SEC Consult Vulnerability Lab Security Advisory < 20140307-0 >
===
title: Unauthenticated access & manipulation of settings
product: Huawei E5331 MiFi mobile hotspot
vulnerable version: Softwa
SEC Consult Vulnerability Lab Security Advisory < 20140228-1 >
===
title: Authentication bypass (SSRF) and local file disclosure
product: Plex Media Server
vulnerable version: <=0.9.9.2.37
SEC Consult Vulnerability Lab Security Advisory < 20140228-0 >
===
title: Privilege escalation vulnerability
product: MICROSENS Profi Line Modular Industrial Switch Web
M
SEC Consult Vulnerability Lab Security Advisory < 20140227-0 >
===
title: Local Buffer Overflow vulnerability
product: SAS for Windows (Statistical Analysis System)
vulnerable version: SAS 9.2, 9
SEC Consult Vulnerability Lab Security Advisory < 20140218-0 >
===
title: Multiple critical vulnerabilities
product: Symantec Endpoint Protection
vulnerable version: 11.0, 12.0, 12.1
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20140122-0 >
===
title: Multiple critical vulnerabilities
product: T-Mobile HOME NET Router LTE / Huawei B593u-12
vulnerable version: V100R001C54SP
SEC Consult Vulnerability Lab Security Advisory < 20131227-0 >
===
title: XPath Injection
product: IBM Web Content Manager (WCM)
vulnerable version: 6.x, 7.x, 8.x
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20131004-0 >
===
title: SQL injection vulnerability
product: Zabbix
vulnerable version: <=2.0.8
fixed version: 2.0.9rc1
CVE nu
SEC Consult Vulnerability Lab Security Advisory < 20131003-0 >
===
title: nsconfigd NSRPC_REMOTECMD Denial of service vulnerability
product: Citrix NetScaler
vulnerable version: NetScaler 10.0
SEC Consult Vulnerability Lab Security Advisory < 20130904-0 >
===
title: Undocumented password reset and admin takeover &
Cross-Site Scripting vulnerabilities
product:
SEC Consult Vulnerability Lab Security Advisory < 20130805-0 >
===
title: Vodafone EasyBox Default WPS PIN Algorithm Weakness
product: EasyBox 802 & EasyBox 803
vulnerable version: EasyBox
SEC Consult Vulnerability Lab Security Advisory < 20130726-0 >
===
title: Multiple vulnerabilities - Surveillance via Symantec Web
Gateway
product: Symantec Web Gateway
vuln
SEC Consult Vulnerability Lab Security Advisory < 20130719-0 >
===
title: Multiple vulnerabilities
product: Sybase EAServer
vulnerable version: <=6.3.1
fixed version: vendor did not suppl
SEC Consult Vulnerability Lab Security Advisory < 20130709-0 >
===
title: Denial of service vulnerability
product: Apache CXF
vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4
SEC Consult Vulnerability Lab Security Advisory < 20130625-0 >
===
title: Multiple vulnerabilities in IceWarp Mail Server
product: IceWarp Mail Server
vulnerable version: <=10.4.5
fixe
SEC Consult Vulnerability Lab Security Advisory < 20130614-0 >
===
title: Multiple vulnerabilities in Siemens OpenScape Branch
and OpenScape Session Border Controller
product: S
SEC Consult Vulnerability Lab Security Advisory < 20130605-0 >
===
title: Multiple vulnerabilities in CTERA Portal
product: CTERA Portal
vulnerable version: 3.1
fixed versio
SEC Consult Vulnerability Lab released a new whitepaper titled:
Blackberry Z10 Research Primer - "Dissecting Blackberry 10 - An
initial analysis"
Abstract:
-
In 2013, Blackberry has presented a brand new operating system which
significantly differs from others presen
SEC Consult Vulnerability Lab Security Advisory < 20130523-0 >
===
title: JavaScript Execution in WebSphere DataPower Services
product: IBM WebSphere DataPower Integration Appliance XI50
vuln
SEC Consult Vulnerability Lab Security Advisory < 20130507-0 >
