47153 matches found
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, buffer overflows, restriction bypass...
Draytek Vigor ACS-SI multiple security vulnerabilities
Default account, unauthorized access, directory traversal...
Suricata DoS
Uninitialized memory access on SSH parsing...
Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin
Advisory ID: HTB23232 Product: Photo Gallery WordPress plugin Vendor: http://web-dorado.com/ Vulnerable Versions: 1.1.30 and probably prior Tested Version: 1.1.30 Advisory Publication: September 10, 2014 without technical details Vendor Notification: September 10, 2014 Vendor Patch: September 10,...
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability
Document Title: =============== All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID:...
Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. Several...
Android KeyStore Stack Buffer Overflow (CVE-2014-3100)
Hi, We have discovered a stack-based buffer overflow in the Android KeyStore service which affects Android 4.3 and below. The issue was patched in Android 4.4. The vulnerability is identified as CVE-2014-3100. More details are available at: 1. Blog post: http://ibm.co/1pbk4yH 2. Advisory:...
CSP Bypass in android browser prior to 4.4
Hello. I hope this is the correct place to report this bug. I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this CVE. This is a separate vulnerability, however. https://vulners.com/cve/CVE-2014-6041 I've tested this on an Android 4.3...
CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
Vulnerability title: Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX CVE: CVE-2014-3074 Vendor: IBM Product: AIX Affected version: AIX 6.1 and 7.1 and VIOS 2.2. Reported by: Tim Brown Details: It has been identified that the runtime linker allows privilege escalati...
TP-Link routers security vulnerabilities
Crossite scripting, DoS...
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of...
Two SQL Injections in All In One WP Security WordPress plugin
Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Versions: 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 without technical details Vendor Notification: September 3, 2014 Vendor...
[ MDVSA-2014:193 ] xerces-j2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:193 http://www.mandriva.com/en/support/security/ Package : xerces-j2 Date : October 1, 2014 Affected: Business Server 1.0 Problem Description: A resource consumption issue was found in the way Xerces-J handl...
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found a serious security vulnerability in the Slideshow Gallery plugin. This bug allows an attacker to upload any php file remotely to the vulnerable website administrator by default. I have tested and verified that having the current version of the...
[SECURITY] [DSA 3046-1] mediawiki security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3046-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 05, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3030-1] mantis security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3030-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 20, 2014 http://www.debian.org/security/faq -...
CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control
All versions of the popular UI for ASP.NET AJAX RadEditor Control product by Telerik may be affected by a high-risk stored attribute-based cross-site scripting XSS vulnerability that is assigned CVE-2014-4958. This WYSIWYG rich text editor is “...what Microsoft chose to use in MSDN, CodePlex,...
[ MDVSA-2014:143 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:143 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : July 30, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...
Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin
Advisory ID: HTB23234 Product: EWWW Image Optimizer WordPress plugin Vendor: Shane Bishop Vulnerable Versions: 2.0.1 and probably prior Tested Version: 2.0.1 Advisory Publication: September 17, 2014 without technical details Vendor Notification: September 17, 2014 Vendor Patch: September 24, 2014...
IBM AIX privilege escalation
Privilege escalation via runtime linker...
[ MDVSA-2014:192 ] perl-Email-Address
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:192 http://www.mandriva.com/en/support/security/ Package : perl-Email-Address Date : October 1, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Email-Address package fixes security...
Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin
Advisory ID: HTB23235 Product: Google Calendar Events WordPress plugin Vendor: Phil Derksen Vulnerable Versions: 2.0.1 and probably prior Tested Version: 2.0.1 Advisory Publication: September 17, 2014 without technical details Vendor Notification: September 17, 2014 Vendor Patch: October 7, 2014...
neuroML multiple security vulnerabilities
Information disclosure, XXE...
[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-031: SAP Business Objects Information Disclosure via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to obtain information about the syst...
CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser
CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH application parser 1. Background Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine developed by the Open Information Security Foundation OISF. 2. Summary Information It was found out that the application...
CSNC-2014-004 neuroML - Multiple Vulnerabilities
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: neuroML Version: =v1.8.1 Confirmed: v1.8.1 Vendor: neuroML.org CSNC ID: CSNC-2014-004 CVD ID: none Subject: Multiple Vulnerabilities Risk: High Effect: Remotely exploitable Author: Philipp Promeuschel...
[KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability
------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...
CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5516 =================== "Cross-Site Request Forgery CSRF protection bypass" CWE-352 vulnerability in "KonaKart Storefront Application" Enterprise Java eCommerce product Vendor =================== DS Data Systems UK Ltd. Product...
