47153 matches found
VMWare Zimbra Collaboration Suite replay attack
It's possible to bypass authentication by replaying captured session...
Apple iTunes memory corruption
ActiveX control memory corruption...
[USN-1950-1] Light Display Manager vulnerability
========================================================================== Ubuntu Security Notice USN-1950-1 September 12, 2013 lightdm vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[slackware-security] glibc (SSA:2013-260-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security glibc SSA:2013-260-01 New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...
elproLOG MONITOR WebAccess 2.1 - Multiple Web Vulnerabilities
Title: ====== elproLOG MONITOR WebAccess 2.1 - Multiple Vulnerabilities Date: ===== 2013-09-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1086 VL-ID: ===== 1086 Common Vulnerability Scoring System: ==================================== 6.7 Introduction: ============...
Cross-Site Scripting (XSS) in WikkaWiki
Advisory ID: HTB23170 Product: WikkaWiki Vendor: Wikka Development Team Vulnerable Versions: 1.3.4 and probably prior Tested Version: 1.3.4 Vendor Notification: August 21, 2013 Vendor Patch: August 31, 2013 Public Disclosure: September 11, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
Zimbra Collaboration Suite (ZCS) Session Replay Vulnerability
Product: Zimbra Collaboration Suite Vendor: VMWare Vulnerable Version: 6.0.16 and probably prior Tested Version: 6.0.16 Vendor Notification: 09/03/2013 Public Disclosure: 09/13/2013 Vulnerability Type: Authentication Bypass by Capture-replay CWE-294 CVE: CVE-2013-5119 Discovered and Provided By:...
Event Easy Calendar 1.0.0 WP plugin
Details ======================== Application: Event Easy Calendar Version: 1.0.0 Type: WordPress Plugin Vendor: Adamson http://profiles.wordpress.org/adamson/ Url: http://wordpress.org/plugins/event-easy-calendar/ Vulnerability: - Improper Input Validation CWE-20 - Cross-Site Scripting CWE-79 -...
[iBliss Security Advisory] Cross-Site Scripting (XSS) vulnerability in Design-approval-system wordpress plugin
Design-Approval-System Wordpress plugin XSS vendor product description A system to streamline the process of getting designs, photos, documents, videos or music approved by clients quickly. Bug Description The walkthrouth web page does not validate the step parameter leading to a Cross-site...
Security Guard CMS QT buffer overflow
Buffer overflow on client request processing...
Chrony security vulnerabilities
Buffer overflow and uninitializaed pointer dereference on server reply parsing...
GSTOOL weak PRNG generator
Weak PRNG generator in CHIASMUS implementation...
Gnome gdm symbolic links vulnerability
Insecure temporary files creation...
Apple Face-Time protection bypass
It's possible to access images...
Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities
Title: ====== Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities Date: ===== 2013-09-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1083 VL-ID: ===== 1083 Common Vulnerability Scoring System: ==================================== 6.7 Introduction: ============...
OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption
OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...
[ MDVSA-2013:230 ] gdm
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:230 http://www.mandriva.com/en/support/security/ Package : gdm Date : September 11, 2013 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in gdm: GNOME...
Insecure CHIASMUS encryption in GSTOOL
== Insecure CHIASMUS encryption in GSTOOL == GSTOOL versions 3.0 to 4.7 inclusive contain an insecure encryption feature using the non-public CHIASMUS block cipher. Due to the use of an insecure PRNG for key generation, files encrypted using the encryption feature of this tool can be decrypted...
SilverStripe Framework CMS 3.0.5 - Multiple Web Vulnerabilities
Title: ====== SilverStripe Framework CMS 3.0.5 - Multiple Vulnerabilities Date: ===== 2013-09-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1084 VL-ID: ===== 1084 Common Vulnerability Scoring System: ==================================== 3.9 Introduction:...
SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler
SEC Consult Vulnerability Lab Security Advisory 20131003-0 ======================================================================= title: nsconfigd NSRPCREMOTECMD Denial of service vulnerability product: Citrix NetScaler vulnerable version: NetScaler 10.0 Build 76.7 fixed version: NetScaler 10.0...
Cisco Prime Data Center / Prime Central security vulnerabilities
Information disclosure, code execution, DoS conditions...
APPLE-SA-2013-09-12-2 Safari 5.1.10
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-12-2 Safari 5.1.10 Safari 5.1.10 is now available and addresses the following: JavaScriptCore Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Visiting a maliciously crafted website may lead to an unexpected applicatio...
