47153 matches found
VLC mediaplayer buffer overflow
Heap oveflow on MP4 parsing...
HTB22922: XSS vulnerabilities in phpAlbum.net
Vulnerability ID: HTB22922 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk...
HTB22923: XSRF (CSRF) in phpAlbum.net
Vulnerability ID: HTB22923 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...
Уязвимости в теме Mimbo Pro для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в теме Mimbo Pro для WordPress. Это коммерческий шаблон для WP. XSS WASC-08:...
ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability
ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-117 April 11, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: McAfee -- Affected Products: McAfee Firewall Reporter --...
Linksys WRT54G - read router password from file placed on FTP
Environment: Linksys WRT54G - Firmware Version: v7.00.1 Default settings of Linksys WRT54G allows to get FTP without password: rafal@localhost $ lftp 192.168.1.1 lftp 192.168.1.1: dir size date time name -------- ------ ------ -------- 956756 Jan-01-2003 02:13:12 ap61.sys 224664 Jan-01-2003...
Microsoft Reader integer overflows
Integer overflows on different formats parsing...
HTB22924: Arbitrary Command Execution in phpAlbum.net
Vulnerability ID: HTB22924 Reference: http://www.htbridge.ch/advisory/arbitrarycommandexecutioninphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: Arbitrary Command Executio...
VeryPDF PDF Extract TIFF library multiple security vulnerabilities
Multiple vulnerabilities on PDF parsing...
[DCA-2011-0010] TOTVS Microsiga Protheus ERP - Memory Corruption
DCA-2011-0010 Discussion - DcLabs Security Research Group advises about following vulnerabilityies: Software - TOTVS ERP Microsiga Protheus Application Server Vendor Product Description - Software de Gesto - TOTVS - TOTVS is a software company, innovation, relationship and support management, the...
HP Photosmart printers security vulnerabilities
Unauthorized access, crossite scripting...
Vulnerabilities in Microsoft Reader and HIS
Microsoft Reader is a PC/tablet software for reading the ebooks in LIT format and the Audible audio books. The following are a couple of integer overflows, an heap and an array indexing overflow and the writing of a NULL byte in an arbitrary memory location: http://aluigi.org/adv/msreader1-adv.tx...
[security bulletin] HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02267197 Version: 1 HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should be...
[security bulletin] HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02729035 Version: 2 HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i NNMi, Local Unauthorized Read Access to Files, Remote Cross Site Scripting XSS NOTICE: The information in this Securit...
ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability
ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-122 April 12, 2011 -- CVE ID: CVE-2011-1426 -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:P/A:C -- Affected Vendors: RealNetworks -- Affected Products:...
[SECURITY] [DSA 2218-1] vlc security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2218-1 [email protected] http://www.debian.org/security/ Nico Golde April 12, 2011 http://www.debian.org/security/faq -...
RealNetworks RealPlayer code execution
Code execution via .rnx files...
ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability
ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-118 April 11, 2011 -- CVE ID: CVE-2010-4229 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products:...
[PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel
PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2011-03 Released on: 13 Apr 2011 Last updated on: 13 Apr 2011 Affected product: Linux Kernel 2.4 and 2.6 Impact: denial-of-service Origin: storage devices Credit: Timo Warns PRESENSE Technologies GmbH CVE Identifier:...
nSense-2011-001: VeryPDF pdf2tif
nSense Vulnerability Research Security Advisory NSENSE-2011-001 --------------------------------------------------------------- Affected Vendor: VeryPDF + Multiple others, eg Barcode Reader Tookit version 7.4.1.3 Affected Product: PDF Extract TIFF COM prior to April 8'th Platform: Windows Impact:...
[security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02746026 Version: 1 HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service DoS NOTICE: The information in this...
MIT Kerberos 5 memory corruption
Invalid pointer free during password change request processing...
[USN-1109-1] GIMP vulnerabilities
=========================================================== Ubuntu Security Notice USN-1109-1 April 13, 2011 gimp vulnerabilities CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543 =========================================================== A security issue affects the following Ubuntu...
GIMP multiple security vulnerabilities
Memory corruption on different data formats parsing...
