Barracuda LB, SVF, WAF WEF - Multiple Vulnerabilities

2013-07-22 Thread Vulnerability Lab
Title: == Barracuda LB, SVF, WAF WEF - Multiple Vulnerabilities Date: = 2013-07-18 References: === http://www.vulnerability-lab.com/get_content.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty Program. VL-ID: = 727 Common Vulnerability

Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability

2013-07-22 Thread Vulnerability Lab
Title: == Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability Date: = 2013-07-20 References: === http://vulnerability-lab.com/get_content.php?id=775 BARRACUDA NETWORK SECURITY ID: BNSEC-723 VL-ID: = 775 Common Vulnerability Scoring System:

Re: [Full-disclosure] [SE-2012-01] New Reflection API affected by a known 10+ years old attack

2013-07-22 Thread Jeffrey Walton
On Thu, Jul 18, 2013 at 12:50 AM, Security Explorations cont...@security-explorations.com wrote: Hello All, We discovered yet another indication that new Reflection API introduced into Java SE 7 was not a subject to a thorough security review (if any). I'm kind or surpised some of these bugs

Samsung TV - DoS vulnerability

2013-07-22 Thread malik
Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com Type: Denial of Service (DoS) attack Description: DoS vulnerability on some Samsung TVs The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request Tested successfully on my Samsung PS50C7700 plasma

DirectShow Arbitrary Memory Overwrite Vulnerability ms13-056

2013-07-22 Thread Andres Gomez Ramirez
Introduction: The Microsoft DirectShow application programming interface (API) is a media-streaming architecture for Microsoft Windows. Using DirectShow, your applications can perform high-quality video and audio playback or capture. Overview: DirectShow in Microsoft Windows XP SP2 and SP3,

Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability

2013-07-22 Thread Vulnerability Lab
Title: == Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability Date: = 2013-07-20 References: === http://vulnerability-lab.com/get_content.php?id=775 BARRACUDA NETWORK SECURITY ID: BNSEC-723 VL-ID: = 775 Common Vulnerability Scoring System:

Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials

2013-07-22 Thread kyle Lovett
Vulnerable Products - WD My Net N600 HD Dual Band Router Wireless N WiFi Router Accelerate HD WD My Net N750 HD Dual Band Router Wireless N WiFi Router Accelerate HD Linux 2.6.3 Kernel Firmware Ver. 1.03.xx 1.04.xx Firmware unaffected Ver 1.01.xx WD My Net N900 HD Dual Band Router Wireless N WiFi

Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities

2013-07-22 Thread Vulnerability Lab
Title: == Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities Date: = 2013-07-22 References: === http://www.vulnerability-lab.com/get_content.php?id=832 VL-ID: = 832 Common Vulnerability Scoring System: 7.5 Introduction:

Juniper Secure Access XSS Vulnerability

2013-07-22 Thread Anil Pazvant
--- | Juniper Secure Access XSS Vulnerability| Summary === Juniper Secure Access software has reflected XSS vulnerability