47153 matches found
Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability
Title: ====== Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability Date: ===== 2013-07-20 References: =========== http://vulnerability-lab.com/getcontent.php?id=775 BARRACUDA NETWORK SECURITY ID: BNSEC-723 VL-ID: ===== 775 Common Vulnerability Scoring System:...
Easy Blog by JM LLC - Multiple Vulnerabilities
Dear all, I have discovered some vulnerabilities in Easy Blog, developed by JM LLC. Cheers, Sp3ctrecore ADVISORY =========================================== Easy Blog JM LLC - Multiple Vulnerabilities =========================================== Software................: Easy Blog Software...
Cross-Site Scripting (XSS) in Duplicator WordPress Plugin
Advisory ID: HTB23162 Product: Duplicator WordPress Plugin Vendor: LifeInTheGrid Vulnerable Versions: 0.4.4 and probably prior Tested Version: 0.4.4 Vendor Notification: June 19, 2013 Vendor Patch: July 21, 2013 Public Disclosure: July 24, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
FreeBSD NFS privilege escalation
It's possible to access files with credentials of any user if anonymous NFS acccess is allowed...
Private Photos v1.0 iOS - Persistent Path Web Vulnerability
Title: ====== Private Photos v1.0 iOS - Persistent Path Web Vulnerability Date: ===== 2013-07-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1034 VL-ID: ===== 1034 Common Vulnerability Scoring System: ==================================== 3.5 Introduction:...
[CVE-2013-2137] Apache OFBiz XSS vulnerability in the "View Log" screen of the Webtools application
CVE-2013-2137 - Apache OFBiz XSS vulnerability in the "View Log" screen of the Webtools application Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: XSS vulnerability in the "View Log"...
ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability
ESA-2013-033.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability EMC Identifier: ESA-2013-033 EMC Identifier: NW144712 CVE Identifier: CVE-2013-0943 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products...
DoS and XSS vulnerabilities in Googlemaps plugin for Joomla
Hello 3APA3A! Earlier I wrote about multiple vulnerabilities in Googlemaps plugin for Joomla http://securityvulns.ru/docs29645.html. After my informing, the developer fixed these vulnerabilities in versions 2.19 and 3.1 of the plugin - by removing proxy functionality. And in version 3.2 of the...
Xymon Systems and Network Monitor - remote file deletion vulnerability
Advisory ID: HTB23163 Product: Magnolia CMS Vendor: Magnolia International Ltd Vulnerable Versions: 4.5.7, 4.5.8, 4.5.9, 5.0 and 5.0.1 Community Edition Tested Version: 5.0 Community Edition Vendor Notification: July 3, 2013 Vendor Patch: July 18, 2013 Public Disclosure: July 24, 2013 Vulnerabili...
FreeBSD Security Advisory FreeBSD-SA-13:07.bind
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:07.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service Category: contrib Module: bind Announced: 2013-07-26 Credits: Maxim Shudrak...
EMC NetWorker information leakage
It's possible to retrieve sensible configuration information...
[USN-1911-1] Little CMS vulnerability
========================================================================== Ubuntu Security Notice USN-1911-1 July 29, 2013 lcms2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials
Vulnerable Products - WD My Net N600 HD Dual Band Router Wireless N WiFi Router Accelerate HD WD My Net N750 HD Dual Band Router Wireless N WiFi Router Accelerate HD Linux 2.6.3 Kernel Firmware Ver. 1.03.xx 1.04.xx Firmware unaffected Ver 1.01.xx WD My Net N900 HD Dual Band Router Wireless N WiFi...
Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities
Title: ====== Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty Program. VL-ID: ===== 727 Common Vulnerability Scoring...
[security bulletin] HPSBGN02905 rev.1 - HP LoadRunner, Remote Code Execution and Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03862772 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03862772 Version: 1 HPSBGN02905 rev....
WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability
Title: ====== WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability Date: ===== 2013-07-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1035 VL-ID: ===== 1035 Common Vulnerability Scoring System: ==================================== 8.8 Introduction:...
CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4156 OpenOffice DOCM Memory Corruption Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0 and 3.4.1, on all platforms. Predecessor versions of OpenOffice.org may be also affecte...
Juniper Secure Access XSS Vulnerability
------------------------------------------------------------------------------- | Juniper Secure Access XSS Vulnerability| -------------------------------------------------------------------------------- Summary =============== Juniper Secure Access software has reflected XSS vulnerability CVE...
ISC bind DoS
assert on client request processing...
iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability
Title: ====== iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability Date: ===== 2013-07-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1031 VL-ID: ===== 1031 Common Vulnerability Scoring System: ==================================== 3.6 Introduction:...