Multiple systems ICMPv6 flood DoS
router announcement packets flood resourceds exhaustion...
HTB22928: Multiple SQL Injections in WebsiteBaker
Vulnerability ID: HTB22928 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsinwebsitebaker.html Product: WebsiteBaker Vendor: Website Baker Org http://www.websitebaker2.org/ Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: SQL Injection Risk level:...
ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability
ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-121 April 12, 2011 -- CVE ID: CVE-2011-0105 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability
VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office is a proprietary commercial office suite of inter-related desktop applications, servers and services for the...
Stack overflow in Microsoft HTML Help 6.1 (CHM files)
Luigi Auriemma Application: Microsoft HTML Help http://www.microsoft.com Versions: = 6.1 Platforms: Windows any version included the latest Windows 7 Bug: stack overflow Date: 12 Apr 2011 found 20 Feb 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3...
iDefense Security Advisory 04.12.11: Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability
iDefense Security Advisory 04.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2011 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer,...
ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability
ZDI-11-119: Pwn2Own Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-119 April 12, 2011 -- CVE ID: CVE-2011-1345 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
[SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
CVE-2011-1475 Apache Tomcat information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.11 - Earlier versions are not affected Description: Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
HTB22925: Path disclosure in Plogger
Vulnerability ID: HTB22925 Reference: http://www.htbridge.ch/advisory/pathdisclosureinplogger.html Product: Plogger Vendor: Plogger Team http://www.plogger.org/ Vulnerable Version: 1.0 RC1 Vendor Notification: 29 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech...
ICMPv6 Router Announcement flooding denial of service affecting multiple systems
This security advisory is released because Microsoft doesnt want to fix the issue. Cisco did for its IOS and ASA within 3 months. Title: ICMPv6 Router Announcement flooding denial of service affecting multiple systems Date: 05 April 2011 URL:...
Apache Tomcat information leakage
Under some conditions, information may be sent to wrong client...
HTB22930: Multiple XSS in WebCalendar
Vulnerability ID: HTB22930 Reference: http://www.htbridge.ch/advisory/xssinwebcalendar.html Product: WebCalendar Vendor: k5n.us http://www.k5n.us/ Vulnerable Version: 1.2.3 Vendor Notification: 29 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tech Bridge ...
Уязвимости в TimThumb и во многих темах для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в TimThumb и во многих темах для WordPress. Уязвимыми являются TimThumb и все веб приложения в частности темы для WordPress, которые его используют...
HTB22929: Multiple Path disclosure in WebsiteBaker
Vulnerability ID: HTB22929 Reference: http://www.htbridge.ch/advisory/multiplepathdisclosureinwebsitebaker.html Product: WebsiteBaker Vendor: Website Baker Org http://www.websitebaker2.org/ Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: Path disclosure Risk level...
Уязвимости в темах Live Wire 2.0 и Live Wire Style для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в темах Live Wire 2.0 и Live Wire Style для WordPress. Это ещё две темы, которые вместе с Live Wire Edition входят в серию Live Wire. Это коммерческ...
Multiple ActiveX components security vulnerabilities
kill bit update for multiple components of different vendors...
Windows help system buffer overflow
Buffer overflow on CHM files parsing...
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had...
HTB22927: CSRF (Cross-Site Request Forgery) in Webjaxe
Vulnerability ID: HTB22927 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinwebjaxe.html Product: Webjaxe Vendor: Webjaxe http://media4.obspm.fr/outils/webjaxe/en/ Vulnerable Version: 1.02 Vendor Notification: 29 March 2011 Vulnerability Type: CSRF Cross-Site Request Forger...
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had...
ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability
ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-124 April 12, 2011 -- CVE ID: CVE-2011-0655 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected...
iDefense Security Advisory 04.12.11: Microsoft Excel Memory Corruption Vulnerability
iDefense Security Advisory 04.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2011 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:...
ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability
ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-125 April 12, 2011 -- CVE ID: CVE-2011-0656 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability
ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-120 April 12, 2011 -- CVE ID: CVE-2011-0101 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability
ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-123 April 12, 2011 -- CVE ID: CVE-2011-0655 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...