|
|
Prev week |
Colapse all |
Post message
HTB23015: Easewe FTP ActiveX Control Multiple Insecure Methods 2011-06-22 advisory htbridge ch Vulnerability ID: HTB23015 Reference: http://www.htbridge.ch/advisory/easewe_ftp_ocx_activex_control_execute_i nsecure_method.html Product: Easewe FTP OCX ActiveX Control Vendor: Easewe Software ( http://www.ftpocx.com ) Vulnerable Version: 4.5.0.9 and probably prior Tested on: 4.5.0.9 Vendor Notifi [ more ] [ reply ] Re: Perfect PDF products distributed with vulnerable MSVC++ libraries 2011-06-22 Stefan Kanthak (stefan kanthak nexgo de) "Brad Hards" <bradh (at) frogmouth (dot) net [email concealed]> wrote: > On Sunday 19 June 2011 11:37:33 Stefan Kanthak wrote: >> soft Xpansion <www.soft-xpansion.com> distributes their (freeware) >> products "Perfect PDF 7 Master" and "Perfect PDF 7 Reader" (the >> current files are dated 2011-05-10) with OUTDATED and VULNERA [ more ] [ reply ] TWSL2011-006: IBM Web Application Firewall Bypass 2011-06-21 Trustwave Advisories (trustwaveadvisories trustwave com) Trustwave's SpiderLabs Security Advisory TWSL2011-006: IBM Web Application Firewall Bypass https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt Published: 2011-06-21 Version: 1.0 Vendor: IBM Product: IBM Web Application Firewall These capabilities are included through SiteProtector 7. [ more ] [ reply ] ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability 2011-06-21 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-225 June 21, 2011 -- CVE ID: CVE-2011-0085 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox -- [ more ] [ reply ] ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability 2011-06-21 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-224 June 21, 2011 -- CVE ID: CVE-2011-2363 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox - [ more ] [ reply ] ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability 2011-06-21 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-223 June 21, 2011 -- CVE ID: CVE-2011-0083 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox [ more ] [ reply ] Re: Perfect PDF products distributed with vulnerable MSVC++ libraries 2011-06-21 Brad Hards (bradh frogmouth net) On Sunday 19 June 2011 11:37:33 Stefan Kanthak wrote: > soft Xpansion <www.soft-xpansion.com> distributes their (freeware) > products "Perfect PDF 7 Master" and "Perfect PDF 7 Reader" (the > current files are dated 2011-05-10) with OUTDATED and VULNERABLE > Visual C++ 2008 runtime libraries VCRedist [ more ] [ reply ] [slackware-security] fetchmail (SSA:2011-171-01) 2011-06-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] fetchmail (SSA:2011-171-01) New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slac [ more ] [ reply ] Perfect PDF products distributed with vulnerable MSVC++ libraries 2011-06-19 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, soft Xpansion <www.soft-xpansion.com> distributes their (freeware) products "Perfect PDF 7 Master" and "Perfect PDF 7 Reader" (the current files are dated 2011-05-10) with OUTDATED and VULNERABLE Visual C++ 2008 runtime libraries VCRedist_x86.exe/VCRedist_x64.exe version 9.0.30729.17 of 20 [ more ] [ reply ] VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038) 2011-06-17 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and grap [ more ] [ reply ] JFreeChart - Path Disclosure vulnerability 2011-06-17 Patrick Webster (patrick osisecurity com au) JFreeChart - Path Disclosure http://www.osisecurity.com.au/advisories/jfreechart-path-disclosure Release Date: 17-Jun-2011 Software: JFree.org - JFreeChart http://www.jfree.org/ "A free Java chart library. JFreeChart supports pie charts (2D and 3D), bar charts (horizontal and vertical, regular an [ more ] [ reply ] EQDKP plus Cross Site Scripting and Bypass file extension 2011-06-17 iPower N/A (vb win32 gmail com) Hello! I have found a vulnerability in the EQDKP Plus. More precisely in the plugin mediacenter. Because of incorrectly checks the file extension it is possible to upload the "htm" file and execute XSS attack. But with some restrictions. The plugin checks the contents for tags: [code=plugins/med [ more ] [ reply ] Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries 2011-06-17 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the current version of Essential PIM 4.22, available at <http://www.astonsoft.com/epim_download/EssentialPIMPort4.zip> with HTTP timestamp "Wed, 15 Jun 2011 13:20:12 GMT", comes with VULNERABLE and COMPLETELY outdated 3rd party runtime libraries! 1. libeay32.dll and ssleay32.dll of OpenSS [ more ] [ reply ] [security bulletin] HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS) 2011-06-16 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02787667 Version: 1 HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be ac [ more ] [ reply ] [SECURITY] [DSA 2263-1] movabletype-opensource security update 2011-06-16 Florian Weimer (fw deneb enyo de) iDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerability 2011-06-16 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browser [ more ] [ reply ] iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability 2011-06-16 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browser [ more ] [ reply ] iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability 2011-06-16 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browser [ more ] [ reply ] iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability 2011-06-16 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browser [ more ] [ reply ] myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique 2011-06-15 info robinverton de myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique Software: myBloggie 2.1.6 Severity: High Author: Robin Verton <info (at) robinverton (dot) de> Date: Jun. 12 2011 Vendor: http://mybloggie.mywebland.com/ Software Description: "myBloggie is considered one of the most simple, [ more ] [ reply ] CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery 2011-06-15 CORE Security Technologies Advisories (advisories coresecurity com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ IBM WebSphere Application Server Cross-Site Request Forgery 1. *Advisory Information* Title: IBM WebSphere Application Server Cross-Site Request Forgery Advi [ more ] [ reply ] TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability 2011-06-15 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-10 June 15, 2011 -- CVE ID: CVE-2011-0335 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Pl [ more ] [ reply ] |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/xss_in_fanupdate.html
Product: FanUpdate
Vendor: fanupdate.co.uk ( http://fanupdate.co.uk/ )
Vulnerable Version: 3.0 and probably prior
Tested on: 3.0
Vendor Notification: 01 June 2011
Vulnerability Type: XSS (Cross Site Scripti
[ more ] [ reply ]