47153 matches found
Stack overflow in Microsoft HTML Help 6.1 (CHM files)
Luigi Auriemma Application: Microsoft HTML Help http://www.microsoft.com Versions: = 6.1 Platforms: Windows any version included the latest Windows 7 Bug: stack overflow Date: 12 Apr 2011 found 20 Feb 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3...
[SECURITY] [DSA 2214-1] ikiwiki security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2214-1 [email protected] http://www.debian.org/security/ Nico Golde April 8, 2011 http://www.debian.org/security/faq -...
Уязвимости в теме The Gazette Edition для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в теме The Gazette Edition для WordPress. Это коммерческий шаблон для WP. XSS WASC-08:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Arbitary File Upload Vulnerability in Elxis CMS component eForum v1.1
========================================================================== Elxis CMS component eForum v1.1 - Arbitary File Upload Vulnerability ========================================================================== Software: eForum v1.1 Elxis CMS component Vendor: http://www.isopensource.com/...
[SECURITY] [DSA 2216-1] isc-dhcp security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2216-1 [email protected] http://www.debian.org/security/ Nico Golde April 10, 2011 http://www.debian.org/security/faq -...
libmodplug library buffer overflow
ReadS3M buffer overflow. DoS on ABC files parsing...
phplist: cross site request forgery (CSRF), CVE-2011-0748
phplist: cross site request forgery CSRF, CVE-2011-0748 References https://vulners.com/cve/CVE-2011-2748 http://int21.de/cve/CVE-2011-0748-phplist.html Description phplist is a mailing list software written in PHP. Up to version 2.10.12, it provided no protection against cross site request forger...
O2 DSL Router Classic router crossite scripting
Crossite scripting in administration interface...
LFI Vulnerability in 024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package)
============================================================================================================= 1024cms Admin Control Panel v1.1.0 Beta Complete-Modules Package - Local File Include Vulnerability...
SEC Consult SA-20110407-0 :: Libmodplug ReadS3M Stack Overflow
SEC Consult Vulnerability Lab Security Advisory 20110407-0 ======================================================================= title: Libmodplug ReadS3M Stack Overflow product: Libmodplug library vulnerable version: 0.8.8.1 fixed version: 0.8.8.2 impact: critical homepage:...
XRDB shell characters vulnerability
Shell characters vulnerability via host name...
KDE KSSL certificate spoofing
It's possible to spoof certificate issued for IP address...
XSS Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package)
============================================================================================================ 1024cms Admin Control Panel v1.1.0 Beta Master-cPanel Package - Cross-Site Scripting Vulnerability...
HTB22916: XSRF (CSRF) in phpCollab
Vulnerability ID: HTB22916 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: CSRF Cross-Site Request...
Directory Traversal Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package)
============================================================================================================= 1024cms Admin Control Panel v1.1.0 Beta Complete-Modules Package - Directory Traversal Vulnerability...
XSS Vulnerabilities in 1024cms Admin Control Panel v1.1.0 Beta
================================================================================================================ 1024cms Admin Control Panel v1.1.0 Beta Complete-Modules Package - Cross-Site Scripting Vulnerability...
tmux privilege escalation
Elevated group privileges are not dropped...
Debian symbolic links vulnerability
/etc/cron.d/php5 cron job allows to delete arbitrary files via symlinks...
O2 classic router: persistent cross site scripting (XSS) and cross site request forgery (CSRF)
O2 classic router: persistent cross site scripting XSS and cross site request forgery CSRF References https://vulners.com/cve/CVE-2010-1482 http://int21.de/cve/CVE-2011-0746-o2-router.html Description The default DSL router shipped by the german company O2 is completely vulnerable to persistent...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities
Vulnerability title: Sonexis ConferenceManager Multiple Cross-site Scripting XSS Vulnerabilities Solutionary ID: SERT-VDN-1005 Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html CVE ID: Pending CVSS risk rating: 3.9 Product: Sonexis...
[SECURITY] [DSA 2212-1] tmux security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2212-1 [email protected] http://www.debian.org/security/ Nico Golde April 7, 2011 http://www.debian.org/security/faq -...
[ MDVSA-2011:069 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:069 http://www.mandriva.com/security/ Package : php Date : April 8, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: It was discovered that the /etc/cron.d/php...
Уязвимости в теме Live Wire Edition для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в теме Live Wire Edition для WordPress. Это коммерческий шаблон для WP. XSS WASC-08:...
joomlacontenteditor (com_jce) BLIND sql injection vulnerability
=================================================================== joomlacontenteditor comjce BLIND sql injection vulnerability =================================================================== Software: joomlacontenteditor comjce Vendor: www.joomlacontenteditor.net Vuln Type: BLind SQL...
HTB22921: SQL Injection in Viscacha
Vulnerability ID: HTB22921 Reference: http://www.htbridge.ch/advisory/sqlinjectioninviscacha.html Product: Viscacha Vendor: MaMo Net http://www.viscacha.org Vulnerable Version: 0.8.1 Vendor Notification: 24 March 2011 Vulnerability Type: SQL Injection Risk level: High Credit: High-Tech Bridge SA ...
LFI Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package)
========================================================================================================== 1024cms Admin Control Panel v1.1.0 Beta Master-cPanel Package - Local File Include Vulnerability...
