47153 matches found
[ MDVSA-2013:184 ] perl-Dancer
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:184 http://www.mandriva.com/en/support/security/ Package : perl-Dancer Date : June 27, 2013 Affected: Business Server 1.0 Problem Description: Updated perl-Dancer package fixes CVE-2012-5572 A security flaw...
WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities
The WordPress category-grid-view-galler plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase http://exploit.iedb.ir Exploit Title : WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities Author : Iranian Exploit DataBase Discovered By : IeDb...
Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access
Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500 using lighttpd 1.4.28 and Utopia on Linux 2.6.22 Firmware Version: 1.0.14 EA2700 Firmware Version: 1.0.30 EA3500 Firmware Version: 2.0.36 E4200 Firmware Version: 2.0.36 EA4500 Impact: - Major Timeline: - Still awaiting word back from...
WordPress feed plugin Sql Injection
The WordPress feed plugin suffers from a Sql Injection vulnerability. Iranian Exploit DataBase http://exploit.iedb.ir Exploit Title : WordPress feed plugin Sql Injection Author : Iranian Exploit DataBase Discovered By : IeDb Email : [email protected] Home : http://exploit.iedb.ir Software Link ...
FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress
Hello 3APA3A! These are Full path disclosure and Security bypass vulnerabilities in Exploit Scanner for WordPress. This is security plugin for detecting exploits and backdoors in WordPress. Which failed to identify my Backdoored Web Application BWA - a reference test of backdoor scanners released...
Multiple vulnerabilities in multiple themes for WordPress with VideoJS
Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundred...
XSS and FPD vulnerabilities in I Love It New theme for WordPress
Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in I Love It New theme for WordPress. This is commercial premium theme. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21 and in multiple web applications...
AVAST Universal Core Installer - Multiple Vulnerabilities
Title: ====== AVAST Universal Core Installer - Multiple Vulnerabilities Date: ===== 2013-06-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=966 VL-ID: ===== 965 Common Vulnerability Scoring System: ==================================== 4.2 Introduction: =============...
WordPress Denial of Service exploit
Hello 3APA3A! Here is my version of vnd's PoC https://vndh.net/note:wordpress-351-denial-service. This exploit is for Denial of Service vulnerability in WordPress 3.4 - 3.5.1. My version solves some issues in original PoC. Concerning this Denial of Service in WordPress. As I wrote last week in my...
AFU vulnerabilities in MCFileManager for TinyMCE
Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode File Manager MCFileManager. This is commercial plugin for TinyMCE. It concerns as MCFileManager, as all web applications which have MCFileManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to...
[SECURITY] [DSA 2718-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2718-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 01, 2013 http://www.debian.org/security/faq -...
Cross-Site Scripting vulnerabilities in WordPress
Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in WordPress. Which I've disclosed last week. At WordPress 3.5.2 release, WP developers mentioned about three holes as "security hardenings" to decrease their importance and to make it looks like there were less fixed holes. One of thes...
LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2013-07-03 === rsyslog ElasticSearch Plugin - Double Free Memory Corruption - ------------------------------------------------------------ Affected Version ================ rsyslog 7.4.0 stable...
perl-Dancer headers injection
headers injection in cookie handling methods...
Vulnerabilities in multiple plugins for WordPress with VideoJS
Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites...
[CVE-2013-4695] WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: WinAmp Vendor URL: www.winamp.com Type: Pointer Issues CWE-465 Date found: 2013-06-05 Date published: 2013-07-01 CVSSv2 Score: 4,4 AV:L/AC:M/Au:N/C:P/I:P/A:P CVE: CVE-2013-4695 2. CREDITS...
libvirt DoS
Resources exhaustion...
Avast antiviral products multiple security vulnerabilities
Privilege escalations...
[USN-1895-1] libvirt vulnerability
========================================================================== Ubuntu Security Notice USN-1895-1 July 02, 2013 libvirt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
FPD, XSS and CS vulnerabilities in Slash WP theme for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These are Full path disclosure, Cross-Site Scripting and Content Spoofing vulnerabilities. ------------------------- Affected products: -------------------------...
XSS and FPD vulnerabilities in Search 'N Save for WordPress
Hello 3APA3A! I want to inform you about vulnerabilities in Search 'N Save plugin for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I wrote about Cross-Site Scripting...
Denial of Service in WordPress
Hello 3APA3A! These are Denial of Service vulnerabilities WordPress. Which I've disclosed two days ago http://websecurity.com.ua/6600/. About XSS vulnerabilities in WordPress, which exist in two redirectors, I wrote last year http://securityvulns.ru/docs27917.html. About Redirector vulnerabilitie...
