47153 matches found
[SECURITY] [DSA 2237-1] apr security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2237-1 [email protected] http://www.debian.org/security/ Stefan Fritsch May 15, 2011 http://www.debian.org/security/faq -...
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)
Multiple Vendors libc/fnmatch3 DoS incl apache poc Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 29.01.2011 - Pub.: 13.05.2011 CVE: CVE-2011-0419 CWE: CWE-399 Affected Software verified: - Apache 2.2.17 - NetBSD 5.1 - OpenBS...
HP Palm webOS security vulnerabilities
Crossite scripting, file system access...
Nagios XI privilege escalation
resetconfigperms.sh executable via suid root wrapper call external application by relative path...
HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social
Vulnerability ID: HTB22979 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinargylesocial.html Product: Argyle Social Vendor: Argyle Social http://argylesocial.com/ Vulnerable Version: Current at 26/04/2011 Vendor Notification: 28 April 2011 Vulnerability...
Уязвимость в MT-Cumulus для Movable Type
Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в плагине MT-Cumulus для Movable Type. Данная XSS уязвимость идентична XSS уязвимости в WP-Cumulus, т.к. приложение использует tagcloud.swf разработанный автором WP-Cumulus. Про миллионы флешек tagcloud.swf уязвимых к XSS атакам я...
[Bkis] sNews 1.7.1 XSS vulnerability
General Information sNews is a free content management system CMS written in PHP and MySQL. It is available at http://snewscms.com/. In April 2011, Bkis Security discovered an XSS Cross-site Scripting vulnerability in sNews CMS version 1.7.1 Taking advantage of this vulnerability, hacker might...
[Full-disclosure] NagiosXI (commerciale Nagios) Local Root
Exploit Title: NagiosXI Commercial Nagios Local Root Vulnerability Date: 2011-05-15 Author: RootBSD Software Link: http://www.nagios.com Version: = 2011R1.2 Tested on: all linux rootbsd@laptop:$ id uid=1001rootbsd gid=1001rootbsd groupes=1001rootbsd rootbsd@laptop:$ ls -l...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
HTB22980: XSRF (CSRF) in Open Classifieds
Vulnerability ID: HTB22980 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinopenclassifieds.html Product: Open Classifieds Vendor: Open Classifieds Team http://www.open-classifieds.com/ Vulnerable Version: 1.7.1.1 and probably prior versions Vendor Notification: 28 April 2011 Vulnerability...
HTB22978: XSRF (CSRF) in Argyle Social
Vulnerability ID: HTB22978 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinargylesocial.html Product: Argyle Social Vendor: Argyle Social http://argylesocial.com/ Vulnerable Version: Current at 26/04/2011 Vendor Notification: 28 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery...
[security bulletin] HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized File System Write Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02822174 Version: 1 HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service DoS, Unauthorized File System Write Access NOTICE: The information in this Securit...
ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability
ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-167 May 10, 2011 -- CVE ID: CVE-2011-1248 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Microsoft -- Affected Products:...
CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Oracle GlassFish Server Administration Console Authentication Bypass 1. Advisory Information Title: Oracle GlassFish Server Administration Console Authentication Bypass...
[security bulletin] HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02821425 Version: 1 HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files NOTICE: The information...
HP Network Node Manager i weak permissions
Weak permissions for log and data files...
[PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel
PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2011-04 Released on: 10 May 2011 Last updated on: 10 May 2011 Affected product: Linux Kernel 2.4 and 2.6 Impact: information disclosure, denial-of-service Origin: storage devices Credit: Timo Warns PRESENSE Technologies GmbH C...
CA eHealth crossite scripting
No description provided...
CA20110510-01: Security Notice for CA eHealth
-----BEGIN PGP SIGNED MESSAGE----- CA20110510-01: Security Notice for CA eHealth Issued: May 10, 2011 CA Technologies support is alerting customers to a security risk with CA eHealth. A vulnerability exists that may potentially allow an attacker to compromise web user security. The vulnerability,...
ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability
ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-167 May 10, 2011 -- CVE ID: CVE-2011-1248 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Microsoft -- Affected Products:...
PR10-17 Various XSS and information disclosure flaws within KeyFax response management system
PR10-17: Various XSS and information disclosure flaws within KeyFax response management system http://www.omfax.co.uk Vulnerability found: 25th August 2010 Vendor informed: Vulnerability fixed: Severity: Medium/High Description: KeyFax response management system provides professional management o...
