:Program Files (x86)PSFtpPSFtp.exe
Picture(s):
../1.png
../2.png
Risk:
=
The security risk of the null pointer (dos) vulnerability is estimated as
medium(-).
Credits:
Vulnerability Laboratory [Research Team
of the
bureau team has achieved
good results ever, won the Chengdu-class team of 28 community agencies large
group of 5 km Team
finished sixth.
(Copy of the Vendor Homepage: http://www.cdmbc.gov.cn/detail.php?tid=236657 )
Abstract:
=
The Vulnerability Laboratory Research Team discovered
risk of the persisten input validation vulnerability is estimated
as medium.
Credits:
Vulnerability Research Laboratory -the_storm
(the_st...@vulnerability-lab.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty
(+).
Credits:
Vulnerability Research Laboratory -Kevin J. (Silent_0x)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties
://partners.microsoft.com/PartnerProgram/CreateReference.aspx
Solution:
=
2012-04-10: Vendor Fix/Patch by Check
Risk:
=
The security risk of the persistent script code injection vulnerability is
estimated as medium(+).
Credits:
Vulnerability Research Laboratory - Benjamin Kunz Mejri
(+).
Credits:
Vulnerability Laboratory [Research Team] -Kevin J. (Silent_0x)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties
/))'+invalidparam='
Risk:
=
The security risk of the non persistent cross site scripting vulnerabilities
are estimated as low(+).
Credits:
Vulnerability Research Laboratory - Mohd. Shadab Siddiqui (gr4yf0x)
Disclaimer:
===
The information provided in this advisory
risk of the sql injection vulnerabilities are estimated as high(+).
1.2
The security risk of the persistent input validation vulnerability is estimated
as low(+).
Credits:
Vulnerability Laboratory [Research Team] -snup (s...@vulnerability-lab.com)
Disclaimer
/tr/tbody/table/td/tr/tbody
Risk:
=
1.1
The security risk of the sql injection vulnerability via POST is estimated as
high(-).
1.2
The security risk of the persistent input validation vulnerabilities are
estimated as medium(+).
Credits:
Vulnerability Research Laboratory
Research Team discovered multiple SQL Injection
Vulnerabilities on Netjuke v1.0 RC1.
Report-Timeline:
2012-04-12: Public or Non-Public Disclosure
Status:
Published
Exploitation-Technique:
===
Remote
Severity:
=
High
Details
:
=
The security risk of the remote sql injection vulnerabilities are estimated as
critical.
Credits:
Vulnerability Research Laboratory - Mohd. Shadab Siddiqui
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims
formed more
secure. In 1997, Benjamin K.M. founded a non-commercial and independent
security research group called,
Global Evolution - Security Research Group which is still active today.
From 2010 to 2011, Benjamin M. and Pim C. (Research Team) identified over 300
zero day vulnerabilities
Risk:
=
The security risk of the local buffer overflow vulnerability is estimated as
high.
Credits:
Vulnerability Research Laboratory Team -Julien Ahrens (MrTuxracer)
[www.inshell.net]
Disclaimer:
===
The information provided in this advisory is provided
Title:
==
National Center EDU Research - SQL Injection Vulnerability
Date:
=
2012-04-09
References:
===
http://www.vulnerability-lab.com/get_content.php?id=415
VL-ID:
=
415
Introduction:
=
The United States Department of Education, also referred to as ED
+Categoryop=newCategory
Risk:
=
The security risk of the sql injection vulnerabilities is estimated as high(-).
Credits:
Vulnerability Research Laboratory -Chokri B.A. (Me!ster)
Disclaimer:
===
The information provided in this advisory is provided as it is without
Title:
==
National Center EDU Research - SQL Injection Vulnerability
Date:
=
2012-04-09
References:
===
http://www.vulnerability-lab.com/get_content.php?id=415
VL-ID:
=
415
Introduction:
=
The United States Department of Education, also referred to as ED
iframe src=a onload='alert(Vunerabilitylab)' = td=
Risk:
=
The security risk of the persistent vulnerability is estimated as meidum(+).
Credits:
Vulnerability Research Laboratory Team -Chokri B.A. (Me!ster)
Disclaimer:
===
The information provided in this advisory
.
Copyright ©
2012|Vulnerability-Lab
--
VULNERABILITY RESEARCH LABORATORY TEAM
Website: www.vulnerability-lab.com
Mail: resea...@vulnerability-lab.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
==
Secunia Research 09/04/2012
- RealNetworks Helix Server Credentials Disclosure Security Issue -
==
Table of Contents
Affected
==
Secunia Research 09/04/2012
- RealNetworks Helix Server SNMP Master Agent -
- Two Denial of Service Vulnerabilities
Research Laboratory Team - Benjamin Kunz Mejri (Rem0ve)
[www.vulnerability-lab.com]
Vulnerability Research Laboratory Team - Julien Ahrens (MrTuxracer)
[www.inshell.net]
(*handshake*)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty
.