===
title: Multiple vulnerabilities
product: NetApp OnCommand System Manager
vulnerable version: <= 2.1 and <=2.0.2
fixed
Dear list,
it's seems we've had a mix-up at the CVE number, the correct CVE number
for this issue is:
CVE-2013-2416 (S0319764)
SEC Consult Vulnerability Lab
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-
SEC Consult Vulnerability Lab Security Advisory < 20130417-2 >
===
title: HTTP header injection/Cache poisoning in Oracle WebCenter
Sites Satellite Server
product: Oracle Web
SEC Consult Vulnerability Lab Security Advisory < 20130417-1 >
===
title: Java ActiveX Control Memory Corruption
product: Java(TM) Web Start Launcher
vulnerable version: Sun Java Version 7 Update
SEC Consult Vulnerability Lab Security Advisory < 20130417-0 >
===
title: Multiple vulnerabilities in Sosci Survey
product: Sosci Survey
vulnerable version: <2.3.04a
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20130408-0 >
===
title: Nitro Pro 8 - Insecure Library Loading Allows Remote Code
Execution (DLL Hijacking)
product: Nit
SEC Consult Vulnerability Lab Security Advisory < 20130404-0 >
===
title: Multiple Vulnerabilities
product: Censornet Professional v4 (2.1.7)
vulnerable version: 2.1.7
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20130403-0 >
===
title: Multiple vulnerabilities
product: Sophos Web Protection Appliance
vulnerable version: <= 3.7.8.1
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20130313-0 >
===
title: QlikView Desktop Client Integer Overflow
product: QlikView Desktop Client
vulnerable version: 11.00 SR2
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20130311-0 >
===
title: Persistent cross-site scripting vulnerability
product: jforum
vulnerable version: 2.1.9
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20130308-1 >
===
title: Multiple high risk vulnerabilities (part 2)
product: GroundWork Monitor Enterprise
vulnerable version: 6.7.0
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20130308-0 >
===
title: Multiple critical vulnerabilities (part 1)
product: GroundWork Monitor Enterprise
vulnerable version: 6.7.0
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20130124-1 >
===
title: Unauthenticated setting of Java System Properties
authentication bypass
product: Barracuda S
SEC Consult Vulnerability Lab Security Advisory < 20130124-0 >
===
title: Critical SSH Backdoor in multiple Barracuda Networks
Products
vulnerable products: Barracuda Spam and Virus Fi
SEC Consult Vulnerability Lab Security Advisory < 20130122-1 >
===
title: SQL Injection
product: F5 BIG-IP
vulnerable version: <=11.2.0
fixed version: 11.2.0 HF3
1
SEC Consult Vulnerability Lab Security Advisory < 20130122-0 >
===
title: XML External Entity Injection (XXE)
product: F5 BIG-IP
vulnerable version: <=11.2.0
fixed version: 1
SEC Consult Vulnerability Lab Security Advisory < 20121220-0 >
===
title: Multiple Vulnerabilities in ELBA5
product: ELBA 5
vulnerable version: 5.5.0 R6 build 0796
fixed version: 5.
SEC Consult Vulnerability Lab Security Advisory < 20121203-0 >
===
title: Unauthenticated local file inclusion
product: F5 FirePass SSL VPN
vulnerable version: <= 7.0.0 HF-70-6
fixe
SEC Consult Vulnerability Lab Security Advisory < 20121115-0 >
==
title: Applicure dotDefender WAF format string vulnerability
product: dotDefender for Linux/Apache
vulnerable version: &
SEC Consult, an international leader in application security services and
consultancy, and Capgemini, one of the world's foremost providers of
consulting, technology and outsourcing services, released the first
international study on security of 3rd party Core Banking Packages.
