47153 matches found
PineApp Mail-SeCure privilege escalation
Unfiltered shell characters vulnerability...
git / Apple Xcode certificate spoofing
Git certificate spoofing...
HP XP P9000 Command View Advanced Edition Suite Software crossite scripting
No description provided...
HP ArcSight XSS
No description provided...
IconCool PDFCool Studio memory corruption
Memory corruption on PDF parsing...
CORE-2013-0904 - PinApp Mail-SeCure Access Control Failure
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PinApp Mail-SeCure Access Control Failure 1. Advisory Information Title: PinApp Mail-SeCure Access Control Failure Advisory ID: CORE-2013-0904 Advisory URL:...
Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability
Title: ====== Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability Date: ===== 2013-09-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1081 VL-ID: ===== 1081 Common Vulnerability Scoring System: ==================================== 8.7 Introduction: =============...
[ANN] Struts 2.3.15.2 GA release available - security fix
The Apache Struts group is pleased to announce that Struts 2.3.15.2 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...
APPLE-SA-2013-09-18-3 Xcode 5.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-18-3 Xcode 5.0 Xcode 5.0 is now available and addresses the following: Git Available for: OS X Mountain Lion v10.8.4 or later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive...
Multiple Vulnerabilities in X2CRM
Advisory ID: HTB23172 Product: X2CRM Vendor: X2Engine Inc. Vulnerable Versions: 3.4.1 and probably prior Tested Version: 3.4.1 Advisory Published: September 4, 2013 Vendor Notification: September 4, 2013 Vendor Patch: September 10, 2013 Public Disclosure: September 25, 2013 Vulnerability Type: PH...
[USN-1928-1] Puppet vulnerabilities
========================================================================== Ubuntu Security Notice USN-1928-1 August 15, 2013 puppet vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-1967-1] Django vulnerabilities
========================================================================== Ubuntu Security Notice USN-1967-1 September 24, 2013 python-django vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
Title: ====== Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability Date: ===== 2013-09-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1080 VL-ID: ===== 1080 Common Vulnerability Scoring System: ==================================== 6....
Python SSL certificate check bypass
Invalid NULL characters processing...
[USN-1986-1] Network Audio System (NAS) vulnerabilities
========================================================================== Ubuntu Security Notice USN-1986-1 October 01, 2013 nas vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ MDVSA-2013:241 ] perl-Crypt-DSA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:241 http://www.mandriva.com/en/support/security/ Package : perl-Crypt-DSA Date : September 25, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discover...
perl Crypt::DSA weak PRNG generator
Under some conditions, weak PRNG generator is used...
[USN-1963-1] usb-creator vulnerability
========================================================================== Ubuntu Security Notice USN-1963-1 September 18, 2013 usb-creator vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
HP IceWall SSO, IceWall File Manager and IceWall Federation Agent multiple security vulnerabilities
Multiple unauthorized access vulnerabilities...
puppet security vulnerabilities
Code execution, privilege escalation...
[IBliss Security Advisory] Cross-site scripting ( XSS ) in Bradesco gateway wordpress plugin
Bradesco Gateway Wordpress plugin Cross-site scripting XSS Vendor product description Bradesco Gateway for the WP-Ecommerce plugin. Bug Description Cross-site scripting XSS vulnerability in falha.php in the Bradesco Gateway plugin before 2.0 for WordPress allows remote attackers to inject arbitra...
CVE-2013-5210 Adtran Netvanta Remote Code Injection via XSS
Multiple Vulnerabilities in the Adtran Netvanta 7100 Impact: Multiple Local and Remote Compromise, XSS and other Injection Attacks Versions: firmware prior to R10.5.3.HA Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Multiple Vulnerabilities in Adtran Netvanta 7100 Date...
[ MDVSA-2013:239 ] wordpress
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:239 http://www.mandriva.com/en/support/security/ Package : wordpress Date : September 19, 2013 Affected: Business Server 1.0 Problem Description: Updated wordpress and php-phpmailer packages fix security...
[security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03898171 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03898171 Version: 1 HPSBST02919 rev....
[security bulletin] HPSBGN02923 rev.1 - HP ArcSight Enterprise Security Manager Management Web Interface, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03901176 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03901176 Version: 1 HPSBGN02923 rev....
libvirt memory corruption
Memory corruption in remoteDispatchDomainMemoryStats...
[ MDVSA-2013:238 ] wireshark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:238 http://www.mandriva.com/en/support/security/ Package : wireshark Date : September 19, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities was found and...
Remote Code Execution in GLPI
Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...
HP System Management Homepage multiple security vulnerabilities
XSS, privilege escalation, unauthorized access, information leakage, DoS...
[security bulletin] HPSBMU02900 rev.3 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 3 HPSBMU02900 rev....
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Multiple Vulnerabilities in Gnew
Advisory ID: HTB23171 Product: Gnew Vendor: Raoul Proenca Vulnerable Versions: 2013.1 and probably prior Tested Version: 2013.1 Advisory Publication: August 28, 2013 without technical details Vendor Notification: August 28, 2013 Public Disclosure: October 2, 2013 Vulnerability Type: PHP File...
APPLE-SA-2013-09-20-1 Apple TV 6.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-20-1 Apple TV 6.0 Apple TV 6.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or...
Multiple vulnerabilities in RokMicroNews for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokMicroNews for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Multiple vulnerabilities in RokIntroScroller for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokIntroScroller for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Open-Xchange Security Advisory 2013-09-10
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 28260 Bug ID Vulnerability type: CWE-16: Configuration, CWE-287: Improper Authentication, CWE-200: Information Exposure Vulnerable version: 7.0.0 to 7.2.2 Vulnerable component: backend default configuration Fixed version...
Multiple vulnerabilities in RokStories for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokStories for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
EMC VPLEX Information leakage
Cleartetext passwords in configuration files...
APPLE-SA-2013-09-18-2 iOS 7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-18-2 iOS 7 iOS 7 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: Root certificates have been updated Description:...
Multiple vulnerabilities in RokNewsPager for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokNewsPager for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
txt2man symbolic links vulnerability
Unsafe temporary files creation...
Vino VNC server DoS
Resources exhauston via connections...
[USN-1980-1] Vino vulnerability
========================================================================== Ubuntu Security Notice USN-1980-1 September 30, 2013 vino vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Open-Xchange Security Advisory 2013-09-30
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 28642 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: prior to 7.2.2 Vulnerable component: backend Fixed version: 7.0.2-rev16, 7.2.2-rev20 Report...
CVE-2013-5118 - XSS Good for Enterprise iOS
Hello, Last month I identified a XSS vulnerability in the Good for Enterprise iOS application. The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable...
[ MDVSA-2013:244 ] davfs2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:244 http://www.mandriva.com/en/support/security/ Package : davfs2 Date : September 30, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and...
APPLE-SA-2013-09-26-1 iOS 7.0.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-26-1 iOS 7.0.2 iOS 7.0.2 is now available and addresses the following: Passcode Lock Available for: iPhone 4 and later Impact: A person with physical access to the device may be able to make calls to any number Description: A NULL...
HylaFAX buffer overflow
Heap buffer overflow...
DavFS2 privilege escalation
Shell characters vulnerability...
XSS and Redirector vulnerabilities in InstantCMS
Hello 3APA3A! These are Cross-Site Scripting and Redirector vulnerabilities in InstantCMS. ------------------------- Affected products: ------------------------- Vulnerable are InstantCMS 1.10.2 and previous versions. ------------------------- Affected vendors: ------------------------- InstantSo...