47153 matches found
HTB22956: XSS vulnerabilities in phpList
Vulnerability ID: HTB22956 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphplist.html Product: phpList Vendor: Tincan Ltd http://www.phplist.com/ Vulnerable Version: 2.10.13 and probably prior versions Vendor Notification: 12 April 2011 Vulnerability Type: XSS Risk level: Medium...
Уязвимости во многих темах и компонентвх для Joomla
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах и компонентах для Joomla. Подобно уязвимостям во многих темах для WordPress, Drupal и ExpressionEngine, также уязвимыми являются...
XSS in Webmin 1.540 + exploit for privilege escalation
Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi javierbassi at gmail dot com...
[SECURITY] [DSA 2220-1] Request Tracker security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2220-1 [email protected] http://www.debian.org/security/ Florian Weimer April 19, 2011 http://www.debian.org/security/faq -...
[USN-1120-1] tiff vulnerability
========================================================================== Ubuntu Security Notice USN-1120-1 April 21, 2011 tiff vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Se
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02738731 Version: 1 HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager SIM for HP-UX, Linux, and Windows, Remote Cross Site Scripting XSS, Cross Site Request Forgery CSRF, Execution of...
FreeBSD mountd protection bypass
Network mask in ACLs is computed incorrectly...
HTB22945: Multiple XSS in ZENphoto
Vulnerability ID: HTB22945 Reference: http://www.htbridge.ch/advisory/multiplexssinzenphoto.html Product: ZENphoto Vendor: ZENphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit:...
[security bulletin] HPSBMA02660 SSRT100433 rev.1 - HP Performance Insight Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access to Sensitive Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02790298 Version: 1 HPSBMA02660 SSRT100433 rev.1 - HP Performance Insight Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access to Sensitive Information NOTICE: The informatio...
HP Insight Control Performance Management security vulnerabilities
Crossite request forgery, privilege escalation...
FreeBSD Security Advisory FreeBSD-SA-11:01.mountd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:01.mountd Security Advisory The FreeBSD Project Topic: Network ACL mishandling in mountd8 Category: core Module: mountd Announced: 2011-04-20 Credits: Ruslan...
ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-137 April 19, 2011 -- CVE ID: CVE-2011-0807 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Applicati...
HTB22946: Multiple SQL Injection in Ajax Category Dropdown wordpress plugin
Vulnerability ID: HTB22946 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectioninajaxcategorydropdownwordpressplugin.html Product: Ajax Category Dropdown wordpress plugin Vendor: http://www.dyasonhat.com/ http://www.dyasonhat.com/ Vulnerable Version: 0.1.5 Vendor Notification: 07 April...
ZDI-11-139: Webkit Anonymous Frame Remote Code Execution Vulnerability
ZDI-11-139 formerly ZDI-CAN-1035: Webkit Anonymous Frame Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-139 April 19, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPointTM IPS Customer...
Многочисленные уязвимости в MyBB
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage, Abuse of Functionality, Insufficient Anti-automation и Brute Force уязвимостях в MyBB. Information Leakage WASC-13: Логины есть именами пользователей на форуме и соответственно на страницах форума можно выявить логины. Abuse o...
[SECURITY] [DSA 2221-1] Mojolicious security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2221-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 19, 2011 http://www.debian.org/security/faq -...
[USN-1115-1] language-selector vulnerability
========================================================================== Ubuntu Security Notice USN-1115-1 April 19, 2011 language-selector vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
[SECURITY] [DSA 2223-1] doctrine security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2223-1 [email protected] http://www.debian.org/security/ Florian Weimer April 20, 2011 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
HP Performance Insight information leakage
No description provided...
HTB22944: Path disclousure in ZENphoto
Vulnerability ID: HTB22944 Reference: http://www.htbridge.ch/advisory/pathdisclousureinzenphoto.html Product: ZENphoto Vendor: Zenphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech...
Apple WebKit / Safari multiple security vulnerabilities
Integer overflow, use-after-free...
ZDI-11-140: Webkit Detached Body Element Remote Code Execution Vulnerability
ZDI-11-140 formerly ZDI-CAN-1026: Webkit Detached Body Element Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-140 April 19, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPointTM IPS...
CA20110420-01: Security Notice for CA SiteMinder
CA20110420-01: Security Notice for CA SiteMinder Issued: April 20, 2011 CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address...
ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability
ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-138 April 19, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPointTM IPS Customer...
