47153 matches found
[oCERT-2013-001] File Roller path sanitization errors
2013-001 File Roller path sanitization errors Description: The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any locatio...
SQL Injection in Dolphin
Advisory ID: HTB23157 Product: Dolphin Vendor: BoonEx Vulnerable Versions: 7.1.2 and probably prior Tested Version: 7.1.2 Vendor Notification: May 22, 2013 Vendor Patch: May 29, 2013 Public Disclosure: June 12, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-3638 Risk Level:...
VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
Hi @ll, the current Adobe Reader 11.0.03 installs the following VULNERABLE 3rd party components: 1. Adobe Flash Player Plugin 11.5.502.110 | X:filever.exe /S "ProgramFilesAdobenpswf.dll" | x:program filesadobereader 11.0readernpswf.dll | --a-- W32i DLL ENU 11.5.502.110 shp 14,588,632 05-11-2013...
Cisco ASA NGFW DoS
Fragmented packets DoS...
CVE-2013-3568 - Linksys CSRF + Root Command Injection
Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...
ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln
Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...
Multiple XSS Vulnerabilities in Xaraya
Advisory ID: HTB23156 Product: Xaraya Vendor: Xaraya Development Group Vulnerable Versions: 2.4.0-b1 and probably prior Tested Version: 2.4.0-b1 Vendor Notification: May 15, 2013 Public Disclosure: June 26, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2013-3639 Risk...
Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Affected Product: BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Timeline: 07 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 17 June 2013 -...
Multiple Vulnerabilities in Exponent CMS
Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection CWE-89,...
[SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure
CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure Severity: Important Vendor: The Apache Software Foundation Version Affected: Apache Geronimo 3.0 Apache Geronimo 3.0 Beta 1 Apache Geronimo 3.0 M1 Description: A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker t...
Multiple vulnerabilities in aCMS
Hello 3APA3A! These are Cross-Site Scripting, Content Spoofing and Information Leakage vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the first part of them. ------------------------- Affected products: ------------------------- Vulnerable are...
Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities
Title: ====== Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities Date: ===== 2013-04-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=934 VL-ID: ===== 934 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ============...
[waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1
waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind "waraxe" Date: 14. July 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-106.html Description of vulnerable software...
ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability
ESA-2013-052.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-052: RSA® Authentication Manager Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2013-052 CVE Identifier: CVE-2013-3273 Severity Rating: CVSS v2 Base Score: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected Products:...
XSS and CS vulnerabilities in TinyMCE Image Manager
Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. ------------------------- Affected...
Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities
Title: ====== Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities Date: ===== 2013-04-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=932 VL-ID: ===== 932 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: ===========...
fail2ban DoS
It's possible to trigger a block for arbitrary client...
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
ESA-2013-045.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery aka “Lucky Thirteen” Vulnerability EMC Identifier: ESA-2013-045 CVE Identifier: CVE-2013-0169 Severity Rating: CVSS v2 Base Score: 2.6...
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
ESA-2013-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-032: RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery aka “Lucky Thirteen” Vulnerability EMC Identifier: ESA-2013-032 CVE Identifier: CVE-2013-0169 Severity Rating: CVSS v2 Base Score: 2.6...
EMC RSA BSAFE multiple security vulnerabilities
SSL-related attacks...
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
ESA-2013-039.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2013-039 CVE Identifier: CVE-2011-3389, CVE-2013-0169 Severity Rating: CVSS v2 Base Score: Refer NVD http://nvd.nist.gov/ for individual scores for each CVE...
[ MDVSA-2013:188 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:188 http://www.mandriva.com/en/support/security/ Package : otrs Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: An attacker with a...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[Foreground Security 2013-002]: Corda Path Disclosure and XSS
Corda Path Disclosure and XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-002 - Original release date: July 12, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground Security - Contact: awillard at foregroundsecurit...
SEC Consult SA-20130605-0 :: Multiple vulnerabilities in CTERA Portal
SEC Consult Vulnerability Lab Security Advisory 20130605-0 ======================================================================= title: Multiple vulnerabilities in CTERA Portal product: CTERA Portal vulnerable version: 3.1 fixed version: 3.2 impact: Critical homepage: http://www.ctera.com found...
