CA20130725-01: Security Notice for CA Service Desk Manager

-----BEGIN PGP SIGNED MESSAGE----- CA20130725-01: Security Notice for CA Service Desk Manager Issued: July 25, 2013 CA Technologies Support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists that can allow a remote attacker to conduct cross-site scripti...

Microsoft Windows multiple security vulnerabilities

Multiple vulnerabilities in .Net and Silverlight, multiple kernel components vulnerabilities, GDI+ TrueType parsing memory corruption, DirectShow memory corruption, VMW parsing memory corruption, multiple Internet Explorer memory corruption, Windows Defender privilege escalation...

HP LoadRunner multiple security vulnerabilities

DoS, code execution...

FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:08.nfsserver Security Advisory The FreeBSD Project Topic: Incorrect privilege validation in the NFS server Category: core Module: nfsserver Announced: 2013-07-...

[USN-1911-1] Little CMS vulnerability

========================================================================== Ubuntu Security Notice USN-1911-1 July 29, 2013 lcms2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4156 OpenOffice DOCM Memory Corruption Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0 and 3.4.1, on all platforms. Predecessor versions of OpenOffice.org may be also affecte...

EMC NetWorker information leakage

It's possible to retrieve sensible configuration information...

Juniper Secure Access XSS Vulnerability

------------------------------------------------------------------------------- | Juniper Secure Access XSS Vulnerability| -------------------------------------------------------------------------------- Summary =============== Juniper Secure Access software has reflected XSS vulnerability CVE...

WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability

Title: ====== WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability Date: ===== 2013-07-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1035 VL-ID: ===== 1035 Common Vulnerability Scoring System: ==================================== 8.8 Introduction:...

Juniper Secure Access crossite scripting

Crossite scripting in SSLVPN...

CA Service Desk Manager crossite scripting

Web interface crossite scripting...

CORE-2013-0705 - XnView Buffer Overflow Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ XnView Buffer Overflow Vulnerability 1. Advisory Information Title: XnView Buffer Overflow Vulnerability Advisory ID: CORE-2013-0705 Advisory URL: http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability Date...

[security bulletin] HPSBGN02906 rev.1 - HP Application Lifecycle Management Quality Center (ALM), Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03864640 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03864640 Version: 1 HPSBGN02906 rev....

Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities

Title: ====== Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty Program. VL-ID: ===== 727 Common Vulnerability Scoring...

SurgeFtp Server BufferOverflow Vulnerability

------------------------------------------------------------------------------- | SurgeFtp Server BufferOverflow Vulnerability| -------------------------------------------------------------------------------- Summary ================ SurgeFTP Server has a buffer overflow vulnerability which effec...

CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2189 OpenOffice DOC Memory Corruption Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0 to 3.4.1 on all platforms. Predecessor versions of OpenOffice.org may be also affected...

Samsung TV DoS

Crash on oversized GET request...

Basic Forum by JM LLC - Multiple Vulnerabilities

Dear all, I have discovered some vulnerabilities in Basic Forum, developed by JM LLC. Cheers, Sp3ctrecore ADVISORY ================================================ Basic Forum by JM LLC - Multiple Vulnerabilities ================================================ Software................: Basic For...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Download Lite v4.3 iOS - Persistent File Web Vulnerability

Title: ====== Download Lite v4.3 iOS - Persistent File Web Vulnerability Date: ===== 2013-07-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1023 VL-ID: ===== 1023 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...

DoS and XSS vulnerabilities in Googlemaps plugin for Joomla

Hello 3APA3A! Earlier I wrote about multiple vulnerabilities in Googlemaps plugin for Joomla http://securityvulns.ru/docs29645.html. After my informing, the developer fixed these vulnerabilities in versions 2.19 and 3.1 of the plugin - by removing proxy functionality. And in version 3.2 of the...

CORE-2013-0701 - Artweaver Buffer Overflow Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Artweaver Buffer Overflow Vulnerability 1. Advisory Information Title: Artweaver Buffer Overflow Vulnerability Advisory ID: CORE-2013-0701 Advisory URL: http://www.coresecurity.com/advisories/artweaver-buffer-overflow-vulnerabili...

