Microsoft Office security vulnerabilities

Informatio leakage on Sharepoint files access, Microsoft Office Shared Component information leakage...

Apple iPhone / iPad multiple securit vulnerabilities

Multiple vulnerabilities in different system components...

OpenSSL multiple security vulnerabilities

NULL pointer dereference, off-by one buffer overflow, DoS...

Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...

Multiple Cross-Site Scripting (XSS) in Claroline

Advisory ID: HTB23179 Product: Claroline Vendor: Claroline Consortium Vulnerable Versions: 1.11.8 and probably prior Tested Version: 1.11.8 Advisory Publication: October 23, 2013 without technical details Vendor Notification: October 23, 2013 Vendor Patch: November 7, 2013 Public Disclosure:...

NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability

Document Title: =============== NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1150 Lab News Article: http://www.vulnerability-lab.com/news/getnews.php?id=115 Release Date: =============...

Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities

Document Title: =============== Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1117 Release Date: ============= 2013-10-18 Vulnerability Laboratory ID VL-ID:...

pixman integer overflow

No description provided...

Multiple CSRF Horde Groupware Web mail Edition 5.1.2

Exploit Title : Multiple CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/25/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can...

Belkin NetCam backdoor

Unchangable account...

Pineapp MailSecure code execution

Code execution via web interface...

SKIDATA RFID Freemotion.Gate code execution

Code execution via TCP/7777 web interface...

OpenVAS Manager / OpenVAS Administrator authentication bypass

Access to some commands is not authenticated...

ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities

ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...

[SE-2012-01] Issue 69 details and IBM Java vulnerabilities

Hello All, The CPU released yesterday Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability Issue 69 that was reported to the company in July. Issue 69 allows to conduct a very classic attack against Java VM - the so called class spoofing attack. To quote the paper...

OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability

Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID VL-ID:...

CVE-2013-5694 Blind SQL Injection in Ops View

CVE-2013-5694 Blind SQL Injection in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Blind SQL Injection in OpsView Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsview is a systems management software built on ope...

Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).

General info: ============= The bn multiprecision integer arithmetics part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes. Versions tested were between 0.9.8k and 1.0.1e. We were too lazcough busy to prepare the fancy table, sorry guys. Some PoC...

[ MDVSA-2013:263 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:263 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : October 29, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered...

pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities

Document Title: =============== pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1130 Release Date: ============= 2013-11-01 Vulnerability Laboratory ID VL-ID:...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

D-Link routers multiple security vulnerabilities

Shell characters injection, authentication bypass...

Intersystems Cache code execution

Insecure default installation...

VMWare privilege escalation

Privilege escalation in the guest system via LGTOSYNC.SYS...

[ MDVSA-2013:285 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:285 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities was found and corrected in bugzilla:...

Cross-Site Scripting (XSS) in Zikula Application Framework

Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...

Cross-Site Scripting (XSS) in Jamroom

Advisory ID: HTB23184 Product: Jamroom Vendor: Talldude Networks, LLC Vulnerable Versions: 5.0.2 and probably prior Tested Version: 5.0.2 Advisory Publication: November 13, 2013 without technical details Vendor Notification: November 13, 2013 Vendor Patch: November 13, 2013 Public Disclosure:...

pineapp mailsecure remote no authenticated privilege escalation & remote execution code

Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...

Mybb Ajaxfs Plugin Sql Injection vulnerability

a Sql Injection vulnerability In Mybb Ajaxfs Plugin Version 2.0 @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@...

Vulnerability in Pydio/AjaXplorer <= 5.0.3

Vulnerability in Pydio/AjaXplorer = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is an unrestricted upload capability, in one of the plugins that is...

[USN-2047-1] pixman vulnerability

========================================================================== Ubuntu Security Notice USN-2047-1 December 03, 2013 pixman vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[PT-2013-63] Hash Length Extension in HTMLPurifier

----------------------------------------------------------- PT-2013-63 Positive Technologies Security Advisory Hash Length Extension in HTMLPurifier ----------------------------------------------------------- --- Vulnerable software HTMLPurifier Version: 4.5.0 and earlier Link:...

[USN-2028-1] Apache XML Security for Java vulnerability

========================================================================== Ubuntu Security Notice USN-2028-1 November 12, 2013 libxml-security-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

[ANN] Struts 2.3.15.3 GA release available - security fix

The Apache Struts group is pleased to announce that Struts 2.3.15.3 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...

CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Private key disclosure, Osirix lite, 64bit and FDA cleader version CVE-2013-4425 version 1.09 CVSS Score: 8.4 Background: =========== OsiriX is an image processing software dedicated to DICOM images files with a ".dcm" / ".DCM" extension produced by...

Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities

Document Title: =============== Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1153 Release Date: ============= 2013-12-02 Vulnerability Laboratory ID VL-ID: ==================================...

Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability

Document Title: =============== Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1105 Video: http://www.vulnerability-lab.com/getcontent.php?id=1104 Release Date: ============= 2013-10-04...

Vulnerability in Pydio/AjaXplorer <= 5.0.3

Vulnerability in Pydio/AjaXplorer = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is a path traversal vulnerability in the zoho plugin that is...

[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA"

============================================= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6163...

Vulnerabilities hiddenly fixed in WordPress 3.5 and 3.5.1

Hello list! Earlier I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 http://seclists.org/fulldisclosure/2013/Jul/70 and about nine vulnerabilities in versions 3.6 and 3.6.1 http://seclists.org/fulldisclosure/2013/Nov/220. Here are new ones. These are hidden...

Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563

Vulnerability Type: Cross-Site Scripting CVE: CVE-2013-5563 Products and affected versions: Cisco Security Monitoring, Analysis and Response System CS-MARS - All versions Vendor Website: http://www.cisco.com/en/US/products/ps6241/ Cisco Advisory: https://tools.cisco.com/bugsearch/bug/CSCul16173...

[ MDVSA-2013:287 ] drupal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:287 http://www.mandriva.com/en/support/security/ Package : drupal Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple security issues was identified and fixed in drupal: Drup...

CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View

CVE-2013-5695 Multilple Cross Site Scripting XSS Attacks in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Multilple Cross Site Scripting XSS Attacks in Ops View Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsvie...

[SECURITY] [DSA 2808-1] openjpeg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2808-1 [email protected] http://www.debian.org/security/ Raphael Geissert December 03, 2013 http://www.debian.org/security/faq -...

Vulnerabilities hiddenly fixed in WordPress 3.6 and 3.6.1

Hello list! In July I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 http://securityvulns.ru/docs29555.html. Here are new ones. These are hiddenly fixed vulnerabilities in such versions of WordPress as 3.6 and 3.6.1. Developers of WP intentionally haven't...

Open-Xchange Security Advisory 2013-11-25

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 29648 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 6.22.4 and earlier Vulnerable component: frontend6 Fixed version: 6.22.3-rev5, 6.22.4-rev12...

LiveZilla 5.1.0.0 Reflected XSS in translations

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7002 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.0.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities

Document Title: =============== Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1120 Release Date: ============= 2013-10-26 Vulnerability Laboratory ID VL-ID: ==================================...

SQL Injection in Chamilo LMS

Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 9, 2013 Public Disclosure:...

Remote Code Execution in Microweber

Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...