Credits:
Vulnerability Research Laboratory -the_storm (the_st...@mail.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including
are estimated as medium.
1.2
The security risk of the non persistent (client side) cross site scripting
vulnerabilities are estimated as low(+).
Credits:
Vulnerability Research Laboratory Team - N/A Anonymous
Disclaimer:
===
The information provided in this advisory
onerror=alert(cross-site-scripting2) /
title=Site de l'auteur
Example : http://alain.lc.free.fr/csforum8/read.php?id=527debut=8
Risk:
=
The security risk of the client side cross site scripting vulnerability is
estimated as low.
Credits:
Vulnerability Research Laboratory - Chokri
vulnerabilities are estimated as medium(+)
because they are all located in main areas of the application.
Credits:
Vulnerability Research Laboratory Team - Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty
beschreibt detailliert die verfügbaren
Sicherheitsanwendungen, technischen
Einzelheiten und Einsatzszenarien.
(Copy of the Vendor Homepage:
https://www.astaro.com/de-de/produkte/hardware-appliance/astaro-security-gateway-625)
Abstract:
=
The vulnerability research team discovers
:
=
The security risk of the file include vulnerability is estimated as high(+).
Credits:
Vulnerability Research Laboratory -N/A Anonymous
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all
=admin2br/
/form
scriptdocument.test.submit();/script
/html
Risk:
=
1.1
The security risk of the persisten input validation vulnerability is estimated
as medium.
1.2
The security risk of the cross site request forgery vulnerability is estimated
as low.
Credits:
Vulnerability Research
vulnerabilities are estimated as medium(+)
because they are all located in main areas of the application.
Credits:
Vulnerability Research Laboratory Team - Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty
:
=
The security risk of the local buffer overflow vulnerability is estimated as
high(+).
Credits:
Vulnerability Research Laboratory -Julien Ahrens (MrTuxracer)
[www.inshell.net]
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty
:
=
The issue will be addressed by direct-admin development team with the next
update.
Risk:
=
The security risk of the client side cross site scripting vulnerability is
estimated as low.
Credits:
Vulnerability Research Laboratory - Dawid Golak (dawid.go...@gmail.com)
Disclaimer
:
Vulnerability Laboratory [Research Team] -the_storm
(the_st...@vulnerability-lab.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties
):
../createAnomaly.do
../mindex.do
../index2.do
Risk:
=
The security risk of the client side cross site scripting vulnerabilities is
estimated as low(+).
Credits:
Vulnerability Research Laboratory - N/A Anonymous
:
=
The vulnerability can be patched/fixed by parsing the vulnerable kalender id
url value request.
2012-03-31: Vendor Fix/Patch by VL Check
Risk:
=
The security risk of the remote sql injection vulnerability is estimated as
high(+).
Credits:
Vulnerability Research Laboratory - N
research team in 2011. The presentation will also provide
exclusive attack schemes from
an attackers point of view which were also used for verification of our
findings.
Buglist:
– Skype 5.3.x 2.2.x 5.2.x – Persistent Cross Site Scripting Vulnerability
– Skype 5.3.x 2.2.x 5.2.x – Persistent
Research Laboratory -the_storm
(the_st...@vulnerability-lab.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability
)
writeFile.close()
print [*] File successfully created!;
except:
print [!] Error while creating file!;
Risk:
=
The security risk of the local buffer overflow vulnerability is estimated as
high(-).
Credits:
Vulnerability Research Laboratory -Julien Ahrens
injection vulnerability is estimated as high(+).
1.2
The security risk of the critical input validation vulnerability is estimated
as medium(+).
Credits:
Vulnerability Research Laboratory -the_storm (the_st...@mail.com)
Disclaimer:
===
The information provided
:
Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability
) via hotfix
and the issue is addressed by skype.
Update to Skype v5.8.0.158
Risk:
=
The security risk of the remote denial of service vulnerability via pointer
corruption is estimated as high(-).
Credits:
Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve), Alexander
: Vendor Fix/Patch
Risk:
=
The security risk of the remote sql injection vulnerabilities are estimated as
critical.
