|
|
Colapse all |
Post message
SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection 2012-10-14 YGN Ethical Hacker Group (lists yehg net) [CVE-2012-4750] Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability 2012-10-13 lorenzo cantoni86 gmail com [Title]: Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability [Description]: EzServer is a software for audio and video streaming adopted by various companies worldwide. Version 7.0 is affected by a remote heap corruption vulnerability. Version 6.x is not affected by this issue, as does no [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2012-285-01) 2012-10-11 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2012-285-01) New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2012-285-02) 2012-10-11 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2012-285-02) New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------- [ more ] [ reply ] Last reminder for ClubHack 2012 : Call for Papers 2012-10-11 abhijeet clubhack com Hello Everyone, This is a Last Reminder for ClubHack 2012 Call for Papers. CFP closes on 15th Oct, 2012. Send in you submission as soon as possible. Call For Participation ========================== See http://clubhack.com/2012 for details In 2012, as ClubHack is focusing toward innovation & lea [ more ] [ reply ] Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB 2012-10-11 roberto greyhats it Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB ======================================================================== ====== [ADVISORY INFORMATION] Title: Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB Discovery date: 1 [ more ] [ reply ] [slackware-security] bind (SSA:2012-284-01) 2012-10-11 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2012-284-01) New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +-------------------------- [ more ] [ reply ] FileBound - Privilege Escalation Vulnerability - Security Advisory - SOS-12-010 2012-10-10 Lists (lists senseofsecurity com) VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates 2012-10-10 VMware Security Response Center (security vmware com) ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities 2012-10-10 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities. EMC Identifier: ESA-2012-025 CVE Identifier: CVE-2012-2284,CVE-2012-2290 Severity Rating: See below for individual severity scores EMC Identifie [ more ] [ reply ] vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities 2012-10-10 Vulnerability Lab (research vulnerability-lab com) Title: ====== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities Date: ===== 2012-10-09 References: =========== http://www.vulnerability-lab.com/get_content.php?id=721 VL-ID: ===== 721 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ====== [ more ] [ reply ] Omnistar Document Manager v8.0 - Multiple Vulnerabilities 2012-10-10 Vulnerability Lab (research vulnerability-lab com) Title: ====== Omnistar Document Manager v8.0 - Multiple Vulnerabilities Date: ===== 2012-10-03 References: =========== http://www.vulnerability-lab.com/get_content.php?id=712 VL-ID: ===== 712 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ====== [ more ] [ reply ] Microsoft Office Excel ReadAV Arbitrary Code Execution 2012-10-10 pereira secbiz de #!/usr/bin/perl # Microsoft Office Excel ReadAV Arbitrary Code Execution # Author: Jean Pascal Pereira <pereira (at) secbiz (dot) de [email concealed]> # Vendor URI: http://office.microsoft.com # Vendor Description: # Microsoft Excel is a commercial spreadsheet application written and distributed by Microsoft for Micros [ more ] [ reply ] VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution (Update) 2012-10-10 pereira secbiz de #!/usr/bin/perl # VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution # Author: Jean Pascal Pereira <pereira (at) secbiz (dot) de [email concealed]> # Vendor URI: http://www.videolan.org/vlc/ # Vendor Description: # VLC is a free and open source cross-platform multimedia player # and framework that plays most multimedia [ more ] [ reply ] [CVE-2012-4501] CloudStack configuration vulnerability 2012-10-10 John Kinsella (jlk thrashyour com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2012-4501: Apache CloudStack configuration vulnerability Severity: Critical Vendors: The Apache Software Foundation Citrix, Inc. Versions Affected: As no official releases have been made, this does not affect any official Apache CloudStack rele [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format Player 2012-10-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player Advisory ID: cisco-sa-20121010-webex Revision 1.0 For Public Release 2012 October 10 16:00 UTC (GMT) - ---------------------------------------------------------------------- Summ [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module 2012-10-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco Firewall Services Module Advisory ID: cisco-sa-20121010-fwsm Revision 1.0 For Public Release 2012 October 10 16:00 UTC (GMT) - ---------------------------------------------------------------------- Summary ====== [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module 2012-10-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Advisory ID: cisco-sa-20121010-asa Revision 1.0 For Public Release 2012 October 10 16:00 UTC (GMT) - ---------------- [ more ] [ reply ] Multiple vulnerabilities in OpenX 2012-10-10 advisory htbridge com Advisory ID: HTB23116 Product: OpenX Vendor: OpenX Vulnerable Version(s): 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: September 19, 2012 Public Disclosure: October 10, 2012 Vulnerability Type: Cross-Site Scripting [CWE-79], SQL Injection [CWE-89] CVE References: CVE-2012- [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2012-283-01) 2012-10-10 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2012-283-01) New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ p [ more ] [ reply ] Key Systems Electronic Key Lockers command injection and weak authentication vulnerabilities 2012-10-08 Travis Lee (eelsivart gmail com) OVERVIEW Key Systems Electronic Key Lockers contain a command injection vulnerability which may allow a remote unauthenticated attacker to inject commands into the electronic key locker. Key Systems Electronic Key Lockers also contains weak authentication which could allow an attacker administrative [ more ] [ reply ] FastStone Image Viewer 4.6 <= ReadAVonIP Arbitrary Code Execution 2012-10-05 pereira secbiz de #!/usr/bin/perl # FastStone Image Viewer 4.6 <= ReadAVonIP Arbitrary Code Execution # Author: Jean Pascal Pereira <pereira (at) secbiz (dot) de [email concealed]> # Vendor URI: http://www.faststone.org # Vendor Description: # An image browser, converter and editor that supports all major graphic formats including BMP, J [ more ] [ reply ] |
|
Privacy Statement |
SilverStripe 2.4.7 and lower versions are vulnerable to Open URL Redirection.
2. BACKGROUND
SilverStripe CMS is easy for both developers and content authors to
work with. The SilverStripe Framework keeps the code tucked away
neatly so that it can be accessed easily by programmers but
[ more ] [ reply ]