Artweaver buffer overflow

Buffer overflow on .AWD files parsing...

Barracuda Networks products multiple security vulnerabilities

Web filter administration crossite scripting...

squid DoS

Crash on invalid Host: header...

FreeBSD NFS privilege escalation

It's possible to access files with credentials of any user if anonymous NFS acccess is allowed...

HP Application Lifecycle Management crossite scripting

HP Application Lifecycle Management Quality Center crossite scripting...

FreeBSD Security Advisory FreeBSD-SA-13:07.bind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:07.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service Category: contrib Module: bind Announced: 2013-07-26 Credits: Maxim Shudrak...

Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials

Vulnerable Products - WD My Net N600 HD Dual Band Router Wireless N WiFi Router Accelerate HD WD My Net N750 HD Dual Band Router Wireless N WiFi Router Accelerate HD Linux 2.6.3 Kernel Firmware Ver. 1.03.xx 1.04.xx Firmware unaffected Ver 1.01.xx WD My Net N900 HD Dual Band Router Wireless N WiFi...

OpenAFS security vulnerabilities

Weak enbcryption algorithm...

Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities

Title: ====== Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities Date: ===== 2013-07-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=832 VL-ID: ===== 832 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: =============...

Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability

Title: ====== Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability Date: ===== 2013-07-20 References: =========== http://vulnerability-lab.com/getcontent.php?id=775 BARRACUDA NETWORK SECURITY ID: BNSEC-723 VL-ID: ===== 775 Common Vulnerability Scoring System:...

HP Network Node Manager multiple security vulnerabilities

Unauthorized access, code execution, DoS...

SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server

SEC Consult Vulnerability Lab Security Advisory 20130625-0 ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...

[security bulletin] HPSBHF02878 rev.1 - HP Smart Zero Client, Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03757330 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03757330 Version: 1 HPSBHF02878 rev....

[SECURITY] [DSA 2724-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2724-1 [email protected] http://www.debian.org/security/ Michael Gilbert July 17, 2013 http://www.debian.org/security/faq -...

Dell PacketTrap multiple security vulnerabilities

Multiple web interface vulnerabilities...

XSS Vulnerabilities in OpenCms

Advisory ID: HTB23160 Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 8.5.1 and probably prior Tested Version: 8.5.1 Vendor Notification: June 12, 2013 Vendor Patch: July 10, 2013 Public Disclosure: July 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer

SEC Consult Vulnerability Lab Security Advisory 20130719-0 ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact:...

[email protected]

Title: ====== ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1017 VL-ID: ===== 1017 Common Vulnerability Scoring System: ==================================== 6.6 Introduction: ============...

CORE-2013-0517 - Xpient Cash Drawer Operation Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Xpient Cash Drawer Operation Vulnerability 1. Advisory Information Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:...

Cisco Intrusion Prevention System multiple security vulnerabilities

Multiple DoS conditions...

AFU and XSS vulnerabilities in TinyMCE Image Manager

Hello 3APA3A! These are Arbitrary File Uploading and Cross-Site Scripting vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. -------------------------...

HP System Management Homepage multiple security vulnerabilities

Code execution, unauthorized access, DoS...

IceWarp multiple security vulnerabilities

Web interface crossite scripting and XML injeciton...

Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities

Title: ====== Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=791 VL-ID: ===== 791 Common Vulnerability Scoring System: ==================================== 3.5 Introduction:...

Voice Logger astTECS - bypass login & arbitrary file download

Author: Michal Blaszczak Website: http://blaszczakm.blogspot.com Project: hack voip - http://blaszczakm.blogspot.com/search/label/hack20voip Date: 16.07.2013 Voice Logger - VoIP software for Call Center 1 bypass login login: admin' or 1='1 password: admin line: 168 file: managerlogin.server.php 2...

Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability

Title: ====== Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability Date: ===== 2013-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1013 VL-ID: ===== 1013 Common Vulnerability Scoring System: ==================================== 7.5...

WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities

Title: ====== WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities Date: ===== 2013-07-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1011 VL-ID: ===== 1011 Common Vulnerability Scoring System: ==================================== 6.3 Introduction: ============= It is t...

Xpient Cash Drawer unauthorized access

TCP/7510 port unauthorized access...