47153 matches found
Microsoft Office security vulnerabilities
Informatio leakage on Sharepoint files access, Microsoft Office Shared Component information leakage...
Apple iPhone / iPad multiple securit vulnerabilities
Multiple vulnerabilities in different system components...
OpenSSL multiple security vulnerabilities
NULL pointer dereference, off-by one buffer overflow, DoS...
My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities
Document Title: =============== My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1107 Release Date: ============= 2013-10-09 Vulnerability Laboratory ID VL-ID: ====================================...
Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability
Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...
Multiple Cross-Site Scripting (XSS) in Claroline
Advisory ID: HTB23179 Product: Claroline Vendor: Claroline Consortium Vulnerable Versions: 1.11.8 and probably prior Tested Version: 1.11.8 Advisory Publication: October 23, 2013 without technical details Vendor Notification: October 23, 2013 Vendor Patch: November 7, 2013 Public Disclosure:...
NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability
Document Title: =============== NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1150 Lab News Article: http://www.vulnerability-lab.com/news/getnews.php?id=115 Release Date: =============...
Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities
Document Title: =============== Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1117 Release Date: ============= 2013-10-18 Vulnerability Laboratory ID VL-ID:...
D-Link DIR-XXX remote root access exploit.
General info: ============= A lot have been already said about SOHO routers. Thus, without further ado another nail in the coffin. knock knock =========== -- cut !/bin/sh if -z "$1" ; then echo "d-link DIR-300 all, DIR-600 all, DIR-615 fw 4.0"; echo "exploited by AKAT-1,...
[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA"
============================================= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6163...
pixman integer overflow
No description provided...
Multiple CSRF Horde Groupware Web mail Edition 5.1.2
Exploit Title : Multiple CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/25/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can...
Belkin NetCam backdoor
Unchangable account...
Vulnerability in Pydio/AjaXplorer <= 5.0.3
Vulnerability in Pydio/AjaXplorer = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is a path traversal vulnerability in the zoho plugin that is...
Pineapp MailSecure code execution
Code execution via web interface...
SKIDATA RFID Freemotion.Gate code execution
Code execution via TCP/7777 web interface...
OpenVAS Manager / OpenVAS Administrator authentication bypass
Access to some commands is not authenticated...
ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities
ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...
[SE-2012-01] Issue 69 details and IBM Java vulnerabilities
Hello All, The CPU released yesterday Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability Issue 69 that was reported to the company in July. Issue 69 allows to conduct a very classic attack against Java VM - the so called class spoofing attack. To quote the paper...
[ MDVSA-2013:287 ] drupal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:287 http://www.mandriva.com/en/support/security/ Package : drupal Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple security issues was identified and fixed in drupal: Drup...
OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability
Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID VL-ID:...
CVE-2013-5694 Blind SQL Injection in Ops View
CVE-2013-5694 Blind SQL Injection in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Blind SQL Injection in OpsView Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsview is a systems management software built on ope...
Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).
General info: ============= The bn multiprecision integer arithmetics part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes. Versions tested were between 0.9.8k and 1.0.1e. We were too lazcough busy to prepare the fancy table, sorry guys. Some PoC...
Vulnerabilities hiddenly fixed in WordPress 3.5 and 3.5.1
Hello list! Earlier I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 http://seclists.org/fulldisclosure/2013/Jul/70 and about nine vulnerabilities in versions 3.6 and 3.6.1 http://seclists.org/fulldisclosure/2013/Nov/220. Here are new ones. These are hidden...
CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View
CVE-2013-5695 Multilple Cross Site Scripting XSS Attacks in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Multilple Cross Site Scripting XSS Attacks in Ops View Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsvie...
[SECURITY] [DSA 2808-1] openjpeg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2808-1 [email protected] http://www.debian.org/security/ Raphael Geissert December 03, 2013 http://www.debian.org/security/faq -...
