SecurityFocus

[ MDVSA-2013:072 ] dnsmasq 2013-04-08
security mandriva com

[ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9 2013-04-06
ISecAuditors Security Advisories (advisories isecauditors com)

=============================================
INTERNET SECURITY AUDITORS ALERT 2013-012
- Original release date: March 19th, 2013
- Last revised: April 6th, 2013
- Discovered by: Manuel Garcia Cardenas
- Severity: 5/10 (CVSS Base Score)
- CVE-ID: CVE-2013-2631
======================================

[ more ] [ reply ]

[CVE-REQUEST] Multiple CSRF vulnerabilities on Foscam IP cameras web UI 2013-04-08
shekyan gmail com

Embedded Web interface version 2.4.10.3 and older of Foscam FI8910W, FI8908W and many others is vulnerable to CSRF attacks.
This allows attacker to perform calls to any CGI API using cached basic server authentication data stored in victims browser.
Details:
For example, the following URL requeste

[ more ] [ reply ]

[CVE-2012-5389] Null Pointer Derefence in Dart Webserver <= 1.9.2 2013-04-08
Ken (catatonicprime gmail com)

Overview
===============
DartWebserver.Dll is an HTTP server provided by Dart Comunications
(dart.com). It is distributed in their PowerTCP/Webserver For ActiveX
product and likely other similar products.

"Build web applications in any familiar software development
environment. Use WebServer for Ac

[ more ] [ reply ]

[ MDVSA-2013:071 ] dbus-glib 2013-04-08
security mandriva com

[ MDVSA-2013:070 ] dbus 2013-04-08
security mandriva com

[ MDVSA-2013:069 ] cups-pk-helper 2013-04-08
security mandriva com

[ MDVSA-2013:068 ] courier-authlib 2013-04-08
security mandriva com

[ MDVSA-2013:067 ] couchdb 2013-04-08
security mandriva com

[ MDVSA-2013:066 ] bugzilla 2013-04-08
security mandriva com

[ MDVSA-2013:065 ] boost 2013-04-08
security mandriva com

[ MDVSA-2013:064 ] bogofilter 2013-04-08
security mandriva com

[ MDVSA-2013:063 ] bip 2013-04-08
security mandriva com

[ MDVSA-2013:062 ] backuppc 2013-04-08
security mandriva com

[ MDVSA-2013:061 ] awstats 2013-04-08
security mandriva com

[ MDVSA-2013:060 ] accountsservice 2013-04-08
security mandriva com

[ MDVSA-2013:059 ] dhcp 2013-04-08
security mandriva com

[ MDVSA-2013:058 ] bind 2013-04-08
security mandriva com

[ MDVSA-2013:057 ] xinetd 2013-04-08
security mandriva com

Multiple Vulnerabilities in D-Link devices 2013-04-05
devnull s3cur1ty de

Device Name: DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110
Vendor: D-Link

============ Vulnerable Firmware Releases: ============

DIR-815 v1.03b02 (unauthenticated command injection)
DIR-645 v1.02 (unauthenticated command injection)
DIR-645 v1.03 (authenticated command

[ more ] [ reply ]

Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable 2013-04-05
mschratt mfs-enterprise com

Product Name:

Vanilla Forums

Vulnerable Version:

Up to vanilla-core-2-0-18-4

Tested on:

Windows Server 2003
Apache 2.4.3
PHP 5.4.7
MySQL 5.5.27

Vulnerability Overview:

SQL-Injection is possible, because$_POST arrays are not proper
sanitized.
You do not need to be authenticated.

Vulnerabilit

[ more ] [ reply ]

[ MDVSA-2013:055 ] wireshark 2013-04-05
security mandriva com

[ MDVSA-2013:054 ] sudo 2013-04-05
security mandriva com

[ MDVSA-2013:053 ] proftpd 2013-04-05
security mandriva com

[ MDVSA-2013:052 ] openssl 2013-04-05
security mandriva com

[ MDVSA-2013:051 ] openssh 2013-04-05
security mandriva com

[ MDVSA-2013:050 ] nss 2013-04-05
security mandriva com

[ MDVSA-2013:056 ] libxml2 2013-04-08
security mandriva com

[ MDVSA-2013:049 ] net-snmp 2013-04-05
security mandriva com

[ MDVSA-2013:048 ] ncpfs 2013-04-05
security mandriva com