WordPress 3.5.1, Denial of Service
Version 3.5.1 latest of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module class-phpass.php. The exploitation of this vulnerability is possible only when at least one post is protected by a password. Time frames: 31.05.2013...
[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin
waraxe-2013-SA104 - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-104.html Descriptio...
AVAST Internet Security Suite - Persistent Vulnerabilities
Title: ====== AVAST Internet Security Suite - Persistent Vulnerabilities Date: ===== 2013-06-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=969 VL-ID: ===== 969 Common Vulnerability Scoring System: ==================================== 3.4 Introduction: =============...
WinAmp security vulnerabilities
Buffer overflow, uninitialized pointer dereference...
AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities
Title: ====== AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities Date: ===== 2013-06-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=963 VL-ID: ===== 963 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...
ElasticSearch double free
ElasticSearch rsyslog plugin doble free...
Wordpress wp-private-messages Plugin Sql Injection vulnerability
The Wordpress wp-private-messages Plugin suffers from a Sql Injection vulnerability. Iranian Exploit DataBase Www.exploit.IrIsT.Ir Exploit Title : Wordpress wp-private-messages Plugin Sql Injection vulnerability Author : Iranian Exploit DataBase Discovered By : IeDb Home : http://exploit.IrIsT.Ir...
php-radius buffer overflow
Buffer overflow in radiusgetvendorattr...
FPD and Security bypass vulnerabilities in AntiVirus for WordPress
Hello 3APA3A! These are Full path disclosure and Security bypass vulnerabilities in AntiVirus for WordPress. This is security plugin for detecting exploits and backdoors in WordPress. Which failed to identify my Backdoored Web Application BWA - a reference test of backdoor scanners released in...
XSS and FPD vulnerabilities in Search and Share for WordPress
Hello 3APA3A! I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I've wrote about Cross-Site Scripting...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[ MDVSA-2013:191 ] fail2ban
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:191 http://www.mandriva.com/en/support/security/ Package : fail2ban Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated fail2ban packages fix CVE-2013-2178 Krzysztof...
[slackware-security] ruby (SSA:2013-178-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security ruby SSA:2013-178-01 New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...
Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)
$ uname -a FreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE 0 r243825: Tue Dec 4 09:23:10 UTC 2012 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 $ id uid=1001hunger gid=1002hunger groups=1002hunger $ gcc fbsd9lul.c -o fbsd9lul $ ./fbsd9lul FreeBSD 9.0,1 mmap/ptrace exploit by...
CVE-2013-2210
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2210: Apache Santuario XML Security for C++ contains a heap overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to...
HAProxy security vulnerabilities
Few memory corruptions...
Barracuda CudaTel 2.6.02.04 - Multiple Web Vulnerabilities
Title: ====== Barracuda CudaTel 2.6.02.04 - Multiple Web Vulnerabilities Date: ===== 2013-06-25 References: =========== http://vulnerability-lab.com/getcontent.php?id=778 BARRACUDA NETWORK SECURITY ID: BNSEC-811 VL-ID: ===== 778 Common Vulnerability Scoring System:...
OpenStack multiple security vulnerabilities
Keystone protection bypass and authentication bypass, Nova DoS...
[USN-1887-1] OpenStack Swift vulnerabilities
========================================================================== Ubuntu Security Notice USN-1887-1 June 20, 2013 swift vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Ruby certificate spoofing
It's possible to bypass certificate name check...
CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to...
[USN-1884-1] LibRaw vulnerability
========================================================================== Ubuntu Security Notice USN-1884-1 June 18, 2013 libraw vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[USN-1885-1] libKDcraw vulnerability
========================================================================== Ubuntu Security Notice USN-1885-1 June 18, 2013 libkdcraw vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
libRaw / libKDcraw memory corruption
Memory corruption on full-color images processing...
[USN-1889-1] HAProxy vulnerability
========================================================================== Ubuntu Security Notice USN-1889-1 June 20, 2013 haproxy vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
puppet code exeuction
Code execution via YAML object deserialization...
[SECURITY] [DSA 2717-1] xml-security-c security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2717-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 28, 2013 http://www.debian.org/security/faq -...
Apple and Wifi Hotspot Credentials Management Vulnerability
This vulnerability was published to the OWASP Mobile Security list as a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See "Cracking iOS personal hotspots using a Scrabble crossword game word list,"...