HTB22917: XSS vulnerabilities in phpCollab
Vulnerability ID: HTB22917 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Stored XSS Cross...
HTB22918: Path disclosure in phpCollab
Vulnerability ID: HTB22918 Reference: http://www.htbridge.ch/advisory/pathdisclosureinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Path disclosure Risk...
HTB22919: Multiple XSS in Viscacha
Vulnerability ID: HTB22919 Reference: http://www.htbridge.ch/advisory/multiplexssinviscacha.html Product: Viscacha Vendor: MaMo Net http://www.viscacha.org Vulnerable Version: 0.8.1 Vendor Notification: 24 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tec...
HTB22915: Path disclosure in Joomla
Vulnerability ID: HTB22915 Reference: http://www.htbridge.ch/advisory/pathdisclosureinjoomla.html Product: Joomla Vendor: http://www.joomla.org/ http://www.joomla.org/ Vulnerable Version: 1.6.1 Vendor Notification: 24 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tec...
HTB22920: Path disclosure in Viscacha
Vulnerability ID: HTB22920 Reference: http://www.htbridge.ch/advisory/pathdisclosureinviscacha.html Product: Viscacha Vendor: MaMo Net http://www.viscacha.org Vulnerable Version: 0.8.1 Vendor Notification: 24 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech Bridge ...
Sonexis ConferenceManager SQL Injection
Vulnerability title: Sonexis ConferenceManager SQL Injection Solutionary ID: SERT-VDN-1006 Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html CVE ID: Pending CVSS risk rating: 8 Product: Sonexis ConferenceManager Application Vendor: Sonex...
[USN-1107-1] x11-xserver-utils vulnerability
=========================================================== Ubuntu Security Notice USN-1107-1 April 06, 2011 x11-xserver-utils vulnerability CVE-2011-0465 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.1...
XSS Vulnerability in Redmine 1.0.1 to 1.1.1
Information -------------------- Name : XSS vulnerability in Redmine Software : all Redmine versions from 1.0.1 to 1.1.1 Vendor Homepage : http://www.redmine.org Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut at mavitunasecurity dot com Advisory Reference...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[ MDVSA-2011:065 ] logrotate
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:065 http://www.mandriva.com/security/ Package : logrotate Date : April 5, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities were...
StartSite.ir Cross-site Scripting Vulnerability
------------In The Name Of God------------ StartSite.ir Cross-site Scripting Vulnerability AUTHOR: md.r00t Mail: [email protected] Website: www.r00t.gigfa.com Forum: http://ajaxtm.com/forum Google D0rk: "Powered by StartSite.ir" xss EXPLOIT: scriptalert/0//script script...
[security bulletin] HPSBMA02652 SSRT100432 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02776387 Version: 2 HPSBMA02652 SSRT100432 rev.2 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure NOTICE: The information in this Security...
[ MDVSA-2011:066 ] rsync
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:066 http://www.mandriva.com/security/ Package : rsync Date : April 5, 2011 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 Problem Description: A vulnerability wase discovered and corrected in rsync:...
RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution and Code Execution Vulnerabilities
RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control InstallerDlg.dll v2.6.0.445 Multiple Remote Commands Execution and Code Execution Vulnerabilities tested against Internet Explorer 9, Vista sp2 download url: http://www.gamehouse.com/ background: When choosing to play with theese online...
GGmpeg library multiple security vulnerabilities
Buffer overflow on Vorbis / WebM files decoding, memory corruption on RealMedia and VC1 files...
Stored and Reflective XSS in Yaws-Wiki 1.88-1 (Erlang)
Software: yaws-wiki version affected: 1.88-1 platform: Erlang homepage:http://yaws.hyber.org/ Researcher: Michael Brooks Original Advisory:https://sitewat.ch/en/Advisory/4 Install instructions for Ubuntu: sudo apt-get install yaws-wiki Edit:/etc/yaws/conf.d/yaws-wiki.conf add this: server wiki po...
THOMSON TG585 routers crossite scripting
Crossite scripting in Web interface...
[ MDVSA-2011:063 ] xmlsec1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:063 http://www.mandriva.com/security/ Package : xmlsec1 Date : April 4, 2011 Affected: 2009.0, 2010.0, Enterprise Server 5.0 Problem Description: A vulnerability was discovered and corrected in xmlsec1: xslt...
ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability
ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-115 April 1, 2011 -- CVSS: 9.3, AV:N/AC:M/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM -- Affected Products: IBM solidDB -- TippingPointTM IPS Customer...
HTB22913: Multiple CSRF (Cross-Site Request Forgery) in UseBB
Vulnerability ID: HTB22913 Reference: http://www.htbridge.ch/advisory/multiplecsrfcrosssiterequestforgeryinusebb.html Product: UseBB Vendor: UseBB http://www.usebb.net/ Vulnerable Version: 1.0.11 Vendor Notification: 22 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Lo...
[USN-1104-1] FFmpeg vulnerabilities
=========================================================== Ubuntu Security Notice USN-1104-1 April 04, 2011 ffmpeg vulnerabilities CVE-2010-3429, CVE-2010-3908, CVE-2010-4704, CVE-2011-0480, CVE-2011-0722, CVE-2011-0723 =========================================================== A security issue...
iSCSI target user-space tools double free
Double free in tgt...