[ MDVSA-2013:235 ] mediawiki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:235 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : September 16, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Moodle 2.5.0-1 (badges/external.php) PHP Object Injection Vulnerability
============================================= - Original release date: 15 September, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio pinn gmail ============================================= VULNERABILITY ---------------------- Moodle CMS version 2.5.0...
Microsoft Sharepoint Server multiple security vulnerabilities
DoS, crossite scripting, memory corruptions, code execution...
SQL Injection in vtiger CRM
Advisory ID: HTB23168 Product: vtiger CRM Vendor: vtiger Vulnerable Versions: 5.4.0 and probably prior Tested Version: 5.4.0 Vendor Notification: August 7, 2013 Vendor Patch: September 17, 2013 Public Disclosure: September 18, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
WebAssist PowerCMS PHP - Multiple Web Vulnerabilities
Title: ====== WebAssist PowerCMS PHP - Multiple Web Vulnerabilities Date: ===== 2013-09-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1098 VL-ID: ===== 1098 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= Desi...
Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability
Title: ====== Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability Date: ===== 2013-09-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1085 VL-ID: ===== 1085 Common Vulnerability Scoring System: ==================================== 6.1 Introduction...
[SECURITY] [DSA 2752-1] phpbb3 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2752-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 07, 2013 http://www.debian.org/security/faq -...
[USN-1962-1] ubuntu-system-service vulnerability
========================================================================== Ubuntu Security Notice USN-1962-1 September 18, 2013 ubuntu-system-service vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Web Vulnerability
Title: ====== Microsoft SharePoint 2013 Cloud - Persistent Exception Handling Web Vulnerability Date: ===== 2013-09-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=812 Security Bulletin: MS13-067 http://technet.microsoft.com/de-de/security/bulletin/MS13-067 Microsoft...
Apple Safari security vulnerabilities
Memory corruptions...
APPLE-SA-2013-09-18-1 iTunes 11.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-18-1 iTunes 11.1 iTunes 11.1 is now available and addresses the following: iTunes Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or...
Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability
Title: ====== Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability Date: ===== 2013-09-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1087 Video: http://www.youtube.com/watch?v=7acWAEZpbgs VL-ID: ===== 1087 Common Vulnerability Scoring System:...
lightdm weak permissions
.Xauthority files weak permissions...
ExpressionEngine 2.6 Persistent XSS
Hi, I'd like to disclose a vulnerability I found in ExpressionEngine 2.6 and below. The issue is when you submit a new entry through Admin - Content - Publish and you are using the RTE, if you enter HTML into that editor, the next page will execute the HTML, which it shouldn’t. The RTE should...
Citrix NetScaler DoS
Crash on request processing in nsconfigd TCP/3008, TCP/3010...
[SECURITY] [DSA 2760-1] chrony security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2760-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 18, 2013 http://www.debian.org/security/faq -...
APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lio...
polkit authorization bypass in multiple application
Invalid Policy Kit authorization usage...
[iBliss Security Advisory] Blind SQL injection vulnerability in NOSpamPTI wordpress plugin
NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira a href="http://bit.ly/d38gB8" rel="nofollow"http://bit.ly/d38gB8/a, but some themes do not support changes to the...
Wordpress fgallery_plus Plugin Xss vulnerabilities
The Wordpress fgalleryplusy Plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress fgalleryplus Plugin Xss vulnerabilities Author : Iranian Exploit DataBase Discovered By : IeDb Email : [email protected]...
joomla com_zimbcomment Components Local File Include vulnerability
The joomla comzimbcomment Components suffers from a Local File Include Vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : joomla comzimbcomment Components Local File Include vulnerability Author : Iranian Exploit DataBase Discovered By : IeDb Email :...
Apple TV multiple security vulnerabilities
Multiple vulnerabilities in differen subsystems...
[PT-2013-41] Arbitrary Code Execution in Ajax File and Image Manager
----------------------------------------------------------- PT-2013-41 Positive Technologies Security Advisory Arbitrary Code Execution in Ajax File and Image Manager ----------------------------------------------------------- --- Vulnerable software Ajax File and Image Manager Version: 1.1 and...
[SECURITY] [DSA 2764-1] libvirt security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2764-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 25, 2013 http://www.debian.org/security/faq -...
Adtran Netvanta multiple security vulnerabilities
Multiple web interface vulnerabilities...
CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PDFCool Studio Buffer Overflow Vulnerability 1. Advisory Information Title: PDFCool Studio Buffer Overflow Vulnerability Advisory ID: CORE-2013-0828 Advisory URL:...
[security bulletin] HPSBGN02925 rev.1 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03918632 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03918632 Version: 1 HPSBGN02925 rev....