47153 matches found
TOTVS ERP Microsiga Protheus buffer overflow
Buffer overflow on network request parsing...
HP-UX NFS/ONCplus DoS
No description provided...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
VLC mediaplayer buffer overflow
Heap oveflow on MP4 parsing...
VeryPDF PDF Extract TIFF library multiple security vulnerabilities
Multiple vulnerabilities on PDF parsing...
MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-004 MIT krb5 Security Advisory 2011-004 Original release: 2011-04-12 Last update: 2011-04-12 Topic: kadmind invalid pointer free CVE-2011-0285 CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 10 Access...
HTB22922: XSS vulnerabilities in phpAlbum.net
Vulnerability ID: HTB22922 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk...
ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability
ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-122 April 12, 2011 -- CVE ID: CVE-2011-1426 -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:P/A:C -- Affected Vendors: RealNetworks -- Affected Products:...
ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability
ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-118 April 11, 2011 -- CVE ID: CVE-2010-4229 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products:...
nSense-2011-001: VeryPDF pdf2tif
nSense Vulnerability Research Security Advisory NSENSE-2011-001 --------------------------------------------------------------- Affected Vendor: VeryPDF + Multiple others, eg Barcode Reader Tookit version 7.4.1.3 Affected Product: PDF Extract TIFF COM prior to April 8'th Platform: Windows Impact:...
Vulnerabilities in Microsoft Reader and HIS
Microsoft Reader is a PC/tablet software for reading the ebooks in LIT format and the Audible audio books. The following are a couple of integer overflows, an heap and an array indexing overflow and the writing of a NULL byte in an arbitrary memory location: http://aluigi.org/adv/msreader1-adv.tx...
Linksys WRT54G - read router password from file placed on FTP
Environment: Linksys WRT54G - Firmware Version: v7.00.1 Default settings of Linksys WRT54G allows to get FTP without password: rafal@localhost $ lftp 192.168.1.1 lftp 192.168.1.1: dir size date time name -------- ------ ------ -------- 956756 Jan-01-2003 02:13:12 ap61.sys 224664 Jan-01-2003...
Уязвимости в теме Mimbo Pro для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в теме Mimbo Pro для WordPress. Это коммерческий шаблон для WP. XSS WASC-08:...
[SECURITY] [DSA 2218-1] vlc security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2218-1 [email protected] http://www.debian.org/security/ Nico Golde April 12, 2011 http://www.debian.org/security/faq -...
[security bulletin] HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02777287 Version: 1 HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as...
[USN-1109-1] GIMP vulnerabilities
=========================================================== Ubuntu Security Notice USN-1109-1 April 13, 2011 gimp vulnerabilities CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543 =========================================================== A security issue affects the following Ubuntu...
HTB22924: Arbitrary Command Execution in phpAlbum.net
Vulnerability ID: HTB22924 Reference: http://www.htbridge.ch/advisory/arbitrarycommandexecutioninphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: Arbitrary Command Executio...
ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability
ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-117 April 11, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: McAfee -- Affected Products: McAfee Firewall Reporter --...
[DCA-2011-0010] TOTVS Microsiga Protheus ERP - Memory Corruption
DCA-2011-0010 Discussion - DcLabs Security Research Group advises about following vulnerabilityies: Software - TOTVS ERP Microsiga Protheus Application Server Vendor Product Description - Software de Gesto - TOTVS - TOTVS is a software company, innovation, relationship and support management, the...
[security bulletin] HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02729035 Version: 2 HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i NNMi, Local Unauthorized Read Access to Files, Remote Cross Site Scripting XSS NOTICE: The information in this Securit...
[security bulletin] HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02267197 Version: 1 HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should be...
HTB22923: XSRF (CSRF) in phpAlbum.net
Vulnerability ID: HTB22923 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...
[PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel
PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2011-03 Released on: 13 Apr 2011 Last updated on: 13 Apr 2011 Affected product: Linux Kernel 2.4 and 2.6 Impact: denial-of-service Origin: storage devices Credit: Timo Warns PRESENSE Technologies GmbH CVE Identifier:...
[security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02746026 Version: 1 HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service DoS NOTICE: The information in this...
Multiple ActiveX components security vulnerabilities
kill bit update for multiple components of different vendors...
Multiple systems ICMPv6 flood DoS
router announcement packets flood resourceds exhaustion...
