47153 matches found
EMC Avamar security vulnerabilities
Privilege escalation, crossite scripting...
[security bulletin] HPSBGN02882 rev.1 - HP Database and Middleware Automation (DMA) using SSL, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03788014 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03788014 Version: 1 HPSBGN02882 rev....
Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation Exploit
Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation Exploit Date: 2013-7-17 Author : MJ0011 Version: Symantec Workspace Virtualization 6.4.1895.0 Tested on: Windows XP SP3 DETAILS: In fslx.sys 's hook function of "NtQueryValueKey" , it directly write to the buffer ...
Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials
Vulnerable Products - WD My Net N600 HD Dual Band Router Wireless N WiFi Router Accelerate HD WD My Net N750 HD Dual Band Router Wireless N WiFi Router Accelerate HD Linux 2.6.3 Kernel All firmware including the latest Ver. 1.04.16 WD My Net N900 HD Dual Band Router Wireless N WiFi Router...
Xpient Cash Drawer unauthorized access
TCP/7510 port unauthorized access...
CVE-2013-3734 - JBoss AS Administration Console - Password Returned in Later Response
Product: Embedded Jopr - JBoss AS Administration Console Vendor: Red Hat Middleware, LLC Version: 1.2 Tested Version: 1.2 Vendor Notified Date: May 29, 2013 Release Date: June 03, 2013 Risk: Moderate Authentication: Required Remote: Yes Description: Passwords submitted to the application are...
CORE-2013-0517 - Xpient Cash Drawer Operation Vulnerability
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Xpient Cash Drawer Operation Vulnerability 1. Advisory Information Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:...
ESA-2013-055: EMC Avamar Multiple Vulnerabilities
ESA-2013-055.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-055: EMC Avamar Multiple Vulnerabilities EMC Identifier: ESA-2013-055 CVE Identifier: CVE-2013-3274, CVE-2013-3275 Severity Rating: See below for individual scores Affected products: All EMC Avamar Server and Avamar Virtual...
Cisco Intrusion Prevention System multiple security vulnerabilities
Multiple DoS conditions...
Cisco Unified Communications Manager multiple security vulnerabilities
Hardcoded encryption key, code execution, privilege escation, SQL injection...
IBM WebSphere information leakage
Access token inside URL...
[email protected]
Title: ====== ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1017 VL-ID: ===== 1017 Common Vulnerability Scoring System: ==================================== 6.6 Introduction: ============...
[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM...
[SECURITY] [DSA 2724-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2724-1 [email protected] http://www.debian.org/security/ Michael Gilbert July 17, 2013 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[security bulletin] HPSBMU02900 rev.2 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 2 HPSBMU02900 rev....
HP System Management Homepage multiple security vulnerabilities
Code execution, unauthorized access, DoS...
SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server
SEC Consult Vulnerability Lab Security Advisory 20130625-0 ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...
SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer
SEC Consult Vulnerability Lab Security Advisory 20130719-0 ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact:...
Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability
Title: ====== Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability Date: ===== 2013-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1013 VL-ID: ===== 1013 Common Vulnerability Scoring System: ==================================== 7.5...
Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities
Title: ====== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities Date: ===== 2013-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1009 VL-ID: ===== 1009 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: =============...
Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities
Title: ====== Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities Date: ===== 2013-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=833 VL-ID: ===== 833 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a XSS vulnerability in the Web UI. A specialy crafted SMS can bypass the function used to sanitize incoming...
[CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4
Hi list, I would like to inform you that the details of the vulnerability in built-in system app of Samsung Galaxy S3/S4 assigned as CVE-2013-4763 and CVE-2013-4764 are now disclosed to public. In Samsung Galaxy S3/S4, a pre-loaded app, i.e., sCloudBackupProvider.apk, is used to provide backup...
ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability
ESA-2013-041.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability EMC Identifier: ESA-2013-041 CVE Identifier: CVE-2013-3270 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: •...
MiniDLNA multiple security vulnerabilities
Buffer overflows, SQL injections...
Trend Micro DirectPass multiple security vulnerabilities
DoS conditions...
Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities
Title: ====== Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities Date: ===== 2013-05-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=894 Article: http://www.vulnerability-lab.com/dev/?p=580 Trend Micro Reference:...
[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2612 Huawei E587 3G Mobile Hotspot Command Injection Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute...