Credits:
Vulnerability Research Laboratory - Mohd. Shadab Siddiqui (gr4yf0x)
Disclaimer:
===
The information provided in this advisory is provided
Title:
==
Microsoft Bing - Editor Flash Component Vulnerability
Date:
=
2012-03-15
References:
===
http://www.vulnerability-lab.com/get_content.php?id=449
MSRC ID#1: 12173
MSRC ID#2: 12227
Credits: http://technet.microsoft.com/en-us/security/cc308589
VL-ID:
=
449
...
PoC:
http://www.jpmalloy.com/blog/index.php?page2=-1%27cid=0
Risk:
=
The security risk of the SQL Injection Vulnerability is estimated as high(+).
Credits:
Vulnerability Research Laboratory -the_storm
Disclaimer:
===
The information provided in this advisory
WCE v1.3beta 32bit released.
Download link: http://www.ampliasecurity.com/research/wce_v1_3beta.tgz
Changelog:
version 1.3beta:
March 8, 2012
* Bug fixes
* Extended support to obtain NTLM hashes without code injection
* Added feature to dump login cleartext passwords stored by the Digest
information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote
to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote
to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote
to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote
access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability
to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote
information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well asexclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote
to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well asexclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability
date
2012-02-10 TSL acknowledges update
2012-02-14 Vendor releases advisory and patch
2012-02-14 Published TSL advisory
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
Vendor:
http
==
Secunia Research 11/01/2012
- NTR ActiveX Control Four Buffer Overflow Vulnerabilities -
==
Table of Contents
Affected Software
==
Secunia Research 11/01/2012
- NTR ActiveX Control StopModule() Input Validation Vulnerability -
==
Table of Contents
Affected
==
Secunia Research 12/12/2011
- Winamp AVI Processing Two Integer Overflow Vulnerabilities -
==
Table of Contents
Affected
==
Secunia Research 13/12/2011
- Sterling Trader Data Processing Buffer Overflow Vulnerability -
==
Table of Contents
Affected
==
Secunia Research 17/11/2011
- DVR Remote ActiveX Control DVRobot Library Loading Vulnerability -
==
Table of Contents
Affected
==
Secunia Research 07/10/2011
- Autonomy Keyview Ichitaro QLST Integer Overflow Vulnerability -
==
Table of Contents
Affected
==
Secunia Research 07/10/2011
- Autonomy Keyview Ichitaro Text Parsing Buffer Overflow -
==
Table of Contents
Affected Software
==
Secunia Research 07/10/2011
- Autonomy Keyview -
- Ichitaro Object Reconstruction Logic Vulnerability
==
Secunia Research 05/10/2011
- Cyrus IMAPd NTTP Authentication Bypass Vulnerability -
==
Table of Contents
Affected Software
==
Secunia Research 27/09/2011
- Novell GroupWise Internet Agent TZNAME Parsing Vulnerability -
==
Table of Contents
Affected
==
Secunia Research 27/09/2011
- Novell GroupWise Internet Agent HTTP Interface Buffer Overflow -
==
Table of Contents
Affected
to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well asexclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, an internal
information to SAP.
* 2011-01-25: SAP confirms reception of vulnerability submission.
* 2011-06-14: SAP releases SAP Note 1553930 fixing the vulnerability.
* 2011-09-14: Onapsis releases security advisory.
About Onapsis Research Labs
===
Onapsis
information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well asexclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
===
By exploiting this vulnerability, an internal
==
Secunia Research 01/09/2011
- InduSoft ISSymbol ActiveX Control Buffer Overflows -
==
Table of Contents
Affected Software
Dear colleague,
We are happy to announce the fourth issue of the Onapsis SAP Security In-Depth
publication.
