47153 matches found
Apache security vulnerabilities
moddav malformed MERGE request crash, modrewrite log manipulation...
HP StoreVirtual unauthorized access
No description provided...
Asus routers security vulnerabilities
Information leakage, code execution...
Gnome File Roller directory traversal
Directory traversal on archive processing...
[Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability
Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting XSS vulnerability ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-001 - Original release date: July 10, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground...
Bluetooth Chat Connect v1.0 iOS - Multiple Vulnerabilities
Title: ====== Bluetooth Chat Connect v1.0 iOS - Multiple Vulnerabilities Date: ===== 2013-05-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=960 VL-ID: ===== 960 Common Vulnerability Scoring System: ==================================== 3.9 Introduction: =============...
Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Affected Product: BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Timeline: 07 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 17 June 2013 -...
IA and AFU vulnerabilities in aCMS
Hello 3APA3A! These are Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the second part of them. ------------------------- Affected products: ------------------------- Vulnerable are aCMS...
ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln
Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...
Multiple Vulnerabilities in Exponent CMS
Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection CWE-89,...
Multiple vulnerabilities in McAfee ePO 4.6.6
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in McAfee ePO 4.6.6 Affected Product: McAfee ePO 4.6.6 Build 176 & potentially earlier versions Timeline: 08 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 12 June 2013 - Vendor...
CVE-2013-3568 - Linksys CSRF + Root Command Injection
Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...
Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability
Title: ====== Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability Date: ===== 2013-06-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=989 VL-ID: ===== 989 Common Vulnerability Scoring System: ==================================== 6.8 Introduction:...
SQL Injection in Dolphin
Advisory ID: HTB23157 Product: Dolphin Vendor: BoonEx Vulnerable Versions: 7.1.2 and probably prior Tested Version: 7.1.2 Vendor Notification: May 22, 2013 Vendor Patch: May 29, 2013 Public Disclosure: June 12, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-3638 Risk Level:...
Multiple XSS Vulnerabilities in Xaraya
Advisory ID: HTB23156 Product: Xaraya Vendor: Xaraya Development Group Vulnerable Versions: 2.4.0-b1 and probably prior Tested Version: 2.4.0-b1 Vendor Notification: May 15, 2013 Public Disclosure: June 26, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2013-3639 Risk...
[Full-disclosure] Magnolia CMS multiple access control vulnerabilities
Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...
Cisco ASA NGFW DoS
Fragmented packets DoS...
Hard-coded accounts on multiple network cameras
Hard-coded accounts on multiple network cameras =============================================== ADVISORY INFORMATION Title: Hard-coded accounts on multiple network cameras Discovery date: 05/06/2013 Release date: 11/07/2013 Advisory URL: http://goo.gl/82Rlb Credits: Roberto Paleari...
[oCERT-2013-001] File Roller path sanitization errors
2013-001 File Roller path sanitization errors Description: The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any locatio...
[ MDVSA-2013:194 ] kernel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:194 http://www.mandriva.com/en/support/security/ Package : kernel Date : July 11, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...
[SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure
CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure Severity: Important Vendor: The Apache Software Foundation Version Affected: Apache Geronimo 3.0 Apache Geronimo 3.0 Beta 1 Apache Geronimo 3.0 M1 Description: A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker t...
Multiple Vulnerabilities in Kasseler CMS
Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...
Cisco Email Security / Web Security / Content Security multiple security vulnerabilities
Code execution, DoS...
File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities
====== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=939 VL-ID: ===== 939 Common Vulnerability Scoring System: ==================================== 5.9 Introduction: ============= You ha...
Multiple vulnerabilities in aCMS
Hello 3APA3A! These are Cross-Site Scripting, Content Spoofing and Information Leakage vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the first part of them. ------------------------- Affected products: ------------------------- Vulnerable are...
Re: Cisco/Linksys E1200 N300 Reflected XSS
Mitre has assigned the following CVE for this issue: CVE-2013-2679 On Mon, Apr 29, 2013 at 12:27 AM, Carl Benedict [email protected] wrote: Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently...
CVE-2013-3739 Local File Inclusion in Weathermap <= 0.97C
============================================= WEBERA ALERT ADVISORY 01 - Discovered by: Anthony Dubuissez - Severity: high - CVE Request - 03/06/2013 - CVE Assign - 03/06/2013 - CVE Number - CVE-2013-3739 - Vendor notification - 03/06/2013 - Vendor reply - No reply - Public disclosure - 10/06/201...
Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities
Title: ====== Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities Date: ===== 2013-04-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=934 VL-ID: ===== 934 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ============...
SEC Consult SA-20130605-0 :: Multiple vulnerabilities in CTERA Portal
SEC Consult Vulnerability Lab Security Advisory 20130605-0 ======================================================================= title: Multiple vulnerabilities in CTERA Portal product: CTERA Portal vulnerable version: 3.1 fixed version: 3.2 impact: Critical homepage: http://www.ctera.com found...
XSS, CS and FPD vulnerabilities in I Love It theme for WordPress
Hello 3APA3A! These are Cross-Site Scripting, Content Spoofing and Full path disclosure vulnerabilities in I Love It theme for WordPress. This is commercial premium theme. ------------------------- Affected products: ------------------------- All versions of I Love It theme for WordPress. The the...
Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities
Title: ====== Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=883 VL-ID: ===== 883 Common Vulnerability Scoring System: ==================================== 6.2 Introduction: =============...
Multiple IP-cameras backdoor accounts
Hardcoded accounts...
Multiple Vulnerabilities in OpenX
Advisory ID: HTB23155 Product: OpenX Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: May 8, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: PHP File Inclusion CWE-98, Cross-Site Scripting CWE-79 CVE...
XSS and CS vulnerabilities in TinyMCE Image Manager
Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. ------------------------- Affected...
Re: Project Pier Web Vulnerabilities
Mitre has assigned the following CVE's for these issues in Project Pier: XSS: CVE-2013-3635 Session cookies lack HttpOnly flag: CVE-2013-3636 Session cookies lack Secure flag: CVE-2013-3637 On Tue, May 21, 2013 at 9:26 PM, the infinitenigma [email protected] wrote: Summary...
[Foreground Security 2013-002]: Corda Path Disclosure and XSS
Corda Path Disclosure and XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-002 - Original release date: July 12, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground Security - Contact: awillard at foregroundsecurit...
Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability
Title: ====== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Date: ===== 2013-07-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1000 VL-ID: ===== 1000 Common Vulnerability Scoring System: ==================================== 6.7 Introduction:...
(CVE-2013-1059) Linux Kernel libceph Null Pointer Dereference Vulnerability
Original URL: http://hkpco.kr/advisory/CVE-2013-1059.txt Linux Kernel libceph Null Pointer Dereference Vulnerability CVE-2013-1059 Author - Chanam Park @hkpco Website - http://hkpco.kr/ Date - 2013. 07. 06 0. Introduction This is very brief advisory just to record the vulnerability which I...
Joomla crypto vulnerability (all versions)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerable Application All current and past versions of Joomla http://www.joomla.org up to 1.5.26, 2.5.11, 3.1.1. Also the Joomla platform and maybe the Joomla framework not tested. At the moment there is no vendor patch available. The Problem The...
TA13-193A: Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO)
US Computer Emergency Readiness Team banner graphic National Cyber Awareness System: TA13-193A: Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator ePO 07/12/2013 02:19 PM EDT Original release date: July 12, 2013 Systems Affected McAfee ePolicy Orchestrator ePO Overview A new...
ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability
ESA-2013-052.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-052: RSA® Authentication Manager Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2013-052 CVE Identifier: CVE-2013-3273 Severity Rating: CVSS v2 Base Score: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected Products:...
Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities
Title: ====== Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities Date: ===== 2013-04-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=932 VL-ID: ===== 932 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: ===========...
Adobe Coldfusion multiple security vulnereabilities
DoS, code execution...
eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities
Title: ====== eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities Date: ===== 2013-06-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=982 VL-ID: ===== 982 Common Vulnerability Scoring System: ==================================== 6.8 Introduction:...
CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2
DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...
[ MDVSA-2013:193 ] apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:193 http://www.mandriva.com/en/support/security/ Package : apache Date : July 11, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected i...
ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability
ESA-2013-050.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2013-050 CVE Identifier: CVE-2013-3272 Severity Rating: CVSS v2 Base Score: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected products: EMC...
MiniUPnPd Information Disclosure (CVE-2013-2600)
Hi list, I am writing to inform you of an information disclosure vulnerability I noticed in MiniUPnPd a few months back. Specifically, MiniUPnPd versions 1.8 and earlier are prone to an information disclosure vulnerability due to improper use of snprintf while preparing SSDP responses. An attacke...
[ MDVSA-2013:195 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:195 http://www.mandriva.com/en/support/security/ Package : php Date : July 12, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected...
SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF
SEC Consult Vulnerability Lab Security Advisory 20130709-0 ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and...