[SECURITY] [DSA 2209-1] tgt security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2209-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 02, 2011 http://www.debian.org/security/faq -...

Xymon monitor cross-site scripting vulnerabilities

Several cross-site scripting vulnerabilities have been identified in the Xymon systems- and network-monitoring tool available at http://sourceforge.net/projects/xymon/ All versions prior to 4.3.1 released April 3, 2011 are vulnerable. I would like to thank David Ferrest for notifying me of this...

ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability

ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-115 April 1, 2011 -- CVSS: 9.3, AV:N/AC:M/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM -- Affected Products: IBM solidDB -- TippingPointTM IPS Customer...

THOMSON Router XSS

Vendor: THOMSON Router Product Name: TG585 v7 Software Release: 7.4.4.7 Vulnerability type: XSS Risk rating: Medium Exploit http://ROUTERIP/cgi/b/ic/connect/?url=scriptalert1/script Credits Edgard Chammas 454447415244 [email protected]...

ZDI-11-116: Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability

ZDI-11-116: Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-116 April 4, 2011 -- CVE ID: CVE-2011-0994 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell File Reporter --...

HTB22911: XSS in Eleanor CMS

Vulnerability ID: HTB22911 Reference: http://www.htbridge.ch/advisory/xssineleanorcms.html Product: Eleanor CMS Vendor: Eleanor CMS http://eleanor-cms.ru/ Vulnerable Version: rc5 Vendor Notification: 22 March 2011 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Risk level:...

Stored and Reflective XSS in Yaws-Wiki 1.88-1 (Erlang)

Software: yaws-wiki version affected: 1.88-1 platform: Erlang homepage:http://yaws.hyber.org/ Researcher: Michael Brooks Original Advisory:https://sitewat.ch/en/Advisory/4 Install instructions for Ubuntu: sudo apt-get install yaws-wiki Edit:/etc/yaws/conf.d/yaws-wiki.conf add this: server wiki po...

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution Vulnerabilities

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control InstallerDlg.dll v2.6.0.445 Multiple Remote Commands Execution Vulnerabilities tested against Internet Explorer 9, Vista sp2 download url: http://www.gamehouse.com/ background: When choosing to play with theese online games ex. the ga...

HTB22913: Multiple CSRF (Cross-Site Request Forgery) in UseBB

Vulnerability ID: HTB22913 Reference: http://www.htbridge.ch/advisory/multiplecsrfcrosssiterequestforgeryinusebb.html Product: UseBB Vendor: UseBB http://www.usebb.net/ Vulnerable Version: 1.0.11 Vendor Notification: 22 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Lo...

[USN-1104-1] FFmpeg vulnerabilities

=========================================================== Ubuntu Security Notice USN-1104-1 April 04, 2011 ffmpeg vulnerabilities CVE-2010-3429, CVE-2010-3908, CVE-2010-4704, CVE-2011-0480, CVE-2011-0722, CVE-2011-0723 =========================================================== A security issue...

[ MDVSA-2011:063 ] xmlsec1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:063 http://www.mandriva.com/security/ Package : xmlsec1 Date : April 4, 2011 Affected: 2009.0, 2010.0, Enterprise Server 5.0 Problem Description: A vulnerability was discovered and corrected in xmlsec1: xslt...

HTB22914: Local File Inclusion in UseBB

Vulnerability ID: HTB22914 Reference: http://www.htbridge.ch/advisory/localfileinclusioninusebb.html Product: UseBB Vendor: UseBB http://www.usebb.net/ Vulnerable Version: 1.0.11 Vendor Notification: 22 March 2011 Vulnerability Type: Local File Inclusion Risk level: Medium Credit: High-Tech Bridg...

RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution and Code Execution Vulnerabilities

RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control InstallerDlg.dll v2.6.0.445 Multiple Remote Commands Execution and Code Execution Vulnerabilities tested against Internet Explorer 9, Vista sp2 download url: http://www.gamehouse.com/ background: When choosing to play with theese online...

Hp-UX DoS

No description provided...

Movie Player buffer overflow

Buffer overflow on AVI parsing...

Multiple BSD systems IPSec IP Compression stack overflow

kernel stack overflow on packet parsing...

Microsoft Windows shmedia.dll DoS

Division by zero on AVI preview creation...

FreeBSD sendfile() information leak

If file size it changed content of kernel memory can be disclosured...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

HP Operations for UNIX crossite scripting

No description provided...

AoF, IAA, XML Injection и XSS уязвимости в MyBB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality, Insufficient Anti-automation, XML Injection and Cross-Site Scripting уязвимостях в MyBB. Abuse of Functionality WASC-42: Через данный функционал можно выявлять логины в системе...

Уязвимости в MyBB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и SQL DB Structure Extraction уязвимостях в MyBB. Уязвимости имеют место в скриптах search.php и private.php. XSS WASC-08: http://websecurity.com.ua/uploads/2011/MyBB20XSS.html...

Microsoft Windows shmedia.dll Division By Zero, Explore.exe DOS exploit .

Title :Microsoft Windows shmedia.dll Division By Zero, Explore.exe DOS exploit . Version : Checked on XP SP All Versions Discovery : http://Garage4Hackers.com, http://www.fb1h2s.com Author : FB1H2S aka Rahul Sasi Garage4Hackers.com Twitter : @fb1h2s Bug Information: Class :Division By Zero Impact...