Windows help system buffer overflow
Buffer overflow on CHM files parsing...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Apache Tomcat information leakage
Under some conditions, information may be sent to wrong client...
ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability
ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-125 April 12, 2011 -- CVE ID: CVE-2011-0656 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
Уязвимости в темах Live Wire 2.0 и Live Wire Style для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в темах Live Wire 2.0 и Live Wire Style для WordPress. Это ещё две темы, которые вместе с Live Wire Edition входят в серию Live Wire. Это коммерческ...
ICMPv6 Router Announcement flooding denial of service affecting multiple systems
This security advisory is released because Microsoft doesnt want to fix the issue. Cisco did for its IOS and ASA within 3 months. Title: ICMPv6 Router Announcement flooding denial of service affecting multiple systems Date: 05 April 2011 URL:...
ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability
ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-123 April 12, 2011 -- CVE ID: CVE-2011-0655 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
Stack overflow in Microsoft HTML Help 6.1 (CHM files)
Luigi Auriemma Application: Microsoft HTML Help http://www.microsoft.com Versions: = 6.1 Platforms: Windows any version included the latest Windows 7 Bug: stack overflow Date: 12 Apr 2011 found 20 Feb 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3...
iDefense Security Advisory 04.12.11: Microsoft Excel Memory Corruption Vulnerability
iDefense Security Advisory 04.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2011 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:...
HTB22925: Path disclosure in Plogger
Vulnerability ID: HTB22925 Reference: http://www.htbridge.ch/advisory/pathdisclosureinplogger.html Product: Plogger Vendor: Plogger Team http://www.plogger.org/ Vulnerable Version: 1.0 RC1 Vendor Notification: 29 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech...
ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability
ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-121 April 12, 2011 -- CVE ID: CVE-2011-0105 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability
ZDI-11-119: Pwn2Own Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-119 April 12, 2011 -- CVE ID: CVE-2011-1345 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability
VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office is a proprietary commercial office suite of inter-related desktop applications, servers and services for the...
ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability
ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-124 April 12, 2011 -- CVE ID: CVE-2011-0655 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected...
HTB22928: Multiple SQL Injections in WebsiteBaker
Vulnerability ID: HTB22928 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsinwebsitebaker.html Product: WebsiteBaker Vendor: Website Baker Org http://www.websitebaker2.org/ Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: SQL Injection Risk level:...
[SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
CVE-2011-1475 Apache Tomcat information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.11 - Earlier versions are not affected Description: Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did...
HTB22929: Multiple Path disclosure in WebsiteBaker
Vulnerability ID: HTB22929 Reference: http://www.htbridge.ch/advisory/multiplepathdisclosureinwebsitebaker.html Product: WebsiteBaker Vendor: Website Baker Org http://www.websitebaker2.org/ Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: Path disclosure Risk level...
HTB22927: CSRF (Cross-Site Request Forgery) in Webjaxe
Vulnerability ID: HTB22927 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinwebjaxe.html Product: Webjaxe Vendor: Webjaxe http://media4.obspm.fr/outils/webjaxe/en/ Vulnerable Version: 1.02 Vendor Notification: 29 March 2011 Vulnerability Type: CSRF Cross-Site Request Forger...
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had...
HTB22930: Multiple XSS in WebCalendar
Vulnerability ID: HTB22930 Reference: http://www.htbridge.ch/advisory/xssinwebcalendar.html Product: WebCalendar Vendor: k5n.us http://www.k5n.us/ Vulnerable Version: 1.2.3 Vendor Notification: 29 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tech Bridge ...
HTB22926: XSS vulnerability in Plogger
Vulnerability ID: HTB22926 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinplogger.html Product: Plogger Vendor: Plogger Team http://www.plogger.org/ Vulnerable Version: 1.0 RC1 Vendor Notification: 29 March 2011 Vulnerability Type: XSS Risk level: Medium Credit: High-Tech Bridge SA ...
ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability
ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-120 April 12, 2011 -- CVE ID: CVE-2011-0101 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
Уязвимости в TimThumb и во многих темах для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в TimThumb и во многих темах для WordPress. Уязвимыми являются TimThumb и все веб приложения в частности темы для WordPress, которые его используют...
iDefense Security Advisory 04.12.11: Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability
iDefense Security Advisory 04.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2011 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer,...