47153 matches found
ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability
ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-129 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...
About the security content of Safari 5.0.5
About the security content of Safari 5.0.5 Last Modified: April 14, 2011 Article: HT4596 Email this article Print this page Summary This document describes the security content of Safari 5.0.5. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until...
HTB22939: Multiple SQL Injection in Universal Post Manager wordpress plugin
Vulnerability ID: HTB22939 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectioninuniversalpostmanagerwordpressplugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects Artyom Chakhoyan http://www.profprojects.com/ Vulnerable Version: 1.0.9 Vendor Notification: 0...
IBM Tivoli Directory Server buffer overflow
Buffer overflow in LDAP TCP/389 CRAM-MD5 authentication...
ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability
ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-130 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...
HTB22941: CSRF (Cross-Site Request Forgery) in Dalbum
Vulnerability ID: HTB22941 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryindalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ http://www.dalbum.org/ Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk...
HTB22937: Path disclosure in Universal Post Manager wordpress plugin
Vulnerability ID: HTB22937 Reference: http://www.htbridge.ch/advisory/pathdisclosureinuniversalpostmanagerwordpressplugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects Artyom Chakhoyan http://www.profprojects.com/ Vulnerable Version: 1.0.9 Vendor Notification: 05 Apri...
Уязвимости во многих темах для ExpressionEngine
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах для ExpressionEngine. Уязвимыми являются следующие темы для ExpressionEngine: Fresh News, Inspire, City Guide, Delegate, Optimize,...
ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability. EMC Identifier: ESA-2011-013 CVE Identifier: CVE-2011-1421 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: EMC SW: EMC...
HTB22932: Multiple XSS in webSPELL
Vulnerability ID: HTB22932 Reference: http://www.htbridge.ch/advisory/multiplexssinwebspell.html Product: webSPELL Vendor: http://www.webspell.org/ http://www.webspell.org/ Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Mediu...
ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability
ZDI-11-135: Pwn2Own WebKit WBR Tag Removal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-135 April 14, 2011 -- CVE ID: CVE-2011-1344 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPointTM IP...
HTB22940: XSS in SocialGrid wordpress plugin
Vulnerability ID: HTB22940 Reference: http://www.htbridge.ch/advisory/xssinsocialgridwordpressplugin.html Product: SocialGrid wordpress plugin Vendor: Michael Whalen http://whalesalad.com Vulnerable Version: 2.3 Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk...
ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication On-Premise Flash File Security Patch Advisories Updated April 14, 2011 Summary: A potential cross-site scripting vulnerability has been identified in RSA...
HTB22934: SQL Injection in WP-StarsRateBox wordpress plugin
Vulnerability ID: HTB22934 Reference: http://www.htbridge.ch/advisory/sqlinjectioninwpstarsrateboxwordpressplugin.html Product: WP-StarsRateBox wordpress plugin Vendor: www.starsrate.com www.starsrate.com Vulnerable Version: 1.1 Vendor Notification: 05 April 2011 Vulnerability Type: SQL Injection...
EMC Networker weak permissions
Weak permissions for executable file...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability
ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-131 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability CVE-2011-1344 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser,...
ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability
ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-134 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total...
HTB22943: XSS in Dalbum
Vulnerability ID: HTB22943 Reference: http://www.htbridge.ch/advisory/xssindalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ http://www.dalbum.org/ Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tec...
HTB22931: XSS vulnerability in InTerra Blog Machine
Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachine.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 2011...
[DCA-2011-0011] - Ocomon Multiple SQL Injection
DCA-2011-0011 Discussion - DcLabs Security Research Group advises about following vulnerabilityies: Software - Ocomon Vendor Product Description - The OCOMON came in March 2002 as a personal project of programmer Franque Custodio, with the initial characteristics of the registration, monitoring,...
ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability
ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-127 April 13, 2011 -- CVE ID: CVE-2011-1655 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Tota...
HTB22942: Path disclousure in Dalbum
Vulnerability ID: HTB22942 Reference: http://www.htbridge.ch/advisory/pathdisclousureindalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ http://www.dalbum.org/ Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tec...
ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability
ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-133 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...
[security bulletin] HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02788734 Version: 1 HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access NOTICE: The information in this Security...
ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability
ZDI-11-104: Pwn2Own Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit --...
EMC RSA Adaptive Authenticatio crossite scripting
Flash file crossite scripting...
ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability
ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-126 April 13, 2011 -- CVE ID: CVE-2011-1654 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense Suite ...
ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability
ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-132 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total...
[USN-1110-1] KDE-Libs vulnerabilities
========================================================================== Ubuntu Security Notice USN-1110-1 April 14, 2011 kde4libs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Microsoft Windows multiple security vulnerabilities
SMB client and server memory corruption, Fax Cover Page Editor memory corruption, MFC library unsafe DLL loading, MHTML library information leak, GDI+ library integer overflow, DNS client memory corruption, memory corruption in .Net Framework, memory corruption in JScript / VBScript engines, stac...
XSS, AoF и IAA уязвимости в PHP-Nuke
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Abuse of Functionality и Insufficient Anti-automation уязвимостях в PHP-Nuke. XSS WASC-08: POST запрос на странице http://site/modules.php?name=Downloads " style="-moz-binding:url'http://websecurity.com.ua/webtools/xss.xmlxss...
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034)
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability CVE-2011-0034 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft...
VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345)
VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption CVE-2011-1345 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows li...
Уязвимости во многих темах для Drupal
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах для Drupal. Уязвимыми являются следующие темы для Drupal: Fresh News, Inspire, Spectrum, Delegate, Optimize, Bueno, Headlines, Daily...
Microsoft Internet Explorer multiple security vulnerabilities
Multiple memory corruptions and information leaks...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034)
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability CVE-2011-0034 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft...
VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094)
VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability CVE-2011-0094 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows...
VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105)
VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability CVE-2011-0105 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share...
The BodgeIt Store - another vulnerable web app
Hi folks, I've recently open sourced a vulnerable web app, called The BodgeIt Store: http://code.google.com/p/bodgeit/ Why? Well, you can never have too many vulnerable apps to test against, but also because I've found that many of the existing apps are non trivial to install - they either have a...
Microsoft Office multiple security vulnerabilities
Multiple memory corruptions in Excel and PowerPoint, unsafe DLL loading, memory corruption in Office Graphic...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[security bulletin] HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02777287 Version: 1 HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as...
MIT Kerberos 5 memory corruption
Invalid pointer free during password change request processing...
HP-UX NFS/ONCplus DoS
No description provided...
McAfee Firewall Reporter unauthenticated access
Bug in application logic allows authentication bypass...
TOTVS ERP Microsiga Protheus buffer overflow
Buffer overflow on network request parsing...
Linksys WRT54G information leakage
Access passwords are stored in the files available via anonymous FTP...