LiveZilla 5.1.0.0 Reflected XSS in translations
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7002 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.0.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...
wordpress jigoshop Plugin path disclosure vulnerabilities
the following directories is vulnerable to path disclosure vulnerability in wordpress jigoshop Plugin 1.8 @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@...
ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability
Document Title: =============== ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1122 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID:...
pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities
Document Title: =============== pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1130 Release Date: ============= 2013-11-01 Vulnerability Laboratory ID VL-ID:...
D-Link routers multiple security vulnerabilities
Shell characters injection, authentication bypass...
Intersystems Cache code execution
Insecure default installation...
VMWare privilege escalation
Privilege escalation in the guest system via LGTOSYNC.SYS...
[ MDVSA-2013:285 ] bugzilla
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:285 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities was found and corrected in bugzilla:...
Cross-Site Scripting (XSS) in Zikula Application Framework
Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...
Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability
Document Title: =============== Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1111 Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID: ====================================...
Open-Xchange Security Advisory 2013-11-25
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 29648 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 6.22.4 and earlier Vulnerable component: frontend6 Fixed version: 6.22.3-rev5, 6.22.4-rev12...
Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities
Document Title: =============== Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1153 Release Date: ============= 2013-12-02 Vulnerability Laboratory ID VL-ID: ==================================...
SQL Injection in Dokeos
Advisory ID: HTB23181 Product: Dokeos Vendor: Dokeos Vulnerable Versions: 2.2 RC2 and probably prior Tested Version: 2.2 RC2 Advisory Publication: October 30, 2013 without technical details Vendor Notification: October 30, 2013 Public Disclosure: November 27, 2013 Vulnerability Type: SQL Injectio...
Cross-Site Scripting (XSS) in Jamroom
Advisory ID: HTB23184 Product: Jamroom Vendor: Talldude Networks, LLC Vulnerable Versions: 5.0.2 and probably prior Tested Version: 5.0.2 Advisory Publication: November 13, 2013 without technical details Vendor Notification: November 13, 2013 Vendor Patch: November 13, 2013 Public Disclosure:...
Vulnerabilities hiddenly fixed in WordPress 3.6 and 3.6.1
Hello list! In July I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 http://securityvulns.ru/docs29555.html. Here are new ones. These are hiddenly fixed vulnerabilities in such versions of WordPress as 3.6 and 3.6.1. Developers of WP intentionally haven't...
pineapp mailsecure remote no authenticated privilege escalation & remote execution code
Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...
XXE Injection in Spring Framework
Hello! I'll give you additional information concerning advisory XML External Entity XXE Injection in Spring Framework http://securityvulns.ru/docs29758.html. ------------------------- Affected products: ------------------------- - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM -...
Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563
Vulnerability Type: Cross-Site Scripting CVE: CVE-2013-5563 Products and affected versions: Cisco Security Monitoring, Analysis and Response System CS-MARS - All versions Vendor Website: http://www.cisco.com/en/US/products/ps6241/ Cisco Advisory: https://tools.cisco.com/bugsearch/bug/CSCul16173...
SQL Injection in appRain
Advisory ID: HTB23177 Product: appRain Vendor: appRain Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: October 9, 2013 without technical details Vendor Notification: October 9, 2013 Public Disclosure: November 6, 2013 Vulnerability Type: SQL Injection...
Mybb Ajaxfs Plugin Sql Injection vulnerability
a Sql Injection vulnerability In Mybb Ajaxfs Plugin Version 2.0 @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@...
Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability
Document Title: =============== Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1105 Video: http://www.vulnerability-lab.com/getcontent.php?id=1104 Release Date: ============= 2013-10-04...
Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities
Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID VL-ID: ==================================...
[ MDVSA-2013:263 ] roundcubemail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:263 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : October 29, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered...
Print n Share v5.5 iOS - Multiple Web Vulnerabilities
Document Title: =============== Print n Share v5.5 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1154 Release Date: ============= 2013-12-06 Vulnerability Laboratory ID VL-ID: ==================================== 1154...