47153 matches found
Unbound DNS server DoS
DoS against DNSSEC signed zone...
CSRF vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at Ukrtelecom about multiple...
FreeBSD Security Advisory FreeBSD-SA-11:02.bind
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:02.bind Security Advisory The FreeBSD Project Topic: BIND remote DoS with large RRSIG RRsets and negative caching Category: contrib Module: bind Announced:...
[SECURITY] [DSA 2246-1] mahara security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2246-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...
2245
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2245-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...
[SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability
CVE-2011-1077: Apache Archiva Multiple XSS vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: The multiple XSS issues found are both Stored Persistent and Reflect...
[USN-1138-2] NetworkManager and ModemManager update
========================================================================== Ubuntu Security Notice USN-1138-2 May 27, 2011 network-manager, modemmanger update ========================================================================== A security issue affects these releases of Ubuntu and its...
[SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability
CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: An attacker can build a simple html page containing a hidden Image...
[SECURITY] [DSA 2243-1] unbound security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2243-1 [email protected] http://www.debian.org/security/ Florian Weimer May 27, 2011 http://www.debian.org/security/faq -...
Vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Predictable Resource Location and Brute Force vulnerabilities. Predictable Resource Location WASC-34: http://192.168.1.1 web server on 80 and 8008 ports. The control...
CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. These attacks should be conducted on modem owner, which is logged into control panel. Taking into...
[USN-1138-1] DBus-GLib vulnerability
========================================================================== Ubuntu Security Notice USN-1138-1 May 26, 2011 dbus-glib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ISC bind named DNS server DoS
Large RRSIG in negative response leads to assert...
Cisco Content Delivery System DoS
Internet Streamer URL processing crash...
rdesktop directory traversal
Directory traversal in disk redirection feature...
Cisco RVS4000 / Cisco WRVS4400N routers multiple security vulnerabilities
Code execution, information leakage via Web interface...
Linux kernel security vulnerabilities
DoS via InfiniBand, DoS via InfinyBand disks, multiple DoS conditions, memory corruptions and information leaks, buffer overflow in IrDA, DoS via VLANs, CIFS authentication bypass, DoS via GRE...
Dovecot DoS
Crash on NUL character in headers...
IBM Lotus Notes multiple security vulnerabilities
Memory corruptions on BIFF, Applix, Microsoft Office, RTF and LZH files formats parsing...
Cisco IOS XR multiple security vulnerabilities
DoS on IP packets parsing including routed ones, DoS against SSH, DoS against SPA...
Rosewill RXS-3211 IP camera information leakage
It's possible to retrieve administration password via UDP/13364 request...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
KVM security vulnerabilities
DoS on guest system I/O processing...
[SECURITY] [DSA 2240-1] linux-2.6 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2240-1 [email protected] http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq -...
Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability Advisory ID: cisco-sa-20110525-iosxr Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT +--------------------------------------------------------- Summary ======= Cisco IOS...
[USN-1136-1] rdesktop vulnerability
========================================================================== Ubuntu Security Notice USN-1136-1 May 25, 2011 rdesktop vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
[CVE-REQUEST] Plone XSS and permission errors
Hello all, As a member of the Plone security response team I hereby notify you that we have been made aware of three distinct security holes in Plone and are requesting CVE identifiers. 1. Reflected XSS attack A crafted URL can display arbitrary HTML output 2. Persistent XSS attack Certain valid...
[SECURITY] [DSA 2241-1] qemu-kvm security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2241-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2011 http://www.debian.org/security/faq -...
Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities Advisory ID: cisco-sa-20110525-rvs4000 Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT...
iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow
iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can ...
Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure
----------------------------------------------------------------------- Talsoft S.R.L. Security Advisory WordPress User IDs and User Names Disclosure ----------------------------------------------------------------------- I. Advisory information Title: WordPress User IDs and User Names Disclosure...
[USN-1137-1] Eucalyptus vulnerability
========================================================================== Ubuntu Security Notice USN-1137-1 May 26, 2011 eucalyptus, rampart vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability Advisory ID: cisco-sa-20110525-spcdn Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT...
CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Lotus Notes XLS viewer malformed BIFF record heap overflow 1. Advisory Information Title: Lotus Notes XLS viewer malformed BIFF record heap overflow Advisory ID:...
iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow
iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can ...
Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability Advisory ID: cisco-sa-20110525-iosxrspa Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT...
Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others
-==Description==- The RXS-3211 IP camera, among others, is vulnerable to remote password disclosure, which can be exploited by an unauthenticated attacker with a single UDP packet. The problem exists in the camera management protocol used by the devices, which sends the administrator password and...
iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can ...
[ MDVSA-2011:101 ] dovecot
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:101 http://www.mandriva.com/security/ Package : dovecot Date : May 26, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 Problem Description: A vulnerability has been identified and fixed in dovecot:...
iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow
iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can ...
Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability Advisory ID: cisco-sa-20110525-iosxr-ssh Revision 1.0 For Public Release 2011 May 25 1600 UTC GMT...
7T Interactive Graphical SCADA System memory corruption
Memory corruption on TCP/20222 data parsing...
Cisco routers Router Advertisement Guarding protection bypass
It's possible to bypass protection with fragmented ICMPv6 packet...
Gadu-Gadu crossite scripting
Crossite scripting via filename...
HP Insight Diagnostics Online Edition crossite scripting
No description provided...
ruby multiple security vulnerabilities
Crossite scripting, privilege escalation, Exceptiontos method data modification, VpMemAlloc memory corruption...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
python security vulnerabilities
Source code leakage in CGIHTTPServer, local files acces in urllib...
VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption
VUPEN Security Research - 7T Interactive Graphical SCADA System ODBC Remote Memory Corruption http://www.vupen.com/english/research.php I. BACKGROUND --------------------- 7T Interactive Graphical SCADA System IGSS is a state-of-the art SCADA system used for monitoring and controlling industrial...