«
Expand/Collapse
124 items tagged "input validation"
Related tags:
directory traversal [+],
multiple [+],
microsoft [+],
command execution [+],
Skype [+],
validation [+],
tim brown [+],
remote [+],
red hat security [+],
nova [+],
denial of service [+],
cross site scripting [+],
xml [+],
validation error [+],
uri handler [+],
php [+],
image registration [+],
decode [+],
arbitrary code execution [+],
ntr [+],
linux security [+],
libcurl [+],
curl [+],
advisory [+],
website [+],
vlc [+],
videolan [+],
version 6 [+],
user [+],
storage resources [+],
stefan hajnoczi [+],
squid [+],
sql [+],
shockwave [+],
service mail [+],
server names [+],
security notice [+],
sanitization [+],
safer use [+],
runtime [+],
rsa data [+],
red [+],
proxy authentication [+],
privileged user [+],
peter eisentraut [+],
performance proxy [+],
papst [+],
overwrite files [+],
opcontrol [+],
obama [+],
nova api [+],
nelson elhage [+],
mkv [+],
memory corruption [+],
memory address [+],
malicious user [+],
kssl [+],
java runtime [+],
injection [+],
information disclosure [+],
icq [+],
hat [+],
guest [+],
freetype [+],
font engine [+],
font [+],
flash editor [+],
fivestar [+],
excel [+],
eisentraut [+],
editor [+],
drupal [+],
dolphin [+],
directory traversal vulnerability [+],
debian linux [+],
debian [+],
david black [+],
data loss prevention [+],
dan rosenberg [+],
dan prince [+],
control [+],
content [+],
code execution [+],
cms [+],
cid [+],
cgi [+],
boonex dolphin [+],
bing flash [+],
bing [+],
barracuda [+],
barack obama [+],
barack [+],
archiver [+],
archive files [+],
arbitrary value [+],
application [+],
adobe shockwave player [+],
activex [+],
vulnerability [+],
zero day [+],
xss [+],
usn [+],
uri [+],
tgz [+],
science [+],
sap [+],
s system [+],
rsa [+],
registration [+],
player [+],
performance [+],
openstack [+],
office [+],
ofbiz [+],
nova image [+],
miyabi [+],
mit [+],
microsoft excel 2002 [+],
metalink [+],
linux kernel [+],
linux [+],
krb [+],
kernel [+],
kerberos protocol [+],
insight web [+],
insight [+],
fair [+],
cve [+],
code microsoft [+],
client versions [+],
client [+],
cgi tools [+],
box [+],
ati [+],
assertion failure [+],
arbitrary input [+],
arbitrary [+],
apache software foundation [+],
adobe [+],
activemq [+],
security [+],
ubuntu [+],
web [+],
vupen [+],
vulnerability research [+],
validation errors [+],
trolltech qt [+],
trolltech [+],
sonicwall [+],
sequences [+],
security vulnerabilities [+],
security services [+],
secunia [+],
script [+],
sap netweaver [+],
research [+],
record [+],
realplayer [+],
poc [+],
nos [+],
netweaver [+],
microsystems ltd [+],
microsoft office document imaging [+],
microsoft office document [+],
mailing list manager [+],
mailing [+],
list [+],
idefense security advisory [+],
idefense [+],
gigabyte [+],
florian streibelt [+],
family connections [+],
family [+],
european security [+],
email security [+],
email [+],
dsa [+],
document [+],
dll [+],
dldrv [+],
dirapi [+],
d assets [+],
conversion routine [+],
connections [+],
command line arguments [+],
cgi script [+],
cacti [+],
businessobjects [+],
bugtraq [+],
based buffer overflow [+],
audio content [+],
antispam [+],
activex control [+],
notice [+],
txt [+],
input [+],
site [+],
cross [+]
-
-
20:31
»
Packet Storm Security Advisories
The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.
-
20:31
»
Packet Storm Security Recent Files
The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.
-
20:31
»
Packet Storm Security Misc. Files
The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.
-
-
16:50
»
Packet Storm Security Advisories
Ubuntu Security Notice 1413-1 - Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.
-
16:50
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1413-1 - Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.
-
16:50
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1413-1 - Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.