[security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03813919 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03813919 Version: 2 HPSBST02890 rev....
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Memory corruption, use-after-free, privilege escalation, information leakage...
Authentication bypass in D-Link routers
Vendor: D-Link Affected Products: -DIR-505L SharePort Mobile Companion HW: A1 / FW: 1.01 -DIR-826L Wireless N600 Cloud Router HW: A1 / FW: 1.02 Vendor Notification: April 8, 2013 Public Disclosure: July 8, 2013 Vulnerability Type: Authentication Bypass CVE Reference: CVE-2013-4772 Solution Status...
Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access and modification. A user who is logged in via the HPSupport user account does not have access to the dat...
VUPEN Security Research - Mozilla Firefox Maintenance Service Privilege Escalation Vulnerabilities
VUPEN Security Research - Mozilla Firefox Maintenance Service Local Privilege Escalation Vulnerabilities Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser coordinated by Mozilla Corporation a...
Authentication bypass in D-Link devices (session cookies not validated)
Vendor: D-Link Affected Products: -DIR-505L SharePort Mobile Companion HW: A1 / FW: 1.01 -DIR-826L Wireless N600 Cloud Router HW: A1 / FW: 1.02 Vendor Notification: April 8, 2013 Public Disclosure: July 8, 2013 Vulnerability Type: Authentication Bypass CVE Reference: CVE-2013-4772 Solution Status...
OS-Command Injection via UPnP Interface in multiple D-Link devices
Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 / DAP1522 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-600 - 2.16b01 DIR-645 - 1.04b01 DIR-845 - 1.01b02 DIR-865 - 1.05b03 Other devices and firmware versions may be also...
Re: OS-Command Injection via UPnP Interface in multiple D-Link devices
I can concur these issues exist in several other models as well. In fact, on any UPnP enabled D-Link from 868L and down, merely selecting "Display Hidden Elements" inside the developer tool bar, will expose the entire administrative GUI. Additional models I found the same bug, though I'm so sure...
nginx buffer overflow
Buffer overflow on proxypass upstream HTTP server response processing. Buffer overflow on chunked response parsing...
HP StoreOnce D2D unauthorized access
There is built-in support account with permissions to reset administrator's password...
Zoom routers unauthorized access
Authentication bypass, protection bypass...
[SECURITY] [DSA 2721-1] nginx security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2721-1 [email protected] http://www.debian.org/security/ Nico Golde July 07, 2013 http://www.debian.org/security/faq -...
Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution
Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...
VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability
VUPEN Security Research - Oracle Java Applet Preloader Click-2-Play Warning Bypass Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Java is the foundation for virtually every type of networked application and is the global standa...
ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability
EMC Identifier: ESA-2013-029 CVE Identifier: CVE-2013-0941 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to...
RSA SecurID weak encryption
Symmetric key is stored locally with weak encryption...
[ MDVSA-2013:192 ] php-radius
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:192 http://www.mandriva.com/en/support/security/ Package : php-radius Date : July 2, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A security vulnerability was discovered and...
[USN-1896-1] Module::Signature perl module vulnerability
========================================================================== Ubuntu Security Notice USN-1896-1 July 03, 2013 libmodule-signature-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Content Spoofing vulnerabilities in TinyMCE and WordPress
Hello 3APA3A! This are Content Spoofing vulnerabilities in TinyMCE and WordPress. Which I've disclosed on Wednesday. In 2011 I already wrote about Content Spoofing in Moxieplayer, when I wrote concerning multiple vulnerabilities in TinyMCE http://securityvulns.ru/docs27349.html, which is a...
[CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: WinAmp Vendor URL: www.winamp.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2013-06-05 Date published: 2013-07-01 CVSSv2 Score: Bug 1: 7,5 AV:N/AC:L/Au:N/C:P/I:P/A:P Bug 2: 3,7...
AFU vulnerabilities in MCImageManager for TinyMCE
Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead...
autotrace buffer overflow
Buffer overflow on BMP processing...
[ MDVSA-2013:190 ] autotrace
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:190 http://www.mandriva.com/en/support/security/ Package : autotrace Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated autotrace package fixes security vulnerability: Stack-based...
[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin
waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-105.html Description of...
perl Module::Signature privilege escalation
Relative path is used to execute external application...