47153 matches found
Chromium / Google Chrome multiple security vulnerabilities
Multiple memory corruptions, integer overflows, information leaks...
[ MDVSA-2013:217 ] spice
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:217 http://www.mandriva.com/en/support/security/ Package : spice Date : August 23, 2013 Affected: Business Server 1.0 Problem Description: Updated spice packages fix security vulnerability: An user able to...
FreeBSD Security Advisory FreeBSD-SA-13:09.ip_multicast
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FreeBSD-SA-13:09.ipmulticast Security Advisory The FreeBSD Project Topic: integer overflow in IPMSFILTER Category: core Module: kernel Announced: 2013-08-22 Credits: Clement Lecigne Google Security Team Affects: All supported versions of FreeBSD...
[ MDVSA-2013:216 ] perl-Proc-ProcessTable
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:216 http://www.mandriva.com/en/support/security/ Package : perl-Proc-ProcessTable Date : August 23, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated perl-Proc-ProcessTab...
[PSA-2013-0819-1] Oracle Java BytePackedRaster.verify() Signed Integer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...
Oracle Java multiple security vulnerabilities
40 different vulnerabilities...
[ MDVSA-2013:221 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:221 http://www.mandriva.com/en/support/security/ Package : php Date : August 27, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and correct...
PHP / python certificate spoofing
Subject Alternative Name 0 invalid handling...
[PSA-2013-0813-1] Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0813-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...
Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access
----------------------------------------------------------------------------- Vulnerabilities: An unspecified bug can cause an unsafe/undocumented TCP port to open allowing for: - Unauthenticated remote access to all pages of the router administration GUI, bypassing any credential prompts under...
Linksys EA access points authentication bypass
It's possible to access web administration without authentication...
Sitecom wireless routers multiple security vulnerabilities
Undocumented hardcoded accounts, undocumented telnet access, weak WPA and administrator accounts generation...
Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities
Title: ====== Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities Date: ===== 2013-08-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1047 VL-ID: ===== 1047 Common Vulnerability Scoring System: ==================================== 8.6 Introduction: ============...
Multiple vulnerabilities on Sitecom N300/N600 devices
Multiple vulnerabilities on Sitecom N300/N600 devices ===================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013 Credits: Roberto Paleari [email protected],...
Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities
Title: ====== Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities Date: ===== 2013-08-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1047 VL-ID: ===== 1047 Common Vulnerability Scoring System: ==================================== 8.6 Introduction: ============...
x90c WOFF Firefox 1day exploit
Hi Forks! I share my WOFF 1day exploit. attachment: http://www.x90c.org/exploits/x90cWOFFexploit.tgz dep bypass vulnerability: CVE-2010-1028 WOFF Heap Corruption due to Integer Overflow affacted Products: - Mozilla Firefox 3.6 Gecko 1.9.2 - Mozilla Firefox 3.6 Beta1, 3, 4, 5 Beta2 ko not released...
Многочисленные уязвимости в Mozilla Firefox / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, integer overflows, array index overflows, information leak...
libXfont memory corruption
Memory corruption on compressed font parsing...
PuTTY / WinSCP security vulnerabilities
SSH handshake heap buffer overflow, protection bypass, information leakage...
Microsoft Exchange Oracle libraries security vulnerabilities
Outlook Web Access vulnerabilities because of vulnerable Oracle Outside In libraries...
[SECURITY] [DSA 2736-1] putty security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2736-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 11, 2013 http://www.debian.org/security/faq -...
[PSA-2013-0811-1] Oracle Java storeImageArray() Invalid Array Indexing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0811-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...
Microsoft Active Directory Federation Services information leakage
It's possible to obtain service account information to cause account locking via unsuccessful logon attempts...
Hikvision IP Cameras multiple security vulnerabilities
Code execution, protection bypass, information leakage...
CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...
Cisco TelePresence security vulnerabilities
DoS, directory traversal, backdoor account...
WD My Net security vulnerabilities
Unauthorized access, information leakages...
[slackware-security] gnupg / libgcrypt (SSA:2013-215-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security gnupg / libgcrypt SSA:2013-215-01 New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13....
[SECURITY] [DSA 2734-1] wireshark security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2734-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 05, 2013 http://www.debian.org/security/faq -...
Vodafone EasyBox weak WPS PIN
PIN is generated based on publically available data...
Cisco Wide Area Application Services, CDS, VDS, CDM code execution
Code execution via HTTP POST request, privilege escalation...
TP-Link IP cameras security vulnerabilities
Code execution, protection bypass...
HP Data Protector Arbitrary Remote Command Execution
""" HP Data Protector Arbitrary Remote Command Execution This script allows to execute a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory installpath/bin/. The main goal of the script is to bypass the...
Rgpg 0.2.2 Ruby Gem Remote Command Injection
Title: Rgpg 0.2.2 Ruby Gem Remote Command Injection Date: 7/31/2013 Advisory Author: Larry W. Cashdollar, @larry0 CVE: CVE-2013-4203 Download: https://rubygems.org/gems/rgpg Description: "A simple Ruby wrapper around gpg command for file encryption. rgpg is a simple API for interacting with the g...
Multiple vulnerabilities on D-Link DIR-645 devices
Multiple vulnerabilities on D-Link DIR-645 devices ================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on D-Link DIR-645 devices Discovery date: 06/03/2013 Release date: 02/08/2013 Advisory URL:...
CORE-2013-0618 - Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...
Apache suexec security vulnerabilities
Protection bypass, privilege escalation...
HP Integrated Lights-Out authentication bypass
No description provided...
[ MDVSA-2013:207 ] samba
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:207 http://www.mandriva.com/en/support/security/ Package : samba Date : August 6, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected i...
Netresec NetworkMiner security vulnerabilities
Code execution, directory traversal...
SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness
SEC Consult Vulnerability Lab Security Advisory 20130805-0 ======================================================================= title: Vodafone EasyBox Default WPS PIN Algorithm Weakness product: EasyBox 802 & EasyBox 803 vulnerable version: EasyBox 802 - all versions EasyBox 803 - Production...
Wireshark multiple security vulnerabilities
Multiple vulnerabilities in different protocol dissectors...
HP Data Protector code execution
Unauthorized perl commands execution...
D-Link DIR-645 unauthroized access
It's possible to obtain administration password without authentication, crossite scripting, buffer overflow...
NGS00434 Technical Advisory: Oracle Hyperion 11 Directory Traversal
======= Summary ======= Name: Oracle Hyperion 11 - Directory Traversal Release Date: 30 July 2013 Reference: NGS00434 Discoverer: Richard Warren [email protected] Vendor: Oracle Vendor Reference: S0318807 Systems Affected: Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129...
Apache mod_dav_svn DoS
Assertion failure on COPY, DELETE and MOVE commands processing...
gnupg / libcrypt RSA implementation flush+reload timing attack
Private key recovery by using CPU L3 cache timings...
Cisco IOS / ASA / FWSM / NX-OS / StarOS OSPF protocol vulnerability
LSA packet routing table manipulation...
Security vulnerabilities in different Ruby Gems
VUlnerabilities in different libraries...
Apache suEXEC privilege elevation / information disclosure
Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as...