47153 matches found
Two Vulnerabilities in NetworkMiner : DLL Hijacking + Directory Traversal
Security Advisory ID: NETRESEC-1386968 http://netresec.com/?b=1386968 NetworkMiner version 1.4.1 and older is vulnerable to DLL hijacking and contains a directory traversal vulnerability. ==Description== NetworkMiner is a tool designed for network forensics and network security monitoring. It is...
HP / 3COM / H3C switches security vulnerabilities
Code execution, information leakage...
[security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03880910 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03880910 Version: 1 HPSBHF02912 rev....
FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities
Title: ====== FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities Date: ===== 2013-08-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1041 VL-ID: ===== 1041 Common Vulnerability Scoring System: ==================================== 8.6 Introduction: =============...
withU Music Share v1.3.7 iOS - Command Inject Vulnerability
Title: ====== withU Music Share v1.3.7 iOS - Command Inject Vulnerability Date: ===== 2013-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1040 VL-ID: ===== 1040 Common Vulnerability Scoring System: ==================================== 6.1 Introduction:...
Update: Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials
Vulnerable Systems: Western Digital My Net Series Wireless Routers: N600 Firmware 1.03.12 N600 Firmware 1.04.16 N750 Firmware 1.03.12 N750 Firmware 1.04.16 N900 Firmware 1.05.12 N900 Firmware 1.06.18 N900 Firmware 1.06.28 N900C Firmware 1.05.12 N900C Firmware 1.06.18 N900C Firmware 1.06.28 CVE...
[SECURITY] [DSA 2732-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2732-1 [email protected] http://www.debian.org/security/ Michael Gilbert July 31, 2013 http://www.debian.org/security/faq -...
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
Quarterly CPU fixes 89 dufferent vulnerabilities...
Chromium / Google Chrome multiple security vulnerabilities
Protection bypass, privilege escalation, DoS, use-after-free, information leakage, memory corruptions...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Memory corruptions, buffer overflows, crossite data access, crossite scripting, information spoofing, privilege escalation, protection bypass, code execution, information leakage...
[security bulletin] HPSBMU02902 rev.1 - HP Integrated Lights-Out iLO3, iLO4 IPMI Cipher Suite 0 Authentication Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03844348 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03844348 Version: 1 HPSBMU02902 rev....
[slackware-security] gnupg / libgcrypt (SSA:2013-215-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security gnupg / libgcrypt SSA:2013-215-01 New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13....
NGS00434 Technical Advisory: Oracle Hyperion 11 Directory Traversal
======= Summary ======= Name: Oracle Hyperion 11 - Directory Traversal Release Date: 30 July 2013 Reference: NGS00434 Discoverer: Richard Warren [email protected] Vendor: Oracle Vendor Reference: S0318807 Systems Affected: Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129...
[SECURITY] [DSA 2734-1] wireshark security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2734-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 05, 2013 http://www.debian.org/security/faq -...
Multiple vulnerabilities on D-Link DIR-645 devices
Multiple vulnerabilities on D-Link DIR-645 devices ================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on D-Link DIR-645 devices Discovery date: 06/03/2013 Release date: 02/08/2013 Advisory URL:...
SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness
SEC Consult Vulnerability Lab Security Advisory 20130805-0 ======================================================================= title: Vodafone EasyBox Default WPS PIN Algorithm Weakness product: EasyBox 802 & EasyBox 803 vulnerable version: EasyBox 802 - all versions EasyBox 803 - Production...
HP printers information leakage
It's possible to obtain user accounts and WiFi PIN without authentication...
PuTTY SSH handshake heap overflow
PuTTY SSH handshake heap overflow CVE-2013-4852 Description: PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication, caused by improper bounds...
HPSBPI02887 rev.2 - Certain HP LaserJet Pro Printers, Remote Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-07-31 Last Updated: 2013-07-31 Potential Security Impact: Remote information disclosure Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A...
HP LaserJet Pro printers remote admin password extraction
Some of the networked HP LaserJet printers have hidden URLs hardcoded in the firmware. The URLs are not authenticated and can be used to extract admin password in plaintext v among other information like WiFi settings including WPS PIN. Models affected: HP LaserJet Pro P1102w, HP LaserJet Pro...
XnView buffer overflow
Buffer overflow on .PCT parsing...
CORE-2013-0701 - Artweaver Buffer Overflow Vulnerability
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Artweaver Buffer Overflow Vulnerability 1. Advisory Information Title: Artweaver Buffer Overflow Vulnerability Advisory ID: CORE-2013-0701 Advisory URL: http://www.coresecurity.com/advisories/artweaver-buffer-overflow-vulnerabili...
Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability
Title: ====== Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability Date: ===== 2013-07-20 References: =========== http://vulnerability-lab.com/getcontent.php?id=775 BARRACUDA NETWORK SECURITY ID: BNSEC-723 VL-ID: ===== 775 Common Vulnerability Scoring System:...
CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2189 OpenOffice DOC Memory Corruption Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0 to 3.4.1 on all platforms. Predecessor versions of OpenOffice.org may be also affected...
Little CMS library DoS
Crash on file parsing...
[USN-1911-1] Little CMS vulnerability
========================================================================== Ubuntu Security Notice USN-1911-1 July 29, 2013 lcms2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Apache OpenOffice security vulnerabilities
Few memory corruptions...
Dell Kace security vulnerabilities
Crossite scripting and SQL injection in web administration...
Cisco Video Surveillance Manager multiple security vulnerabilities
Directory traversal, authentication bypass...
DirectShow Arbitrary Memory Overwrite Vulnerability ms13-056
Introduction: The Microsoft DirectShow application programming interface API is a media-streaming architecture for Microsoft Windows. Using DirectShow, your applications can perform high-quality video and audio playback or capture. Overview: DirectShow in Microsoft Windows XP SP2 and SP3, Windows...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
SEC Consult SA-20130726-0 :: Multiple vulnerabilities - Surveillance via Symantec Web Gateway
SEC Consult Vulnerability Lab Security Advisory 20130726-0 ======================================================================= title: Multiple vulnerabilities - Surveillance via Symantec Web Gateway product: Symantec Web Gateway vulnerable version: = 5.1.0. fixed version: 5.1.1 CVE number:...
FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:08.nfsserver Security Advisory The FreeBSD Project Topic: Incorrect privilege validation in the NFS server Category: core Module: nfsserver Announced: 2013-07-...
Samsung TV DoS
Crash on oversized GET request...
SurgeFTP buffer overflow
Heap based buffer overflow...
[ MDVSA-2013:199 ] squid
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:199 http://www.mandriva.com/en/support/security/ Package : squid Date : July 25, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered an...
[security bulletin] HPSBGN02906 rev.1 - HP Application Lifecycle Management Quality Center (ALM), Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03864640 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03864640 Version: 1 HPSBGN02906 rev....
Barracuda CudaTel multiple security vulnerabilities
Multiple web interface vulnerabilities...
Juniper Secure Access crossite scripting
Crossite scripting in SSLVPN...
CORE-2013-0613 - FOSCAM IP-Cameras Improper Access Restrictions
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FOSCAM IP-Cameras Improper Access Restrictions 1. Advisory Information Title: FOSCAM IP-Cameras Improper Access Restrictions Advisory ID: CORE-2013-0613 Advisory URL:...
Artweaver buffer overflow
Buffer overflow on .AWD files parsing...
CORE-2013-0705 - XnView Buffer Overflow Vulnerability
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ XnView Buffer Overflow Vulnerability 1. Advisory Information Title: XnView Buffer Overflow Vulnerability Advisory ID: CORE-2013-0705 Advisory URL: http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability Date...
squid DoS
Crash on invalid Host: header...
CA Service Desk Manager crossite scripting
Web interface crossite scripting...
Photo Server 2.0 iOS - Multiple Critical Vulnerabilities
Title: ====== Photo Server 2.0 iOS - Multiple Critical Vulnerabilities Date: ===== 2013-07-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1029 VL-ID: ===== 1029 Common Vulnerability Scoring System: ==================================== 8.6 Introduction: =============...
Symantec Web Gateway multiple security vulnerabilities
Crossite scripting, crossite request forgery, SQL injection, code execution, privilege escalation...
SurgeFtp Server BufferOverflow Vulnerability
------------------------------------------------------------------------------- | SurgeFtp Server BufferOverflow Vulnerability| -------------------------------------------------------------------------------- Summary ================ SurgeFTP Server has a buffer overflow vulnerability which effec...
Basic Forum by JM LLC - Multiple Vulnerabilities
Dear all, I have discovered some vulnerabilities in Basic Forum, developed by JM LLC. Cheers, Sp3ctrecore ADVISORY ================================================ Basic Forum by JM LLC - Multiple Vulnerabilities ================================================ Software................: Basic For...
OpenAFS security vulnerabilities
Weak enbcryption algorithm...
Barracuda Networks products multiple security vulnerabilities
Web filter administration crossite scripting...