[security bulletin] HPSBMA02650 SSRT100429 rev.1 - HP Operations for UNIX, Remote Cross Site Scripting (XSS), Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02770049 Version: 1 HPSBMA02650 SSRT100429 rev.1 - HP Operations for UNIX, Remote Cross Site Scripting XSS, Unauthorized Access NOTICE: The information in this Security Bulletin should be acted...

BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload

BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload ------------------------------------------------------------------------------- Gruezi, this document describes CVE-2011-1547. RFC3173 ip payload compression, henceforth ipcomp, is a protocol intended to provide...

[security bulletin] HPSBUX02646 SSRT100396 rev.1 - HP-UX, Local Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02753287 Version: 1 HPSBUX02646 SSRT100396 rev.1 - HP-UX, Local Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date:...

AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability

AR Web Content Manager AWCM v2.2 Cross-Site scripting Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1012 21/03/2011 Issue Discovered 24/03/2011 Vendor Notified 24/03/2011 Vendor Responded 25/03/2011 Vendor Solution Class: Cross-Site Scripting Severity: Medium...

Movie Player v4.82 0Day Buffer overflow/DOS Exploit

Hello Team, I have attached a file MoviePlayerExploit.py which exploits the memory vulnerability in Movie Player v4.82 which can be used to perform a Denial of Service attack : and to cause a crash. To run this file, compile the MoviePlayerExploit.py using python and then you may open the generat...

6-year FreeBSD-SA-05:02.sendfile exploit

Hi, This is almost 0-day. In a sense. I wrote this for a pentesting company. I found it ethically OK to do since the FreeBSD advisory was already out for a couple of weeks. It turns out I was not alone to write an exploit for this bug, and to publish the exploit this year. Timeline: 2005/04/04 -...

RealNetworks Helix DNA Server buffer overflow

Buffer overflow on RTSP processing...

iDefense Security Advisory 03.31.10: RealNetworks Helix DNA Server RTSP Stack Buffer Overflow

iDefense Security Advisory 03.31.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 31, 2010 I. BACKGROUND Helix DNA Server is software that can play audio and video media in various formats and stream them over a network. It is intended as a largely free and open source digital media...

Cisco Secure Access Control System privilege escalation

It's possible to reset any user's password...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

GNOME Desktop Manager privilege escalation

root privileges are not dropped on files access...

Cisco Network Access Control Guest Server System Software Authentication Bypass

Unauthenticated access to protected network is possible...

VMware privilege escalation

It's possible to elevate privileges via shared library spoofing...

BSD systems / Solaris port hijacking

User can open port with specified interface address if it's already open by another application without interface address...

OpenLDAP vulnerabilities

Authentication bypass, DoS...

[SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 2206-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2011 http://www.debian.org/security/faq -...

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path Author: alieye class : remote E-mail: [email protected] greetz: C.S.Eye Security Team members We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com...

"Simple PHP Newsletter" Remote Admin Password Change With install path

"Simple PHP Newsletter" Remote Admin Password Change With install path Author: alieye class : remote E-mail: [email protected] greetz: C.S.Eye Security Team members We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com...

HTB22931: XSS vulnerability in InTerra Blog Machine

Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachine.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 2011...

Уязвимость в MaxSite Anti Spam Image

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Insufficient Anti-automation уязвимости в MaxSite Anti Spam Image. Это капча плагин для WordPress. Это переработанная версия оригинального плагина Anti Spam Image, об уязвимости в котором я писал в 2007 году в своём проекте MoBiC. Данная капча...

[ MDVSA-2011:055 ] openldap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:055 http://www.mandriva.com/security/ Package : openldap Date : March 30, 2011 Affected: 2009.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been identified and fixed in openldap:...

HTB22906: XSS vulnerabilities in Collabtive

Vulnerability ID: HTB22906 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesincollabtive.html Product: Collabtive Vendor: Open Dynamics http://collabtive.o-dyn.de/ Vulnerable Version: 0.6.5 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: XSS Risk...

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path Author: alieye class : remote E-mail: [email protected] greetz: C.S.Eye Security Team members We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com...

"Simple PHP Newsletter" Remote Admin Password Change With install path

"Simple PHP Newsletter" Remote Admin Password Change With install path Author: alieye class : remote E-mail: [email protected] greetz: C.S.Eye Security Team members We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com downl...

HTB22909: Path disclosure in Tine 2.0

Vulnerability ID: HTB22909 Reference: http://www.htbridge.ch/advisory/pathdisclosureintine20.html Product: Tine 2.0 Vendor: Metaways Infosystems GmbH http://www.tine20.org/ Vulnerable Version: Neele 2011-01-2 Vendor Notification: 17 March 2011 Vulnerability Type: Path disclosure Status: Fixed by...

Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability Advisory ID: cisco-sa-20110330-acs Revision 1.0 For Public Release 2011 March 30 1600 UTC GMT...

DataDynamics Report Library CoreHandler XSS

Class Input Validation Error CVE Remote Yes Local No Published Mar 30 2011 11:00AM Credit Dionach Vulnerable Grapecity DataDynamics Report Library 1.6.1871.61 and earlier Grapecity's DataDynamics Report Library is prone to a cross-site scripting vulnerability because it fails to sufficiently...