Security Hero Rotating Header Image

Posts Tagged ‘Vulnerability’

When is it valid to claim that a vulnerability leads to a remote attack?

Re: When is it valid to claim that a vulnerability leads to a remote attack? Posted by Chris on Oct 10 ^^^^^^^^^^^^^^^^ Thierry, please fix your clock. URL: http://seclists.org/fulldisclosure/2009/Oct/154

When is it valid to claim that a vulnerability leads to a remote attack?

Re: When is it valid to claim that a vulnerability leads to a remote attack? Posted by Thierry Zoller on Oct 10 Hi Dan, DK> There are a substantial number of file formats that are code-execution DK> equivalent with no exploits necessary — .exe, .com, .bat, etc. You thus DK> can’t say that an executed [...]

Drupal Boost Module Arbitrary Directory Creation Vulnerability

Vuln: Drupal Boost Module Arbitrary Directory Creation Vulnerability Drupal Boost Module Arbitrary Directory Creation Vulnerability URL: http://www.securityfocus.com/bid/36561

3339 (email_and_web_security_appliance)

CVE-2009-3339 (email_and_web_security_appliance) Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable [...]

Apple Safari Error Page Address Bar URI Spoofing Vulnerability

Vuln: Apple Safari Error Page Address Bar URI Spoofing Vulnerability Apple Safari Error Page Address Bar URI Spoofing Vulnerability URL: http://www.securityfocus.com/bid/35829

Python PyLocale_strxfrm Function Remote Information Leak Vulnerability

Vuln: Python PyLocale_strxfrm Function Remote Information Leak Vulnerability Python PyLocale_strxfrm Function Remote Information Leak Vulnerability URL: http://www.securityfocus.com/bid/23887

Cisco WLC 4402 Denial-of-Service vulnerability

Bugtraq: Cisco WLC 4402 Denial-of-Service vulnerability Cisco WLC 4402 Denial-of-Service vulnerability URL: http://www.securityfocus.com/archive/1/505248

WebKit Numeric Character References Remote Memory Corruption Vulnerability

Vuln: WebKit Numeric Character References Remote Memory Corruption Vulnerability WebKit Numeric Character References Remote Memory Corruption Vulnerability URL: http://www.securityfocus.com/bid/35607

Cisco Wireless LAN Controller HTTP Authorization Denial of Service Vulnerability

Vuln: Cisco Wireless LAN Controller HTTP Authorization Denial of Service Vulnerability Cisco Wireless LAN Controller HTTP Authorization Denial of Service Vulnerability URL: http://www.securityfocus.com/bid/35805

SQLi Vulnerability Scanners

Re: SQLi Vulnerability Scanners Posted by Taras on Jul 26 On Fri, 17 Jul 2009 13:17:10 -0300 Ulises2k <ulises2k_at_gmail.com> wrote: > Try this: > > GUI > http://w3af.sf.net W3AF has also perfect console UI and furthermore it has SQLmap integration. URL: http://seclists.org/pen-test/2009/Jul/0097.html

Service vulnerability

Cisco WLC 4402 Denial-of-Service vulnerability Posted by SySS security advisories — Christoph Bott on Jul 26 ======================================= Vulnerable Product: Cisco WLC 4402 (most likely among many others) Vulnerability discovered: January 2009 Reported to vendor: Jan 01, 2009 Fix available: not yet ======================================= TIMELINE: … URL: http://seclists.org/fulldisclosure/2009/Jul/0407.html

IXXO Cart! Standalone and Joomla Component SQL Injection

Re: IXXO Cart! Standalone and Joomla Component SQL Injection Posted by YEHG Group on Jul 26 Thanks, I’ll update the database of http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project On Sat, Jul 25, 2009 at 3:57 PM, SmOk3<smok3f00_at_gmail.com> wrote: > Original advisory at: > … URL: http://seclists.org/fulldisclosure/2009/Jul/0394.html

Adobe Reader / Acrobat and Flash Remote Code Execution

Adobe Reader / Acrobat and Flash Remote Code Execution Summary: Fortinet’s FortiGuard Global Security Research Team investigates a vulnerability in multiple Adobe products through SWF. Impact: Remote Code Execution. Affected Software: Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions Solutions: The FortiGuard [...]

Drupal Bubbletimer Create Timesheets HTML Injection Vulnerability

Vuln: Drupal Bubbletimer Create Timesheets HTML Injection Vulnerability Drupal Bubbletimer Create Timesheets HTML Injection Vulnerability URL: http://www.securityfocus.com/bid/35763

Joomla! ‘com_joomloads’ Component ‘packageId’ Parameter SQL Injection Vulnerability

Vuln: Joomla! ‘com_joomloads’ Component ‘packageId’ Parameter SQL Injection Vulnerability Joomla! ‘com_joomloads’ Component ‘packageId’ Parameter SQL Injection Vulnerability URL: http://www.securityfocus.com/bid/35784

Bad Behavior has blocked 275 access attempts in the last 7 days.