Description: A vulnerability has been identified and fixed in dovecot:...
Dovecot DoS
Crash on NUL character in headers...
[USN-1137-1] Eucalyptus vulnerability
========================================================================== Ubuntu Security Notice USN-1137-1 May 26, 2011 eucalyptus, rampart vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
HTB22987: Multiple XSS in phpScheduleIt
Vulnerability ID: HTB22987 Reference: http://www.htbridge.ch/advisory/multiplexssinphpscheduleit.html Product: phpScheduleIt Vendor: php.brickhost.com Vulnerable Version: 1.2.12 Vendor Notification: 05 May 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tech Brid...
Cisco routers Router Advertisement Guarding protection bypass
It's possible to bypass protection with fragmented ICMPv6 packet...
PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager)
PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage Insight Manager Vulnerability found: 6th June 2010 Date Published 20th May 2011 Severity: Medium Description: XSS vulnerabilities have been found within HP System Management; Arisin...
VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption
VUPEN Security Research - 7T Interactive Graphical SCADA System ODBC Remote Memory Corruption http://www.vupen.com/english/research.php I. BACKGROUND --------------------- 7T Interactive Graphical SCADA System IGSS is a state-of-the art SCADA system used for monitoring and controlling industrial...
FPD и XSS уязвимости в Easy Contact для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и Cross-Site Scripting уязвимостях в плагине Easy Contact для WordPress. Full path disclosure WASC-13: http://site/wp-content/plugins/easy-contact/econtact.php http://site/wp-content/plugins/easy-contact/econtact-menu.php XSS...
Gadu-Gadu 0-Day Remote Code Execution
Vendor: Gadu-Gadu http://gadu-gadu.pl Vulnerable Version: All Vulnerability Type: XSS, Remote Code Execution Risk level: Very High Credit: Kacper Szczesniak [email protected] Vulnerability Details: Gadu-Gadu improperly handles file transfer requests. It's possible to place 255 chars of HTML co...
[SECURITY] [DSA 2239-1] libmojolicious-perl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2239-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2011 http://www.debian.org/security/faq -...
[USN-1133-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1133-1 May 24, 2011 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...