Microsoft Windows multiple security vulnerabilities
Multiple vulnerabilities in .Net and Silverlight, multiple kernel components vulnerabilities, GDI+ TrueType parsing memory corruption, DirectShow memory corruption, VMW parsing memory corruption, multiple Internet Explorer memory corruption, Windows Defender privilege escalation...
HP LoadRunner multiple security vulnerabilities
DoS, code execution...
Samsung TV - DoS vulnerability
Author: Malik Mesellem - @MMEIT - http://www.itsecgames.com Type: Denial of Service DoS attack Description: DoS vulnerability on some Samsung TVs The web server DMCRUIS/0.1 on port TCP/5600 is crashing by sending a long HTTP GET request Tested successfully on my Samsung PS50C7700 plasma TV...
Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities
Title: ====== Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities Date: ===== 2013-07-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=832 VL-ID: ===== 832 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: =============...
[SECURITY] [DSA 2729-1] openafs security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2729-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 28, 2013 http://www.debian.org/security/faq -...
Download Lite v4.3 iOS - Persistent File Web Vulnerability
Title: ====== Download Lite v4.3 iOS - Persistent File Web Vulnerability Date: ===== 2013-07-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1023 VL-ID: ===== 1023 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...
Cross-Site Scripting (XSS) in Magnolia CMS
Advisory ID: HTB23163 Product: Magnolia CMS Vendor: Magnolia International Ltd Vulnerable Versions: 4.5.7, 4.5.8, 4.5.9, 5.0 and 5.0.1 Community Edition Tested Version: 5.0 Community Edition Vendor Notification: July 3, 2013 Vendor Patch: July 18, 2013 Public Disclosure: July 24, 2013 Vulnerabili...
[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter valu...
HP Application Lifecycle Management crossite scripting
HP Application Lifecycle Management Quality Center crossite scripting...
[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03824583 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03824583 Version: 1 HPSBMU02894 rev....
HP Network Node Manager multiple security vulnerabilities
Unauthorized access, code execution, DoS...
Foscam cameras security vulnerabilities
Directory traversal, CSRF...
CA20130725-01: Security Notice for CA Service Desk Manager
-----BEGIN PGP SIGNED MESSAGE----- CA20130725-01: Security Notice for CA Service Desk Manager Issued: July 25, 2013 CA Technologies Support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists that can allow a remote attacker to conduct cross-site scripti...
Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities
Title: ====== Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=791 VL-ID: ===== 791 Common Vulnerability Scoring System: ==================================== 3.5 Introduction:...
Multiple vulnerabilities in Googlemaps plugin for Joomla
Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting and Full path disclosure vulnerabilities in Googlemaps plugin for Joomla. ------------------------- Affected products: ------------------------- Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x and...
Symantec Workspace Virtualization privilege escalation
Unsafe function's hook...
HP Smart Zero Client unauthorized access
No description provided...
SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer
SEC Consult Vulnerability Lab Security Advisory 20130719-0 ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact:...
[security bulletin] HPSBHF02878 rev.1 - HP Smart Zero Client, Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03757330 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03757330 Version: 1 HPSBHF02878 rev....
Open-Xchange Security Advisory 2013-06-03
Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...
AFU and XSS vulnerabilities in TinyMCE Image Manager
Hello 3APA3A! These are Arbitrary File Uploading and Cross-Site Scripting vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. -------------------------...
Dell PacketTrap multiple security vulnerabilities
Multiple web interface vulnerabilities...
HP Database and Middleware Automation information leakage
No description provided...
ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities
Title: ====== ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1017 VL-ID: ===== 1017 Common Vulnerability Scoring System: ==================================== 6.6 Introduction: ============...
IceWarp multiple security vulnerabilities
Web interface crossite scripting and XML injeciton...
Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability
Title: ====== Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability Date: ===== 2013-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1013 VL-ID: ===== 1013 Common Vulnerability Scoring System: ==================================== 7.5...
Voice Logger astTECS - bypass login & arbitrary file download
Author: Michal Blaszczak Website: http://blaszczakm.blogspot.com Project: hack voip - http://blaszczakm.blogspot.com/search/label/hack20voip Date: 16.07.2013 Voice Logger - VoIP software for Call Center 1 bypass login login: admin' or 1='1 password: admin line: 168 file: managerlogin.server.php 2...
WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities
Title: ====== WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities Date: ===== 2013-07-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1011 VL-ID: ===== 1011 Common Vulnerability Scoring System: ==================================== 6.3 Introduction: ============= It is t...
XSS Vulnerabilities in OpenCms
Advisory ID: HTB23160 Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 8.5.1 and probably prior Tested Version: 8.5.1 Vendor Notification: June 12, 2013 Vendor Patch: July 10, 2013 Public Disclosure: July 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...
Sybase EAServer multiple security vulnerabilities
Directory traversal, XML injection, shell characters injection...