-
-
16:18
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0094-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
16:18
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0094-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
16:18
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0094-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
20:16
»
Packet Storm Security Advisories
Ubuntu Security Notice 1338-1 - Peter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. The imfile module is disabled by default in Ubuntu.
-
20:16
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1338-1 - Peter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. The imfile module is disabled by default in Ubuntu.
-
20:16
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1338-1 - Peter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. The imfile module is disabled by default in Ubuntu.
-
-
19:46
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.
-
19:46
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.
-
19:46
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.
-
-
13:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1305-1 - David Black discovered that Nova did not properly perform input validation during image registration. An attacker could exploit this by registering a crafted image using the EC2 API or S3/RegisterImage method and overwrite files as the nova user.
-
13:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1305-1 - David Black discovered that Nova did not properly perform input validation during image registration. An attacker could exploit this by registering a crafted image using the EC2 API or S3/RegisterImage method and overwrite files as the nova user.
-
13:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1305-1 - David Black discovered that Nova did not properly perform input validation during image registration. An attacker could exploit this by registering a crafted image using the EC2 API or S3/RegisterImage method and overwrite files as the nova user.
-
-
17:35
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1791-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
-
17:35
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1791-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
-
17:35
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1791-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
-
-
17:14
»
Packet Storm Security Advisories
Ubuntu Security Notice 1276-1 - Tim Brown discovered that Ark did not properly perform input validation when previewing archive files. If a user were tricked into opening a crafted archive file, an attacker could remove files via directory traversal.
-
17:14
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1276-1 - Tim Brown discovered that Ark did not properly perform input validation when previewing archive files. If a user were tricked into opening a crafted archive file, an attacker could remove files via directory traversal.
-
17:14
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1276-1 - Tim Brown discovered that Ark did not properly perform input validation when previewing archive files. If a user were tricked into opening a crafted archive file, an attacker could remove files via directory traversal.
-
-
15:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1248-1 - Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL. Various other issues were also addressed.
-
15:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1248-1 - Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL. Various other issues were also addressed.
-
15:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1248-1 - Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL. Various other issues were also addressed.
-
-
13:30
»
Packet Storm Security Exploits
European Security Services GPS version 1.x suffers from authentication bypass, input validation, and remote SQL injection vulnerabilities.
-
-
8:19
»
Packet Storm Security Advisories
Barack Obama Website Service suffers from an input validation vulnerability that allows for manipulation of mails from info@barackobama.com.
-
-
8:09
»
Packet Storm Security Exploits
ICQ.com suffers from a cross site scripting vulnerability due to a lack of input validation and output sanitization of the feeds entry.
-
-
12:29
»
Packet Storm Security Advisories
Ubuntu Security Notice 1166-1 - Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the --save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. Various other issues were also addressed.
-
12:29
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1166-1 - Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the --save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. Various other issues were also addressed.
-
12:29
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1166-1 - Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the --save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. Various other issues were also addressed.
-
-
18:29
»
Packet Storm Security Advisories
Ubuntu Security Notice 1165-1 - Nelson Elhage discovered that QEMU did not properly validate certain virtqueue requests from the guest. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Stefan Hajnoczi discovered that QEMU did not properly perform integer comparisons when performing virtqueue input validation. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.
-
18:29
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1165-1 - Nelson Elhage discovered that QEMU did not properly validate certain virtqueue requests from the guest. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Stefan Hajnoczi discovered that QEMU did not properly perform integer comparisons when performing virtqueue input validation. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.
-
18:29
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1165-1 - Nelson Elhage discovered that QEMU did not properly validate certain virtqueue requests from the guest. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Stefan Hajnoczi discovered that QEMU did not properly perform integer comparisons when performing virtqueue input validation. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.
-
-
14:00
»
Packet Storm Security Advisories
A potential cross site scripting vulnerability due to improper input validation that could be exploited in certain situations has been identified in RSA DLP Enterprise Manager versions 8.x.
-
14:00
»
Packet Storm Security Recent Files
A potential cross site scripting vulnerability due to improper input validation that could be exploited in certain situations has been identified in RSA DLP Enterprise Manager versions 8.x.
-
14:00
»
Packet Storm Security Misc. Files
A potential cross site scripting vulnerability due to improper input validation that could be exploited in certain situations has been identified in RSA DLP Enterprise Manager versions 8.x.