[CVE-2013-2745, CVE-2013-2738, CVE-2013-2739] MiniDLNA v1.0.25 Multiple Vulnerabilities
MiniDLNA prior to v1.1.0 http://sourceforge.net/projects/minidlna/ is prone to a variety of issues which could be used to take control of a host running this software. CVE-2013-2738 and CVE-2013-2745 are SQL injection issues. CVE-2013-2739 has been assigned for a heap-based buffer overflow which...
Barracuda CudaTel 2.6.02.040 - Client Side Cross Site Scripting Vulnerability
Title: ====== Barracuda CudaTel 2.6.02.040 - Client Side Cross Site Scripting Vulnerability Date: ===== 2013-07-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=776 BARRACUDA NETWORK SECURITY ID: BNSEC-807 VL-ID: ===== 776 Common Vulnerability Scoring System:...
EMC VNX / Celerra privilege escalation
Weak permissions for script files...
FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability
Title: ====== FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability Date: ===== 2013-07-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1007 VL-ID: ===== 1007 Common Vulnerability Scoring System: ==================================== 3.7 Introduction: ============= FTP...
Samsung Galaxy SMS manipulation
It's possible to manipulate SMS via built-in backup utility...
Huawei E587 access point security vulnerabilities
Crossite scripting, code execution...
Squid-3.3.5 DoS PoC
Squid Crash PoC Copyright C Kingcope 2013 tested against squid-3.3.5 this seems to be the patch for the vulnerability: http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.8.patch The squid-cache service will respawn, looks like a kind of assert exception: 2013/07/15 20:48:36 kid1| Closing HTTP...
McAfee ePolicy Orchestrator security vulnerability
Few vulnerabilities are used in-the-wild to compromise corporate networks...
Re: [ MDVSA-2013:195 ] php
Hey guys, Related to this I?ve found a proof of concept test script: php -r 'xmlparseintostructxml parsercreatens, strrepeat"blah", 1000, $b;' Gabe twitter: @gmaggiotti On Mon, Jul 15, 2013 at 3:41 AM, [email protected] wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux...
Re: Multiple vulnerabilities in McAfee ePO 4.6.6
McAfee has released a Knowledgebase Article KB to address the issues reported by a NATO pen test. https://kc.mcafee.com/corporate/index?page=content&id=KB78824 Both SQL Injection vulnerabilities were identified on May 10th, 2013 and patched as specified in SB10043. McAfee's internal testing leads...
PHP memory corruption
Memory corruption in XML parsing, jdtojewish function DoS...
[security bulletin] HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03819065 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03819065 Version: 1 HPSBPV02891 rev....
Linksys routers security vulnerabilities
Crossite request forgery, XSS, code execution in web administration interface...
Linksys X3000 - Multiple Vulnerabilities
Device: X3000 Vendor: Linksys ============ Vulnerable Firmware Releases: ============ Firmware Version: v1.0.03 build 001 Jun 11,2012 ============ Vulnerability Overview: ============ OS Command Injection The vulnerability is caused by missing input validation in the pingip parameter and can be...
[waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1
waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind "waraxe" Date: 14. July 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-106.html Description of vulnerable software...
Windows 7/8 admin account installation password stored in the clear in LSA Secrets
---------------------------------- Bug title: Windows 7/8 admin account installation password stored in the clear in LSA Secrets Affected systems: Windows 7, 8 related issue on XP Author: Xavier CC ---------------------------------- Background: ---------------------------------- "Windows LSA...
[security bulletin] HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03808969 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03808969 Version: 1 HPSBHF02888 rev....
[ISecAuditors Security Advisories] Multiple Vulnerabilities in Telaen <= 1.3.0
============================================= INTERNET SECURITY AUDITORS ALERT 2013-009 - Original release date: March 15th, 2013 - Last revised: June 4th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2013-2621, CVE-2013-2623, CVE-2013-2624...
Microsoft Windows information leakage
It's possible to recover administrator's password used during system installation...
[security bulletin] HPSBST02896 rev.1 - HP StoreVirtual Storage, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03825537 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03825537 Version: 1 HPSBST02896 rev....
Wifi Album v1.47 iOS - Command Injection Vulnerability
Title: ====== Wifi Album v1.47 iOS - Command Injection Vulnerability Date: ===== 2013-04-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=935 VL-ID: ===== 935 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ============= WiF...