|
|
Prev week |
Colapse all |
Post message
ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability 2011-07-27 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability 2011-07-27 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-242 July 27, 2011 -- CVE ID: CVE-2011-0255 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Apple -- Affected Products: Apple Safari [ more ] [ reply ] ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability 2011-07-27 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-241 July 27, 2011 -- CVE ID: CVE-2011-0254 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: WebKit -- Affected Products: WebKit -- TippingPo [ more ] [ reply ] ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability 2011-07-27 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-240 July 27, 2011 -- CVE ID: CVE-2011-1453 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint [ more ] [ reply ] ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability 2011-07-27 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-239 July 27, 2011 -- CVE ID: CVE-2011-0233 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- Vuln [ more ] [ reply ] Redirection vulnerability in MBoard 2011-07-27 advisory htbridge ch Vulnerability ID: HTB23029 Reference: http://www.htbridge.ch/advisory/redirection_vulnerability_in_mboard.html Product: MBoard Vendor: PHPJunkyar ( http://www.phpjunkyard.com ) Vulnerable Version: 1.3 and probably prior Tested on: 1.3 Vendor Notification: 06 July 2011 Vulnerability Type: Redirecti [ more ] [ reply ] Multiple XSS in GBook PHP guestbook 2011-07-27 advisory htbridge ch Vulnerability ID: HTB23028 Reference: http://www.htbridge.ch/advisory/multiple_xss_in_gbook_php_guestbook.html Product: GBook PHP guestbook Vendor: PHPJunkyar ( http://www.phpjunkyard.com ) Vulnerable Version: 1.7 and probably prior Tested on: 1.7 Vendor Notification: 06 July 2011 Vulnerability Ty [ more ] [ reply ] Chrome Web Solutions (details.php?cat_id) (listing_more.php?id) Remote SQL injection Vulnerability 2011-07-27 ehsan_hp200 hotmail com Solutiontech (product.php?cat_id) Remote SQL injection Vulnerability 2011-07-27 ehsan_hp200 hotmail com iCube Lab (product_details.php?cat_id) Remote SQL injection Vulnerability 2011-07-27 ehsan_hp200 hotmail com G2webCMS (products.php?cat_id) (member-profile.php?profile) Remote SQL injection Vulnerability 2011-07-27 ehsan_hp200 hotmail com SA500 vulnerabilities - details 2011-07-27 michal sajdak securitum pl Hi Advisory by Cisco was published a few days ago (Bugtraq ID: 48810). Now more details: 1. Unathenticated access to web management (any user - including admin). Due to blind SQLi in the login form of web management (port 443, https, login field, embedded sqlite DB), there is possible to obtain: [ more ] [ reply ] Agent Image (news_details.php?news_ID) Remote SQL injection Vulnerability 2011-07-27 ehsan_hp200 hotmail com ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability 2011-07-26 Security_Alert emc com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability. EMC Identifier: ESA-2011-021 CVE Identifier: CVE-2011-1742 Severity Rating: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Affected products: [ more ] [ reply ] [Tool] DoS for OpenSLP (and others) 2011-07-26 Nicolas Grégoire (nicolas gregoire agarri fr) Hello ! SLP (Service Location Protocol) is defined by RFC 2165 and RFC 2608. OpenSLP (the reference implementation) and others SLP softwares (like mSLP) are vulnerable to a denial of service vulnerability (CVE-2010-3609 aka CERT VU#393783). The affected softwares include VMware ESX and ESXi, Novell [ more ] [ reply ] Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials 2011-07-26 Williams, James K (James Williams ca com) Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials CA Technologies is aware of ARCserve D2D vulnerability and exploit details that were posted to BugTraq on 2011-07-26. We're currently reviewing the information and will post an update after we have completed our initial investigat [ more ] [ reply ] Hacking IPv6 Networks (slides) 2011-07-26 Fernando Gont (fgont hackingipv6networks com) Folks, We've uploaded the slides used during part of our training "Hacking IPv6 Networks" at the Hack in Paris 2011 Conference. The slides are available at: http://www.hackingipv6networks.com/past-trainings They contain quite a few insights about IPv6 security, along with a number of practical exa [ more ] [ reply ] [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker 2011-07-26 noreply ptsecurity ru ---------------------------------------------------------------------- (PT-2011-25) Positive Technologies Security Advisory SQL injection vulnerabilities in Support Incident Tracker ---------------------------------------------------------------------- ---[ Vulnerable software ] SiT! [ more ] [ reply ] [PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1 2011-07-26 noreply ptsecurity ru ---------------------------------------------------------------------- (PT-2011-08) Positive Technologies Security Advisory Multiple vulnerabilities in Dlink DPH 150SE/E/F1 ---------------------------------------------------------------------- ---[ Vulnerable platform ] Dlink DPH 1 [ more ] [ reply ] Lava (news_item.php?id) (album.php?id) (basket.php?baction) Remote SQL injection Vulnerability 2011-07-26 ehsan_hp200 hotmail com Precision (products.php?cat_id) Remote SQL injection Vulnerability 2011-07-26 ehsan_hp200 hotmail com DotComEgypt (products.php?cat_id) Remote SQL injection Vulnerability 2011-07-26 ehsan_hp200 hotmail com Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability 2011-07-26 ehsan_hp200 hotmail com Funnel Web (selected_product.php?t) Remote SQL injection Vulnerability 2011-07-26 ehsan_hp200 hotmail com |
|
Privacy Statement |
http://www.zerodayinitiative.com/advisories/ZDI-11-243
July 27, 2011
-- CVE ID:
CVE-2011-0232
-- CVSS:
9, (AV:N/AC:L/Au:N/C:C/I:P/A:P)
-- Affected Vendors:
WebKit
-- Affected Products:
WebKit
-- TippingPoint(
[ more ] [ reply ]