47153 matches found
PHP multiple security vulnerabilities
DoS, information leakage, code execution...
[ MDVSA-2014:061 ] oath-toolkit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:061 http://www.mandriva.com/en/support/security/ Package : oath-toolkit Date : March 14, 2014 Affected: Business Server 1.0 Problem Description: Updated oath-toolkit packages fix security vulnerability: It w...
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service http://cxsecurity.com/ YouTube Kaspersky PoC: https://www.youtube.com/watch?v=joa9IS7U90 ---- 0. Where is the problem? ---- Some time ago I have reported vulnerabilities in regcomp in BSD implementation CVE-2011-3336 and GNU li...
Microsoft Internet Explorer multiple security vulnerabilities
Multiple memory corruptions...
NCC00596 Technical Advisory: iOS 7 arbitrary code execution in kernel mode
...................................... Vulnerability Summary ...................................... Title iOS 7 arbitrary code execution in kernel mode Release Date 14 March 2014 Reference NGS00596 Discoverer Andy Davis Vendor Apple Vendor Reference 600217059 Systems Affected iPhone 4 and later,...
Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20140311 Date: 11th March 2014 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: QNX Neutrino RTOS 6.5.0...
[ MDVSA-2014:059 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:059 http://www.mandriva.com/en/support/security/ Package : php Date : March 14, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php: Fixe...
FreeType memory corruption
Few different memory corruptions...
Microsoft Windows multiple security vulnerabilities
DirectShow memory corruptions, SilverLight restrictions bypass, SAMR restrictions bypass, kernel mode drivers privilege escalations...
x2goserver privilege escalation
Relative path is used to execute application...
GNU libc regcomp buffer overflow / resources exhaustion
Resources exhaustion and buffer overflow on regular expressions like ".10,10,10,10,10,"...
[USN-2148-1] FreeType vulnerabilities
========================================================================== Ubuntu Security Notice USN-2148-1 March 17, 2014 freetype vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
exploit for old rlpdaemon bug
!/opt/perl5/bin/perl -w HP-UX rlpdaemon local exploit Bulletin HPSBUX0111-176 November 2001 For use only on machines where you have legitimate root. This attempts to add junk including "localhost +" to /.rhosts. Obvious variants could include /etc/passwd. use IO::Socket; $PORT = 9000; pick...
Samba restrictions bypass
Few restriction bypass vulnerabilities...
Medium severity flaw in BlackBerry QNX Neutrino RTOS
Summary This advisory concerns the forced disclosure of 2 vulnerabilities that were previously disclosed to BlackBerry. Disclosure has been forced since these vulnerabilities have been publicly disclosed with PoC on the exploit-db web site. Two local privilege escalation vulnerabilities have been...
Remote Root via HP-UX rlpdaemon
Invalid printing commands parsing allows code executions...
[slackware-security] samba (SSA:2014-072-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security samba SSA:2014-072-01 New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling
Asterisk Project Security Advisory - AST-2014-004 Product Asterisk Summary Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling Nature of Advisory Denial of Service Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On January 14th, 2014...
[USN-2143-1] cups-filters vulnerabilities
========================================================================== Ubuntu Security Notice USN-2143-1 March 12, 2014 cups-filters vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...
APPLE-SA-2014-03-10-1 iOS 7.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-1 iOS 7.1 iOS 7.1 is now available and addresses the following: Backup Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem...
APPLE-SA-2014-03-10-2 Apple TV 6.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-2 Apple TV 6.1 Apple TV 6.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with access to an Apple TV may access sensitive user information from logs...
udisk buffer overflow
Buffer overflow on oversized mountpoint filname...
[USN-2145-1] libssh vulnerability
========================================================================== Ubuntu Security Notice USN-2145-1 March 12, 2014 libssh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Asterisk multiple security vulnerabilities
Buffer overflow, DoS...
mutt buffer overflow
Buffer overflow on headers parsing...
Apple TV multiple security vulnerabilities
Symbolic links vulnerability, root certificates problems, protection bypass, DoS, privilege escalation, memory corruption, information leakage, code execution...
[ MDVSA-2014:050 ] wireshark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:050 http://www.mandriva.com/en/support/security/ Package : wireshark Date : March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities was found and...
[ MDVSA-2014:048 ] gnutls
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:048 http://www.mandriva.com/en/support/security/ Package : gnutls Date : March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated gnutls packages fix security...
AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver
Asterisk Project Security Advisory - AST-2014-003 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On January 29, 2014 Reported By Joshua Col...
AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers
Asterisk Project Security Advisory - AST-2014-002 Product Asterisk Summary Denial of Service Through File Descriptor Exhaustion with chansip Session-Timers Nature of Advisory Denial of Service Susceptibility Remote Authenticated or Anonymous Sessions Severity Moderate Exploits Known No Reported O...
GnuTLS certificate validation bypass
Invalid error handling...
cups multiple security vulnerabilities
Memory corruptions, code execution in urftopdf, pdftoopvp...
[slackware-security] udisks, udisks2 (SSA:2014-070-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security udisks, udisks2 SSA:2014-070-01 New udisks and udisks2 packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
[SECURITY] [DSA 2873-1] file security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2873-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 11, 2014 http://www.debian.org/security/faq -...
USN-2126-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2126-1 March 03, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
[SECURITY] [DSA 2874-1] mutt security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2874-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 12, 2014 http://www.debian.org/security/faq -...
Wireshark multiple security vulnerabilities
DoS in NFS and RLC dissectors, buffer overflow on MPEG parsing...
AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On February 21, 2014 Reported By Lucas...
libssh PRNG attacks
It may be possible to discover PRNG state...
IBM Lotus SameTime information leakage
Username and password are logged to file...
[security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04125866 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04125866 Version: 1 HPSBMU02966 rev....
HP Service Manager multiple security vulnerabilities
Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Remote Denial of Service DoS, Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues...
Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1
Exploit Title: Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1 Google Dork: n/a Date: 18/02/2014 Exploit Author: Adriano Marcio Monteiro [email protected] Vendor Homepage: http://www.ibm.com/us/en/ Software Link:...
McAfee ePolicy Orchestrator information leakage
Information leakage via XML include...
Python buffer overflow
socket.recvfrominfo buffer overflow...
HP Operations Orchestration security vulnerabilities
XSS, CSRF, unauthorized access...
HP Application Information Optimizer security vulnerabilities
Code execution, information disclosure...
[security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Informa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04117626 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04117626 Version: 1 HPSBMU02964 rev....
[ MDVSA-2014:045 ] libtar
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:045 http://www.mandriva.com/en/support/security/ Package : libtar Date : February 20, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A directory traversal attack was reported...
libtar directory traversal
Directory traversal via filename...