The study summariz
SEC Consult Vulnerability Lab Security Advisory < 20121017-2 >
===
title: Multiple vulnerabilities in Oracle WebCenter Sites
product: Oracle WebCenter Sites (former FatWire Content Server)
vuln
SEC Consult Vulnerability Lab Security Advisory < 20121017-1 >
===
title: SQL Injection
product: Unirgy uStoreLocator - Magento extension
vulnerable version: <=2.0.0
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20121017-0 >
===
title: ModSecurity multipart/invalid part ruleset bypass
product: ModSecurity
vulnerable version: <= 2.6.8
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20120829-0 >
===
title: Support Backdoor
product: Symantec Messaging Gateway
vulnerable version: 9.5.x
fixed version: 10.0
CVE numbe
SEC Consult Vulnerability Lab Security Advisory < 20120712-0 >
===
title: Local file disclosure via XXE injection
product: Magento eCommerce Platform
Enterprise & Communi
SEC Consult Vulnerability Lab Security Advisory < 20120626-0 >
===
title: Local file disclosure via XXE injection
product: Zend Framework
vulnerable version: 1.11.11
1.12
SEC Consult Vulnerability Lab Security Advisory < 20120618-1 >
===
title: Airlock WAF overlong UTF-8 sequence bypass
product: Airlock
vulnerable version: <= 4.2.4 (without hotfix HF4213)
SEC Consult Vulnerability Lab Security Advisory < 20120618-0 >
===
title: WD ShareSpace WEB GUI Sensitive Data Disclosure
product: WD ShareSpace network storage system
vulnerable version: WD Shar
SEC Consult Vulnerability Lab Security Advisory < 20120518-0 >
===
title: libwpd WPXContentListener::_closeTableRow() memory
overwrite
product: OpenOffice.org
vulnerable v
SEC Consult Vulnerability Lab released a new whitepaper titled:
"The Source Is A Lie"
Abstract:
-
Backdoors have always been a concern of the security community. In
recent years the idea of not trusting the developer has gained momentum
and manifested itself in various forms
SEC Consult Vulnerability Lab Security Advisory < 20120328-1 >
===
title: Microsoft ASP.NET Forms Authentication Bypass
product: Microsoft .NET Framework
vulnerable version: Microsoft .NET Fra
SEC Consult Vulnerability Lab Security Advisory < 20120328-0 >
===
title: Unauthenticated remote root through SQL injection
product: F5 FirePass SSL VPN
vulnerable version: 6.0.0 - 6.1.0,
SEC Consult Vulnerability Lab Security Advisory < 20120220-1 >
===
title: Multiple Vulnerabilities in ELBA5
product: ELBA 5
vulnerable version: ELBA 5.4.1
5.5.0 R4 buil
SEC Consult Vulnerability Lab Security Advisory < 20120220-0 >
===
title: Multiple critical vulnerabilities
product: VOXTRONIC voxlog professional - voice recording
so
SEC Consult Vulnerability Lab Security Advisory < 20120104-0 >
===
title: Multiple critical vulnerabilities in Apache Struts2
product: Apache Struts2
* OpenSymphony
SEC Consult Vulnerability Lab Security Advisory < 20111230-0 >
===
title: Microsoft ASP.NET Forms Authentication Bypass
product: Microsoft .NET Framework
vulnerable version: Microsoft .NET Fra
SEC Consult Vulnerability Lab Security Advisory < 20111219-1 >
===
title: Multiple vulnerabilities in WhatsApp
product: WhatsApp (tested on Android client)
fixed version: -
SEC Consult Vulnerability Lab Security Advisory < 20111219-0 >
===
title: Client-side remote arbitrary file upload
product: SecCommerce SecSigner Java Applet
vulnerable version: 3.5.0 < build 2
SEC Consult Vulnerability Lab Security Advisory < 20111012-0 >
===
title: Client-side remote file upload & command execution
product: Microsoft Forefront Unified Access Gate
SEC Consult Vulnerability Lab Security Advisory < 20110810-0 >
===
title: Client-side remote file upload & command execution
product: Check Point SSL VPN On-Demand applicatio
SEC Consult Vulnerability Lab Security Advisory < 20110701-0 >
===
title: Multiple SQL Injection Vulnerabilities
product: WordPress
vulnerable version: 3.1.3/3.2-RC1 and probably earlier ve
SEC Consult Vulnerability Lab Security Advisory < 20110407-0 >
===
title: Libmodplug ReadS3M Stack Overflow
product: Libmodplug library
vulnerable version: 0.8.8.1
fixed version: 0
61 matches
Mail list logo