47153 matches found
HTB22967: Multiple SQL Injection in Shutter
Vulnerability ID: HTB22967 Reference: http://www.htbridge.ch/advisory/sqlinjectioninshutter.html Product: Shutter Vendor: http://shutter.tenfourzero.net/ http://shutter.tenfourzero.net/ Vulnerable Version: 0.1.4 Vendor Notification: 19 April 2011 Vulnerability Type: SQL Injection Risk level: High...
Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability Document ID: 112916 Advisory ID: cisco-sa-20110427-wlc Revision 1.0 For Public Release 2011 April 27 1600 UTC GMT...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Embarcadero Interbase buffer overflow
Stack buffer overflow on connect request processing...
HTB22958: XSS in phpGraphy
Vulnerability ID: HTB22958 Reference: http://www.htbridge.ch/advisory/xssinphpgraphy.html Product: phpGraphy Vendor: http://phpgraphy.sourceforge.net/ http://phpgraphy.sourceforge.net/ Vulnerable Version: 0.9.13b Vendor Notification: 14 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk...
SAP WebAS multiple security vulnerabilities
Crossite scripting, form redirection...
TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory April 21, 2011 Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2 on Windows platform Remote exploitable: Yes Credits: This vulnerability was discovered and researched by...
XSS, Redirector и IAA уязвимости в MyBB
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, URL Redirector Abuse и Insufficient Anti-automation уязвимостях в MyBB. Для XSS и URL Redirector Abuse используется рабочий аккаунт на уязвимом сайте. О подобных атаках я писал в статье Атаки на незащищённые логин формы...
EMC RSA Data Loss Prevention crossite scripting
No description provided...
[Onapsis Security Advisory 2011-004] SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-004: SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain...
OSI Security: LANSA aXes Web Terminal (TN5250) Cross-Site Scripting Vulnerability
LANSA aXes Web Terminal TN5250 Cross-Site Scripting Vulnerability http://www.osisecurity.com.au/advisories/lansa-axes-web-terminal-tn5250-cross-site-scripting Release Date: 30-Apr-2011 Software: LANSA - aXes http://www.lansa.com http://www.axeslive.com "Transform your 5250 applications into GUI...
ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention Advisories Updated April 25, 2011 Summary: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA...
Cisco Wireless LAN Controller DoS
Crash on ICMP processing...
ZDI-11-153: Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability
ZDI-11-153: Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-153 April 29, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Embarcadero -- Affected Products: Embarcadero Interbase -- TippingPointT...
HTB22965: Multiple XSS vulnerabilities in BackupPC
Vulnerability ID: HTB22965 Reference: http://www.htbridge.ch/advisory/multiplexssvulnerabilitiesinbackuppc.html Product: BackupPC Vendor: Craig Barratt http://backuppc.sourceforge.net/ Vulnerable Version: 3.1.0, perhaps 3.2.0 also vulnerable Vendor Notification: 14 April 2011 Vulnerability Type:...
Уязвимости в теме Magazeen для WordPress и Dotclear
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в теме Magazeen для WordPress и Dotclear. Подобно уязвимостям во многих темах для WordPress, Drupal, ExpressionEngine и Joomla, также уязвимой...
[ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g
============================================= INTERNET SECURITY AUDITORS ALERT 2010-007 - Original release date: August 11th, 2010 - Last revised: May 1st, 2011 - Discovered by: Vicente Aguilera Diaz - Severity: 5.0/10 CVSS Base Scored ============================================= I. VULNERABILIT...
HTB22960: XSS in Daily Maui Photo Widget wordpress plugin
Vulnerability ID: HTB22960 Reference: http://www.htbridge.ch/advisory/xssindailymauiphotowidgetwordpressplugin.html Product: Daily Maui Photo Widget wordpress plugin Vendor: Kris Nelson http://www.webnelly.com/ Vulnerable Version: 0.2 Vendor Notification: 14 April 2011 Vulnerability Type: XSS Cro...
TeamSHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager Service Level component
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory April 21, 2011 Risk Level: High Affected versions: Oracle Enterprise Manager 11g Release 1 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security...
[Onapsis Security Advisory 2011-005] SAP Enterprise Portal Path Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-005: SAP Enterprise Portal Path Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
Multiple Vendors libc/glob() GLOB_BRACE|GLOB_LIMIT memory exhaustion
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob GLOBBRACE|GLOBLIMIT memory exhaustion Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 19.01.2011 - Pub.: 02.05.2011 CVE: CVE-2011-0418 Affected Software...
[SECURITY] [DSA 2229-1] spip security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2229-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 01, 2011 http://www.debian.org/security/faq -...
CVE-2010-0216 MediaCast Password Dump Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packetninjas L.L.C www.packetninjas.net -= Security Advisory =- Advisory: MediaCast Password Dump Vulnerability Release Date: 04/25/2011 Author: Daniel Clemens daniel.clemensatpacketninjas.net Application: MediaCast = 8 By Inventive, Inc -...