-
-
20:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1114-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
-
20:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1114-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
-
20:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1114-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
-
-
17:45
»
SecuriTeam
Microsoft Office Contains a vulnerability caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
10:55
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2159-1 - Dan Rosenberg discovered that insufficient input validation in VLC's processing of Matroska/WebM containers could lead to the execution of arbitrary code.
-
10:55
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2159-1 - Dan Rosenberg discovered that insufficient input validation in VLC's processing of Matroska/WebM containers could lead to the execution of arbitrary code.
-
10:55
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2159-1 - Dan Rosenberg discovered that insufficient input validation in VLC's processing of Matroska/WebM containers could lead to the execution of arbitrary code.
-
-
10:46
»
SecuriTeam
Microsoft Office Excel contains Vulnerability caused by an input validation error when processing certain elements in a Ghost record.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
22:01
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in RealPlayer SP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of sample chunks when parsing QCP audio content. This can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. RealPlayer SP 1.0.5 is affected.
-
-
21:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by missing input validation in a conversion routine when parsing a certain record type. This can be exploited to corrupt memory outside the bounds of an allocated heap buffer via an overly large range specified by two record fields. Successful exploitation may allow execution of arbitrary code.
-
-
16:34
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2073-1 - Florian Streibelt reported a a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users' requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and / or delete arbitrary files.
-
-
22:02
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation of the item argument passed to the SetDLInfo() method and can be exploited via array-indexing errors to corrupt memory. Successful exploitation allows execution of arbitrary code. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected.
-
-
1:02
»
Packet Storm Security Tools
This is a simple script that attempts to check if a CGI script suffers from an input validation command execution vulnerability.
-
-
19:00
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to insufficient input validation when parsing a certain record type. This may lead to a variety of errors, including corruption of data on the stack. Successful exploitation may allow execution of arbitrary code. Microsoft Excel 2002 is affected.
-
19:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to insufficient input validation when parsing a certain record type. This may lead to a variety of errors, including corruption of data on the stack. Successful exploitation may allow execution of arbitrary code. Microsoft Excel 2002 is affected.
-
-
14:23
»
SecuriTeam
Due to a flaw in the current user input validation performed by Skype, it is possible to append additional command line arguments which are subsequently processed during the launch of Skype.exe.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
10:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 938-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
-
10:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 938-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
-
-
20:00
»
Packet Storm Security Recent Files
The cross site scripting / input validation vulnerability in Apache OFBiz can also be leveraged to run arbitrary SQL commands. This archive has two javascript proof of concepts inside.
-
20:00
»
Packet Storm Security Exploits
The cross site scripting / input validation vulnerability in Apache OFBiz can also be leveraged to run arbitrary SQL commands. This archive has two javascript proof of concepts inside.
-
20:00
»
Packet Storm Security Advisories
VUPEN Web Vulnerability Research Team discovered 27 vulnerabilities in WebAsyst Shop-Script FREE. These issues are caused by input validation errors in various scripts when processing user-supplied data and parameters, which could allow local file inclusion, sql injection and cross site scripting attacks.
-
-
21:00
»
Packet Storm Security Recent Files
Remote unauthenticated exploitation of an input validation vulnerability in Apache Software Foundation's ActiveMQ server could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.
-
21:00
»
Packet Storm Security Advisories
Remote unauthenticated exploitation of an input validation vulnerability in Apache Software Foundation's ActiveMQ server could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.
-
-
5:26
»
SecuriTeam
Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:00
»
Packet Storm Security Exploits
Skype client versions prior to 4.2.0.1.55 suffer from a URI handling input validation vulnerability that allows for remote command execution.
-
-
19:00
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials.
-
16:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials.
-
-
17:00
»
Packet Storm Security Recent Files
MIT krb5 Security Advisory 2010-001 - Improper input validation in the KDC can cause an assertion failure and process termination. A functional exploit exists, but is not known to be publicly circulated. Releases prior to krb5-1.7 did not contain the vulnerable code. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol.
-
17:00
»
Packet Storm Security Advisories
MIT krb5 Security Advisory 2010-001 - Improper input validation in the KDC can cause an assertion failure and process termination. A functional exploit exists, but is not known to be publicly circulated. Releases prior to krb5-1.7 did not contain the vulnerable code. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution