47153 matches found
Dassault Systemes Catia buffer overflow
Buffer overflow on network request parsing...
ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities
ESA-2014-020.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-020: RSA Adaptive Authentication On-Premise Multiple Vulnerabilities EMC Identifier: ESA-2014-020 CVE Identifier: CVE-2014-0637, CVE-2014-0638 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected...
ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities
ESA-2014-009.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2014-009 CVE Identifier: CVE-2011-1473, CVE-2014-0625, CVE-2014-0626, CVE-2014-0627 Severity Rating: CVSS v2 Base Score: See below for individual scores...
ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities
ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: For the...
[SECURITY] [DSA 2893-1] openswan security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2893-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 31, 2014 http://www.debian.org/security/faq -...
[security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04197764 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 1 HPSBHF02981 rev....
MobileIron authentication bypass
Unauthorized XML files access...
CA Erwin Web Portal directory traversal
File request is not checked...
Public disclosure of Buffer Overflow Dassault Systems
''' Exploit Title: Dassault Systemes Catia V5-6R2013 "CATV5AllApplications" Stack Buffer Overflow Date: 2-18-2014 Exploit Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.3ds.com/products-services/catia/portfolio/catia-v5/latest-release/ Tested on: Windows 7 &...
SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection
SEC Consult Vulnerability Lab Security Advisory 20140218-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec Endpoint Protection vulnerable version: 11.0, 12.0, 12.1 fixed version: =11.0.7405.1424 =12.1.4023.4080...
lxc protection bypass
Invalid sshd mount permissions template...
[SECURITY] [DSA 2892-1] a2ps security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2892-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 31, 2014 http://www.debian.org/security/faq -...
CA20140403-01: Security Notice for CA Erwin Web Portal
-----BEGIN PGP SIGNED MESSAGE----- CA20140403-01: Security Notice for CA Erwin Web Portal Issued: April 03, 2014 CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal. The vulnerabilities, CVE-2014-2210, occur due to insufficient path verification. A...
[MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP 5.9...
SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager
SEC Consult Vulnerability Lab Security Advisory 20140402-0 ======================================================================= title: Multiple vulnerabilities product: Rhythm Software File Manager Rhythm Software File Manager HD vulnerable version: File Manager 1.16.6 File Manager HD 1.11.5...
APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3 Safari 6.1.3 and Safari 7.0.3 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact...
Apple Safari multiple security vulnerabilities
Multiple memory corruptions, restrictions bypass...
iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
Document Title: =============== iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1240 Release Date: ============= 2014-03-31 Vulnerability Laboratory ID VL-ID:...
Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities
Document Title: =============== Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1235 Release Date: ============= 2014-03-28 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box
CVE-2014-1599 39 Type-1 XSS in SFR ADSL/Fiber Box. SFR is the french Vodafone estimated DSL user base of 5.2 Millions. affected product: SFR BOX NB6-MAIN-R3.3.4 vulnerabilities: /network/dns 5 non-filtered Type-1 XSS /network/dhcp 6 non-filtered Type-1 XSS /network/nat 7 non-filtered Type-1 XSS...
CA 2E Web Option session spooging
Pridictable session token...
EMC RSA Data Loss Prevention privilege escalation
Session management vulnerability...
ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability
ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 7.4 AV:A/AC:M/Au:S/C:C/I:C/A:C Affected Products: RSA Da...
SFR ADSL/Fiber Box multiple security vulnerabilities
Crossite scripting...
curl multiple security vulnerabilities
Information leaks, certificate checks bypass...
Barracuda Message Archiver crossite scripting
Web interface crossite scripting...
CA20140218-01: Security Notice for CA 2E Web Option
CA20140218-01: Security Notice for CA 2E Web Option Issued: February 18, 2014 CA Technologies Support is alerting customers to a potential risk in CA 2E Web Option C2WEB. A vulnerability exists that can allow an attacker to exploit an authentication weakness and execute a session prediction attac...
PhonerLite information leak
Password digest information leak...
PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities
Document Title: =============== PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1239 Release Date: ============= 2014-03-27 Vulnerability Laboratory ID VL-ID: ==================================== 123...
PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom Severity: Medium II. Vulnerability...
[slackware-security] curl (SSA:2014-086-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security curl SSA:2014-086-01 New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
Barracuda Message Archiver 650 - Persistent Web Vulnerability
Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Release Date: ============= 2014-02-18 Vulnerability Laboratory ID...
mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities
Document Title: =============== mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1198 Release Date: ============= 2014-02-14 Vulnerability Laboratory ID VL-ID: ==================================== 1198...
[oCERT-2014-003] LibYAML input sanitization errors
2014-003 LibYAML input sanitization errors Description: The LibYAML project is an open source YAML 1.1 parser and emitter written in C. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for t...
libYAML buffer overflow
Buffer oveflow on oversized tag...
PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319)
PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected CVE-2014-2319 References https://vulners.com/cve/CVE-2014-2319 http://int21.de/cve/CVE-2014-2319-powerarchiver.html http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/ Background...
My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities
Document Title: =============== My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1201 Release Date: ============= 2014-02-16 Vulnerability Laboratory ID VL-ID: ====================================...
Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities
Document Title: =============== Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1229 Release Date: ============= 2014-03-19 Vulnerability Laboratory ID VL-ID: ====================================...
[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Commons FileUpload 1.0 to 1.3 - - Apache Tomcat 8.0.0-RC1 to 8.0.1 - - Apache Tomcat 7.0.0 to 7.0.50 - -...
File Hub v1.9.1 iOS - Multiple Web Vulnerabilities
Document Title: =============== File Hub v1.9.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1195 Release Date: ============= 2014-02-15 Vulnerability Laboratory ID VL-ID: ==================================== 1195...
ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities
Document Title: =============== ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1230 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID VL-ID: ==================================== 1230...
Imagemagic security vulnerabilities
Memory corruptions on JPEG and PSD parsing...
Office Assistant Pro v2.2.2 iOS - File Include Vulnerability
Document Title: =============== Office Assistant Pro v2.2.2 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1197 Release Date: ============= 2014-02-13 Vulnerability Laboratory ID VL-ID: ==================================...
Symantec LiveUpdate Administrator security vulnerabilities
Unaurhorized access, SQL injection...
Android protection bypass
It's possible to install and run application silently...
PowerArchiver weak encrption
Native ZIP encryption is used instead of AES...
Huawei E5331 Multiple security vulnerabilities
Unauthorized access, CSRF...
WiFiles HD v1.3 iOS - File Include Web Vulnerability
Document Title: =============== WiFiles HD v1.3 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1214 Release Date: ============= 2014-02-22 Vulnerability Laboratory ID VL-ID: ==================================== 1214...
jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities
Document Title: =============== jDisk stickto v2.0.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1196 Release Date: ============= 2014-02-12 Vulnerability Laboratory ID VL-ID: ==================================== 11...
iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities
Document Title: =============== iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1237 Release Date: ============= 2014-03-26 Vulnerability Laboratory ID VL-ID:...