Reflected Cross-Site Scripting (XSS) in MyWebSQL
Advisory ID: HTB23221 Product: MyWebSQL Vendor: http://mywebsql.net/ Vulnerable Versions: 3.4 and probably prior Tested Version: 3.4 Advisory Publication: June 25, 2014 without technical details Vendor Notification: June 25, 2014 Public Disclosure: September 3, 2014 Vulnerability Type: Cross-Site...
MIUI Wifi Connection Message Vulnerability
MIUI Wifi Connection Message Vulnerability I. Summary Wifi Connection Message is written to a NFC tag, which can be touched by a NFC mobile phone for connecting wireless AP automatically. A logic flaw has been found in MIUI that is a Android ROM. The flaw can be used to turn on wifi, with the hel...
Moab User Impersonation [CVE-2014-5375]
Moab User Impersonation : CVE-2014-5375 Software: Moab Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8. CVE Reference: CVE-2014-5375 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendo...
Reflected Cross-Site Scripting (XSS) in MODX Revolution
Advisory ID: HTB23229 Product: MODX Revolution Vendor: MODX Vulnerable Versions: 2.3.1-pl and probably prior Tested Version: 2.3.1-pl Advisory Publication: August 20, 2014 without technical details Vendor Notification: August 20, 2014 Vendor Patch: September 11, 2014 Public Disclosure: September...
[ MDVSA-2014:194 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:194 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : October 3, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in phpmyadmin...
FreePBX (All Versions) RCE
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We would like to announce that a significant security vulnerability has been discovered in all current versions of FreePBX. A CVE has been requested from Mitre, but has yet to be provided. Further details as they come to hand will be available from...
[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360
Hi, This is the fifth part of the ManageOwnage series. For previous parts, see: http://seclists.org/fulldisclosure/2014/Aug/55 http://seclists.org/fulldisclosure/2014/Aug/75 http://seclists.org/fulldisclosure/2014/Aug/88 http://seclists.org/fulldisclosure/2014/Sep/1 This time we have a file uploa...
Moab Authentication Bypass (insecure message signing) [CVE-2014-5376]
Moab Authentication Bypass insecure message signing : CVE-2014-5376 Software: Moab Affected Versions: Dependent on configuration, can affect all versions of Moab including Moab 8 CVE Reference: CVE-2014-5376 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severit...
Two XSS in Contact Form DB WordPress plugin
Advisory ID: HTB23233 Product: Contact Form DB WordPress plugin Vendor: Michael Simpson Vulnerable Versions: 2.8.13 and probably prior Tested Version: 2.8.13 Advisory Publication: September 17, 2014 without technical details Vendor Notification: September 17, 2014 Vendor Patch: September 25, 2014...
Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC)
I. Summary Bluetooth Pairing Packet is written to a NFC tag, which can be touched by a NFC mobile phone for bluetooth pairing. A logic flaw has been found in some versions of Andorid mobile phone. The flaw can cause NFC phones'bluetooth turned on, regardless of whether the pairing succeeds or not...
[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-028: SAP HANA Web-based Development Workbench Code Injection 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to completely compromise the SAP...
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!
Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...
[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-032: SAP BusinessObjects Persistent Cross Site Scripting 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of the system...
BMC Track-It multiple security vulnerabilities
Code execution, information leakageб SQL injection...
XSS vulnerability in In-Portal CMS
Hello 3APA3A! After I informed developers in August about multiple vulnerabilities in In-Portal CMS and they answered they would fix them soon so wait for disclosure of the first vulnerabilities, I found new hole in this CMS at their official site. This is Cross-Site Scripting vulnerability in...
xerces-j DoS
resources exhaustion on XML parsing...
Android / MIUI multiple security vulnerabilities
Browser CSP restrictions bypass is possible, DoS via NFC, Keystore buffer overflow...
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-020: SAP Business Objects Denial of Service via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to completely shut down the SAP Business...
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability
Document Title: =============== BulletProof Security Wordpress v50.8 - POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1326 Release Date: ============= 2014-09-30 Vulnerability Laboratory ID VL-ID:...
TP-LINK WDR4300 - Stored XSS & DoS
Advisory Information =============== Vendors Contacted: TP-LINK Vendor Patched: Yes, Firmware 140916 System Affected: N750 Wireless Dual Band Gigabit Router TL-WDR4300, might affect others. Versions Affected: 130617 , possibly earlier CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728...
MIUI Torch Open Vulnerability
MIUI Torch Open Vulnerability I. Summary com.android.systemui is the corresponding package of MiuiSystemUI.apk, a MIUI system application that manages user interface and other functions. When started by NFC tag, the torch in NFC mobile phone will be open automatically...
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-033: SAP Business Warehouse Missing Authorization Check 1. Impact on Business ===================== By exploiting this vulnerability an authenticated attacker will be able to abuse of functionality that should be...