Intel® Security Vulnerabilities

Intel® Desktop Board Buffer Overflow Local Privilege Escalation

**Summary: ** Updated BIOS is available for Intel® Desktop Board products to correct a buffer overflow in the Bitmap processing code. Description: A buffer overflow in the Bitmap processing code for Intel® Desktop motherboards could potentially allow a local malicious attacker to perform a Denial.....

{PRL} Rising Antivirus 2009 Privilege Escalation

Application: Rising Antivirus 2009 Platforms: Windows XP Professional SP2 Exploitation: Privilege Escalation Date: 2009-10-26 Author: Francis Provencher (Protek Research Lab's) 1) Introduction 2) Technical details 3) The Code (N/A) =============== 1) Introduction...

{PRL} Pegasus Mail client BoF

Application: Pegasus Mail Client Platforms: Windows XP Professional SP2 Exploitation: remote BoF Date: 2009-10-06 Author: Francis Provencher (Protek Research Lab's) 1) Introduction 2) Technical details 3) The Code (Only DoS) =============== 1) Introduction ===============...

Pegasus Mail Client Buffer Overflow

...

New BIOS available for Intel® Desktop Board products BIOS to prevent unauthorized downgrading to a previous BIOS version.

Summary: New BIOS is available for Intel® Desktop Board products BIOS to prevent downgrading to a previous BIOS version without supervisor/admin permission. Description: To prevent an unauthorized user from flashing Intel® Desktop Board products to a previous BIOS version without an explicit...

Intel® Desktop and Intel® Server Boards Privilege Escalation

Summary: Software running administrative (ring 0) privilege can under certain circumstances change code running in System Management Mode. Description: To mitigate reported privilege escalation issues, BIOS updates are available for specific Intel motherboards. These changes would help prevent a...

Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability Advisory ID: cisco-sa-20090923-cme Revision 1.0 For Public Release 2009 September 23 +--------------------------------------------------------------------- Summary...

Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20090923-cm Revision 1.0 For Public Release 2009 September 23...

Cisco IOS Software Network Time Protocol Packet Vulnerability

Cisco IOS® Software with support for Network Time Protocol (NTP) version (v4) contains a vulnerability processing specific NTP packets that will result in a reload of the device. This results in a remote denial of service (DoS) condition on the affected device. Cisco has released software...

Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability Advisory ID: cisco-sa-20090923-h323 Revision 1.0 For Public Release 2009 September 23 +--------------------------------------------------------------------- Summary The...

Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability Advisory ID: cisco-sa-20090923-ios-fw Revision 1.0 For Public Release 2009 September 23 +--------------------------------------------------------------------- Summary.....

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20090923-sip Revision 1.0 For Public Release 2009 September 23...

Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability Advisory ID: cisco-sa-20090923-ipsec Revision 1.0 For Public Release 2009 September 23...

Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20090923-tls Revision 1.0 For Public Release 2009 September 23...

Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability Advisory ID: cisco-sa-20090923-acl Revision 1.0 For Public Release 2009 September 23...

Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability Advisory ID: cisco-sa-20090923-ntp Revision 1.0 For Public Release 2009 September 23 +--------------------------------------------------------------------- Summary...

vBulletin 3.8.2 Denial of Service Exploit

!usr/bin/perl #vBulletin® Version 3.8.2 D3n14l 0f S3rv1c3 Expl01t #HaCker Anger - [email protected] ######################################################################## # Modules # ...

In-Portal 4.3.1 Arbitrary Shell Upload Vulnerability

No description provided by...

Shop Script Cross Site Scripting

...

In-Portal 4.3.1 Arbitrary Shell Upload Vulnerability

Exploit for unknown platform in category web...

In-portal 4.3.1 - Arbitrary File Upload

...

In-Portal 4.3.1 Shell Upload

...

In-portal 4.3.1 - Arbitrary File Upload

In-portal 4.3.1 - Arbitrary File...