HTB22950: SQL injection in 4images
Vulnerability ID: HTB22950 Reference: http://www.htbridge.ch/advisory/sqlinjectionin4images.html Product: 4images Vendor: http://www.4homepages.de/ http://www.4homepages.de/ Vulnerable Version: 1.7.9 Vendor Notification: 07 April 2011 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk...
HP Virtual Server Environment for Windows privilege escalation
No description provided...
HP Systems Insight Manager multiple security vulnerabilities
Crossite scripting, crossite request forgery, DoS...
[security bulletin] HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02749050 Version: 1 HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation NOTICE: The information in this Security Bulletin should be acted upon as...
Videcon Viola DVR VIO-4/1000 directory traversal
Directory traversal in Web interface...
[USN-1117-1] PolicyKit vulnerability
========================================================================== Ubuntu Security Notice USN-1117-1 April 19, 2011 policykit-1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
PolicyKit privilege escalation
privilege escalation via pkexec...
CA Output Management Web Viewer ActiveX buffer overflow
Buffer overflows in UOMWVHelperActiveX.ocx and PPSView.ocx...
language-selector privilege escalation
Privilege escalation via D-Bus messages...
libtiff memory corruption
Memory corruption on JPEG files parsing...
CA20110420-02: Security Notice for CA Output Management Web Viewer
CA20110420-02: Security Notice for CA Output Management Web Viewer Issued: April 20, 2011 CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA...
Directory Traversal Vulnerability in Viola DVR VIO-4/1000
============================================================== Viola DVR VIO-4/1000 - Directory Traversal Vulnerability ============================================================== Software: Viola DVR VIO-4/1000 other products may be affected Vendor: http://www.videcon.co.uk/ Vuln Type: Directo...
HTB22949: Multiple Path disclousure in 4images
Vulnerability ID: HTB22949 Reference: http://www.htbridge.ch/advisory/multiplepathdisclousurein4images.html Product: 4images Vendor: http://www.4homepages.de/ http://www.4homepages.de/ Vulnerable Version: 1.7.9 Vendor Notification: 07 April 2011 Vulnerability Type: Path disclosure Status: Fixed b...
HTB22947: XSS in Ajax Category Dropdown wordpress plugin
Vulnerability ID: HTB22947 Reference: http://www.htbridge.ch/advisory/xssinajaxcategorydropdownwordpressplugin.html Product: Ajax Category Dropdown wordpress plugin Vendor: http://www.dyasonhat.com/ http://www.dyasonhat.com/ Vulnerable Version: 0.1.5 Vendor Notification: 07 April 2011 Vulnerabili...
[security bulletin] HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery (CSRF)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02748970 Version: 1 HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery CSRF NOTICE: The information in th...
ZDI-11-136: IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability
ZDI-11-136 formerly ZDI-CAN-1022: IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-136 April 18, 2011 -- CVE ID: CVE-2011-1206 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM --...
KDE KHTML crossite scripting
Crossite scripting via error pages...
HTB22935: Multiple XSS in WP-StarsRateBox wordpress plugin
Vulnerability ID: HTB22935 Reference: http://www.htbridge.ch/advisory/multiplexssinwpstarsrateboxwordpressplugin.html Product: WP-StarsRateBox wordpress plugin Vendor: www.starsrate.com www.starsrate.com Vulnerable Version: 1.1 Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site...
CA20110413-01: Security Notice for CA Total Defense
-----BEGIN PGP SIGNED MESSAGE----- CA20110413-01: Security Notice for CA Total Defense Issued: April 13, 2011 CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. ...
CA TotalDefence multiple security vulnerabilities
SQL injection, directory traversal, information leakage, unauthorized access...
KDE KGet directory traversal
Directory traversal via filename...
ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability
ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-128 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total...
[USN-1114-1] KDENetwork vulnerability
========================================================================== Ubuntu Security Notice USN-1114-1 April 18, 2011 kdenetwork vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
HTB22933: Multiple Path disclosure in webSPELL
Vulnerability ID: HTB22933 Reference: http://www.htbridge.ch/advisory/multiplepathdisclosureinwebspell.html Product: webSPELL Vendor: http://www.webspell.org/ http://www.webspell.org/ Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: Path disclosure Risk level: Low...
HTB22938: Multiple XSS in Universal Post Manager wordpress plugin
Vulnerability ID: HTB22938 Reference: http://www.htbridge.ch/advisory/multiplexssinuniversalpostmanagerwordpressplugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects Artyom Chakhoyan http://www.profprojects.com/ Vulnerable Version: 1.0.9 Vendor Notification: 05 April...