HTB22974: Multiple XSS in Calendarix
Vulnerability ID: HTB22974 Reference: http://www.htbridge.ch/advisory/multiplexssincalendarix.html Product: Calendarix Vendor: http://www.calendarix.com http://www.calendarix.com Vulnerable Version: 0.8.20080808 Vendor Notification: 26 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk...
Apache Struts 2 Multiple Reflected XSS in XWork error pages
Security Advisory: MVSA-11-006 CVE: CVE-2011-1772 Vendor: Apache Software Foundation Product: Struts 2 Framework Vulnerabilities: Multiple Reflected XSS in XWork error pages Risk: High Attack Vector: From Remote Authentication: Not Required References: -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability
Civica Spydus Library Management System LMS - Cross-site Scripting Vulnerability http://www.osisecurity.com.au/advisories/civica-spydus-library-management-system-cross-site-scripting Release Date: 04-May-2011 Software: Civica - Spydus http://www.civicaplc.com/ "Libraries and information service...
ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability
ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-166 May 10, 2011 -- CVE ID: CVE-2011-1854 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...
HP Intelligent Management Center multiple security vulnerabilities
Multiple vulnerabilities in different components lead to remote code execution...
ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability
ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-154 May 9, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase MBusiness Anywhere -- TippingPoint...
HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo
Vulnerability ID: HTB22976 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinpommo.html Product: poMMo Vendor: Brice Burgess http://pommo.org/ Vulnerable Version: Aardvark PR16.1 Vendor Notification: 26 April 2011 Vulnerability Type: XSS Cross Site Scripting...
ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability
ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-164 May 10, 2011 -- CVE ID: CVE-2011-1852 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected...
HTB22977: XSRF (CSRF) in poMMo
Vulnerability ID: HTB22977 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinpommo.html Product: poMMo Vendor: Brice Burgess http://pommo.org/ Vulnerable Version: Aardvark PR16.1 Vendor Notification: 26 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit:...
ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability
ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-155 May 9, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase MBusiness Anywhere --...
Opera DoS
NULL pointer dereference on oversized SIZE parameter in SELECT tag...
[security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02822750 Version: 1 HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center IMC, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon ...
ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability
ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-162 May 10, 2011 -- CVE ID: CVE-2011-1850 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...
ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability
ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-156 May 9, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase MBusiness Anywhere --...
ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability
ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-160 May 10, 2011 -- CVE ID: CVE-2011-1848 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...
HTB22975: SQL injection in Calendarix
Vulnerability ID: HTB22975 Reference: http://www.htbridge.ch/advisory/sqlinjectionincalendarix.html Product: Calendarix Vendor: http://www.calendarix.com http://www.calendarix.com Vulnerable Version: 0.8.20080808 Vendor Notification: 26 April 2011 Vulnerability Type: SQL Injection Risk level: Hig...
ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability
ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-161 May 10, 2011 -- CVE ID: CVE-2011-1849 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...
TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write
--------------------------------------------------------------------------- - - Opera : SELECT SIZE Arbitrary null write - - --------------------------------------------------------------------------- -- Vulnerability Summary: Date Published: 03/05/2011 Last Update: 03/05/2011 Advisory ID:...
Sybase M-Business Anywhere multiple security vulnerabilities
Buffer overflows during web access authentication TCP/80, TCP/443, buffer overflow on SOAP request processing TCP/8093, TCP/8094...
ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability
ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcodetable Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-165 May 10, 2011 -- CVE ID: CVE-2011-1853 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, uninitialized pointer dereferences, information leakage, code execution...
ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability
ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-163 May 10, 2011 -- CVE ID: CVE-2011-1851 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...
ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability
ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-158 May 10, 2011 -- CVE ID: CVE-2011-0065 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox -- TippingPointTM...
ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability
ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-159 May 10, 2011 -- CVE ID: CVE-2011-0066 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox --...
ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability
ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-157 May 9, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox -- TippingPointTM IPS Customer...
Microsoft PowerPoint security vulnerabilities
Memory corruption, buffer overflow...
Postfix memory corruption
Memory corruption if Cyrus SASL library is used for CRAM authentications...
Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)
On-line version will be at http://www.postfix.org/CVE-2011-1720.html Summary ======= The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN the ANONYMOUS mechanism is unaffected but should not be enabled...