In-Portal 4.3.1 Arbitrary Shell Upload Vulnerability

No description provided by...

Akamai Technologies Security Advisory 2009-0001 (Download Manager)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Akamai Technologies Security Advisory 2009-0001 Akamai ID: 2009-0001 Date: 2009/23/20 Product Name: Download Manager Affected Versions: < 2.2.4.8 Fixed Version: 2.2.4.8 CVE IDs: {TBD} CVSS Base Score: ...

RedHat Security Advisory RHSA-2009:1083

The remote host is missing updates announced in advisory RHSA-2009:1083. The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS...

RedHat Security Advisory RHSA-2009:1082

The remote host is missing updates announced in advisory RHSA-2009:1082. The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL...

cups security update

CentOS Errata and Security Advisory CESA-2009:1083 The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS "pdftops" filter converts.....

(RHSA-2009:1083) Important: cups security update

The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS "pdftops" filter converts Portable Document Format (PDF) files to PostScript.....

RedHat Security Advisory RHSA-2009:1062

The remote host is missing updates to FreeType announced in advisory RHSA-2009:1062. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it...

RedHat Security Advisory RHSA-2009:0329

The remote host is missing updates to FreeType announced in advisory RHSA-2009:0329. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it...

freetype security update

CentOS Errata and Security Advisory CESA-2009:0329 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of...

(RHSA-2009:0329) Important: freetype security update

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer.....

(RHSA-2009:1062) Important: freetype security update

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer.....

BOBO online Mall Shopping system vulnerability analysis-vulnerability warning-the black bar safety net

flaw0r's Blog Version:BOBOShop V1. 0 Style1 System:ASP+ACCESS BOBO shopping management system is the most advanced shopping system, using asp+fso technology;easy program installation and commissioning;users do not need to consider the system installation and maintenance;beautiful, friendly...

kernel security update

CentOS Errata and Security Advisory CESA-2009:0459 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock...

(RHSA-2009:0459) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly...

RedHat Security Advisory RHSA-2009:0445

The remote host is missing updates announced in advisory RHSA-2009:0445. The IBM® 1.4.2 SR13 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2...

SAP Cfolders Multiple Linked XSS Vulnerabilities

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-021 Original advisory: http://dsecrg.com/pages/vul/show.php?id=121 Application: SAP Cfolders (SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms (collaboration rooms)) Vendor...

SAP Cfolders Linked Cross Site Scripting

...

RedHat Security Advisory RHSA-2009:0429

The remote host is missing updates announced in advisory RHSA-2009:0429. The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that...

RedHat Security Advisory RHSA-2009:0428

The remote host is missing updates announced in advisory RHSA-2009:0428. The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the Tagged Image File Format (TIFF)...

Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow

====================================================================== Secunia Research 17/04/2009 - CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow - ====================================================================== Table of Contents Affected...

cups security update

CentOS Errata and Security Advisory CESA-2009:0429 The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to...

cups security update

CentOS Errata and Security Advisory CESA-2009:0428 The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the Tagged Image File Format (TIFF) decoding routines used.....

Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow

====================================================================== Secunia Research 15/04/2009 - DivX Web Player Stream Format Chunk Buffer Overflow - ====================================================================== Table of Contents Affected...

(RHSA-2009:0429) Important: cups security update

The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the...

(RHSA-2009:0428) Moderate: cups security update

The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the Tagged Image File Format (TIFF) decoding routines used by the CUPS image-converting filters, "imagetops"...

RedHat Security Advisory RHSA-2009:0369

The remote host is missing updates announced in advisory RHSA-2009:0369. The IBM® 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software.....

Novell Netstorage Multiple Vulnerabilities

Novell Netstorage Multiple Vulnerabilities Description "Novell NetStorage acts as a bridge between a company's protected Novell network and the Internet, providing protected file access from any Internet location. Files and folders on a Novell NetWare® 6.5 server or Novell Open Enterprise...