|
|
Prev week |
Colapse all |
Post message
[CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities 2011-05-30 Walikar Riyaz Ahemed Dawalmalik (WalikarRiyazAD microland com) [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities 2011-05-30 Walikar Riyaz Ahemed Dawalmalik (WalikarRiyazAD microland com) Hi, This is regarding multiple XSS (Cross Site Scripting) Vulnerabilities in Apache Archiva 1.3.4 (and previous versions). The following is the disclosure document Project: Apache Archiva Severity: High Versions: 1.3.0 - 1.3.4. The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Exploi [ more ] [ reply ] [SECURITY] [DSA 2245-1] chromium-browser security update 2011-05-29 Giuseppe Iuculano (iuculano debian org) FreeBSD Security Advisory FreeBSD-SA-11:02.bind 2011-05-28 FreeBSD Security Advisories (security-advisories freebsd org) CFP for ekoparty 2011 is now OPEN! [Buenos Aires, Argentina] 2011-05-27 eko security conference (organizacion ekoparty org) [*] ekoparty Security Conference and Trainings - 7th edition [*] www.ekoparty.org Trainings: September 19 & 20 / Conference: September 21, 22 & 23 2011 Buenos Aires, Argentina [*] CALL FOR PAPERS is now Open! We are really proud to announce the seventh edition of the ekoparty security con [ more ] [ reply ] Viewpoint: Security implications of IPv6 2011-05-27 Fernando Gont (fernando gont gmail com) Folks, CPNI (http://www.cpni.gov.uk) has published the "Security implications of IPv6" viewpoint document, which is basically an excerpt of a technical report on which I have been working during the last couple of years, and we'll be published anytime soon. The viewpoint is available at: <http://w [ more ] [ reply ] [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability 2011-05-27 Deng Ching (oching apache org) CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: An attacker can build a simple html page containing a hidden Image [ more ] [ reply ] [SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability 2011-05-27 Deng Ching (oching apache org) CVE-2011-1077: Apache Archiva Multiple XSS vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: The multiple XSS issues found are both Stored (Persistent) and Refl [ more ] [ reply ] Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure 2011-05-26 Veronica (vero valeros gmail com) ----------------------------------------------------------------------- Talsoft S.R.L. Security Advisory WordPress User IDs and User Names Disclosure ----------------------------------------------------------------------- I. Advisory information Title: WordPress User IDs and User Names Disclosure A [ more ] [ reply ] [CVE-REQUEST] Plone XSS and permission errors 2011-05-26 matthew matthewwilkes name Hello all, As a member of the Plone security response team I hereby notify you that we have been made aware of three distinct security holes in Plone and are requesting CVE identifiers. 1. Reflected XSS attack A crafted URL can display arbitrary HTML output 2. Persistent XSS attack Certain vali [ more ] [ reply ] [SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update 2011-05-25 Moritz Muehlenhoff (jmm debian org) iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow 2011-05-25 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can b [ more ] [ reply ] iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow 2011-05-25 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can b [ more ] [ reply ] iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow 2011-05-25 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can b [ more ] [ reply ] Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability 2011-05-25 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability Advisory ID: cisco-sa-20110525-iosxr-ssh Revision 1.0 For Public Release 2011 May 25 1600 UTC (GMT) +------------------------------------------------------------- [ more ] [ reply ] iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow 2011-05-25 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More information can b [ more ] [ reply ] Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability 2011-05-25 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability Advisory ID: cisco-sa-20110525-iosxrspa Revision 1.0 For Public Release 2011 May 25 1600 UTC (GMT) +--------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability 2011-05-25 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability Advisory ID: cisco-sa-20110525-iosxr Revision 1.0 For Public Release 2011 May 25 1600 UTC (GMT) +--------------------------------------------------------- Summary ======= Cis [ more ] [ reply ] Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities 2011-05-25 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities Advisory ID: cisco-sa-20110525-rvs4000 Revision 1.0 For Public Release 2011 May 25 1600 UTC (GMT) +------------------------------------------------------ [ more ] [ reply ] Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability 2011-05-25 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability Advisory ID: cisco-sa-20110525-spcdn Revision 1.0 For Public Release 2011 May 25 1600 UTC (GMT) +--------------------------------------------------- [ more ] [ reply ] Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others 2011-05-25 supernothing spareclockcycles org -==Description==- The RXS-3211 IP camera, among others, is vulnerable to remote password disclosure, which can be exploited by an unauthenticated attacker with a single UDP packet. The problem exists in the camera management protocol used by the devices, which sends the administrator password and o [ more ] [ reply ] CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow 2011-05-24 CORE Security Technologies Advisories (advisories coresecurity com) |
|
Privacy Statement |
This is regarding multiple CSRF (Cross Site Request Forgery)
Vulnerabilities in Apache Archiva 1.3.4 (and previous versions). The
following is the disclosure document
Title: Multiple CSRF Vulnerabilities in Apache Archiva 1.3.4
-----------------------------------------------------------------
[ more ] [ reply ]