[Onapsis Security Advisory 2011-003] SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-003: SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain...
TeamSHATTER Security Advisory: XSS in locale parameter on IASTOP_CS_FARM_PAGE.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory April 21, 2011 Risk Level: High Affected versions: Oracle Enterprise Manager 10g Release 1 and Release 2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of...
VMware ESXi / ESX DoS
Sockets exhaustion attack is possible...
[ MDVSA-2011:082 ] python-feedparser
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:082 http://www.mandriva.com/security/ Package : python-feedparser Date : May 2, 2011 Affected: 2010.0, 2010.1 Problem Description: Multiple vulnerabilities has been found and corrected in python-feedparser:...
[Full-disclosure] [USN-1127-1] usb-creator vulnerability
========================================================================== Ubuntu Security Notice USN-1127-1 May 02, 2011 usb-creator vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
HTB22959: CSRF (Cross-Site Request Forgery) in phpGraphy
Vulnerability ID: HTB22959 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinphpgraphy.html Product: phpGraphy Vendor: http://phpgraphy.sourceforge.net/ http://phpgraphy.sourceforge.net/ Vulnerable Version: 0.9.13b Vendor Notification: 14 April 2011 Vulnerability Type: CSRF...
VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0007 Synopsis: VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console Iss...
HTB22961: XSS in WP Photo Album wordpress plugin
Vulnerability ID: HTB22961 Reference: http://www.htbridge.ch/advisory/xssinwpphotoalbumwordpressplugin.html Product: WP Photo Album wordpress plugin Vendor: Rubin J. Kaplan http://me.mywebsight.ws/ Vulnerable Version: 1.5.1 Vendor Notification: 14 April 2011 Vulnerability Type: XSS Cross Site...
usb-creator privilege escalation
Some privileged disk operations are possible...
[SECURITY] [DSA 2230-1] qemu-kvm security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2230-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 01, 2011 http://www.debian.org/security/faq -...
[Onapsis Security Advisory 2011-009] Oracle JD Edwards JDENET SawKernel Remote Password Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-009: Oracle JD Edwards JDENET SawKernel Remote Password Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain...
ZDI-11-149: HP Data Protector Backup Client Service HPFGConfig Remote Code Execution Vulnerability
ZDI-11-149: HP Data Protector Backup Client Service HPFGConfig Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-149 April 29, 2011 -- CVE ID: CVE-2011-1733 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...
ZDI-11-146: HP Data Protector Backup Client Service EXEC_SCRIPT Remote Code Execution Vulnerability
ZDI-11-146: HP Data Protector Backup Client Service EXECSCRIPT Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-146 April 29, 2011 -- CVE ID: CVE-2011-1730 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...
[Onapsis Security Advisory 2011-007] Oracle JD Edwards JDENET Kernel Shutdown
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-007: Oracle JD Edwards JDENET Kernel Shutdown This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
PHP multiple security vulnerabilities
Privilege escalation, memory corruptions, buffer overflows, DoS conditions, integer overflows, format string vulnerabilities, information leaks...
ZDI-11-145: HP Data Protector Backup Client Service GET_FILE Remote Code Execution Vulnerability
ZDI-11-145: HP Data Protector Backup Client Service GETFILE Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-145 April 29, 2011 -- CVE ID: CVE-2011-1729 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...
HP Data Protector multiple security vulnerabilities
Multiple vulnerabilities are unpatched for 180 days...
Cisco Unified Communications Manager multiple security vulnerabilities
DoS via SIP, directory traversal, SQL injection...
ZDI-11-150: HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability
ZDI-11-150: HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-150 April 29, 2011 -- CVE ID: CVE-2011-1734 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard --...
ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability
ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-151 April 29, 2011 -- CVE ID: CVE-2011-1735 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected...
[Onapsis Security Advisory 2011-012] Oracle JD Edwards JDENET Firewall Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-012: Oracle JD Edwards JDENET Firewall Bypass This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
[Onapsis Security Advisory 2011-006] Oracle JD Edwards JDENET Kernel Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-006: Oracle JD Edwards JDENET Kernel Denial of Service This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...
Mozilla Foundation Security Advisory 2011-12
Mozilla Foundation Security Advisory 2011-12 Title: Miscellaneous memory safety hazards rv:2.0.1/ 1.9.2.17/ 1.9.1.19 Impact: Critical Announced: April 28, 2011 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 4.0.1 Firefox 3.6.17 Firefox 3.5.19 Thunderbird 3.1.10 SeaMonkey 2.0.14...
ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
ZDI-11-143formerly ZDI-CAN-965: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-143 April 28, 2011 -- CVE ID: CVE-2011-1610 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Cisco -- Affected Products: Cisco...
[Onapsis Security Advisory 2011-008] Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-008: Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will...
[USN-1126-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-1126-1 April 29, 2011 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
[Onapsis Security Advisory 2011-010] Oracle JD Edwards JDENET Remote Logging Deactivation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-010: Oracle JD Edwards JDENET Remote Logging Deactivation This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...