Onapsis' SAP Security In-Depth is a free technical publication leaded by the
Onapsis Research Labs with the purpose of providing specialized
information about the current and future
===ADVISORY===
Advisory: Securstar - DriveCrypt - Local Kernel
Denial of Service/Memory Disclosure/Privilege Escalation
Advisory ID: DSEC-2011-0001
Author:Neil Kettle, Digit Security Ltd
Affected
PR10-11: Multiple XSS injection vulnerabilities and a offsite
redirection flaw within HP System Management Homepage (Insight Manager)
Vulnerability found: 6th June 2010
Date Published 20th May 2011
Severity: Medium
Description:
XSS vulnerabilities have been found within HP System Management;
PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web
Conferencing)
Vulnerability found: 21st July 2010
Vendor informed: 26th July 2010
Vulnerability fixed:
Severity: High
Description:
Mitel Audio and Web Conferencing (AWC) are a simple, cost-effective and
scalable audio and
PR10-17: Various XSS and information disclosure flaws within KeyFax
response management system
http://www.omfax.co.uk
Vulnerability found: 25th August 2010
Vendor informed:
Vulnerability fixed:
Severity: Medium/High
Description:
KeyFax response management system provides professional
PR10-13: Multiple XSS and Authentication flaws within BMC Remedy
Knowledge Management
Vulnerability found: 17th July 2010
Vendor informed:
Vulnerability fixed:
Severity: High
Description:
BMC Remedy Knowledge Management provides service desk analysts with a
knowledge base of easy-to-find
advisories, presentations and new
research projects from the Onapsis Research Labs, as well as exclusive access
to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, an internal or external attacker would
advisories, presentations and new
research projects from the Onapsis Research Labs, as well as exclusive access
to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, an internal or external attacker would
, presentations and new
research projects from the Onapsis Research Labs, as well as exclusive access
to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, an internal or external attacker would be
able to obtain sensitive
, presentations and new
research projects from the Onapsis Research Labs, as well as exclusive access
to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, an unauthenticated attacker would be able to
remotely
, presentations and new
research projects from the Onapsis Research Labs, as well as exclusive access
to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, an unauthenticated attacker would be able to
remotely shutdown
advisories, presentations and new
research projects from the Onapsis Research Labs, as well as exclusive access
to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote unauthenticated attacker might
advisories, presentations and new
research projects from the Onapsis Research Labs, as well as exclusive access
to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote unauthenticated attacker would be
able
, presentations and new
research projects from the Onapsis Research Labs, as well asexclusive access to
special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote unauthenticated attacker might be
able to access
, presentations and new
research projects from the Onapsis Research Labs, as well as exclusive access
to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, a remote unauthenticated might be able to
connect
advisories, presentations and new
research projects from the Onapsis Research Labs, as well as exclusive access
to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability, an unauthenticated attacker would be able
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-08
PR10-08: Various XSS and information disclosure flaws within Adobe
ColdFusion administration console
Vulnerability found: 17th April 2010
Vendor informed: 19th April 2010
Vulnerability fixed: 8th February 2011
Severity:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear colleague,
We are happy to announce the third issue of the Onapsis SAP Security In-Depth
publication.
Onapsis' SAP Security In-Depth is a free technical publication leaded by the
Onapsis Research Labs with the purpose of providing specialized
:CVE-2011-0063
Found Date: 03.02.2011
Date Reported: 03.02.2011
Release Date: 19.02.2011
Author: Nikolas Sotiriu
Mail: nso-research at sotiriu.de
Website:http://sotiriu.de/
Twitter
===ADVISORY===
Advisory: Data Encryption Systems - DESLock+ - Local Kernel
Code Execution/Denial of Service
Advisory ID: DSEC-2011-0002
Author:Neil Kettle, Digit Security Ltd
Affected Software:
7. Disclosure Timeline
2009-07-31 Reported to the vendor
2009-08-03 Vendor response
2011-01-26 Coordinated public disclosure
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0110
Vendor:
http://www.symantec.com/business
-01-25 Vendor released patches and advisory
2011-01-26 Published TSL advisory
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: Not available
Vendor: http://www.novell.com/support/viewContent.do?externalId=7007663
http://telussecuritylabs.com
Coordinated public disclosure
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0111
Vendor:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisorypvid=security_advisoryyear=2011suid=20110126_01
access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
By exploiting this vulnerability
to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive
access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=
Abusing this functionality, a remote
===ADVISORY===
Advisory: Silicon Graphics Inc (SGI) - IRIX - Local Kernel
Memory Disclosure/Denial of Service
Advisory ID: DSEC-2010-0001
Author:Neil Kettle, Digit Security Ltd
Affected Software:
==
Secunia Research 23/12/2010
- Microsoft Word LFO Parsing Double-Free Vulnerability -
==
Table of Contents
Affected Software
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-14
PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel
Audio and Web Conferencing)
Advisory publicly released: Tuesday, 21 December 2010
Vulnerability found: Wednesday, 21 July 2010
Vendor informed: Monday, 26
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04
PR10-04 Directory traversal limited to file validation within Viva
thumbs WordPress add-on
Advisory publicly released: Tuesday, 21 December 2010
Vulnerability found: Thursday, 4 February 2010
Vendor informed: Monday, 8
==
Secunia Research 14/12/2010
- SAP Crystal Reports Print ActiveX Control Buffer Overflow -
==
Table of Contents
Affected Software
==
Secunia Research 10/12/2010
- RealPlayer AAC Spectral Data Parsing Vulnerability -
==
Table of Contents
Affected Software
==
Secunia Research 10/12/2010
- RealPlayer cook Arbitrary Free Vulnerability -
==
Table of Contents
Affected Software
101 - 200 of 668 matches
Mail list logo