|
|
Prev week |
Colapse all |
Post message
HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social 2011-05-12 advisory htbridge ch Vulnerability ID: HTB22979 Reference: http://www.htbridge.ch/advisory/multiple_xss_cross_site_scripting_vulner abilities_in_argyle_social.html Product: Argyle Social Vendor: Argyle Social ( http://argylesocial.com/ ) Vulnerable Version: Current at 26/04/2011 Vendor Notification: 28 April 2011 Vulne [ more ] [ reply ] [security bulletin] HPSBMA02661 SSRT100408 rev.3 - HP SNMP Agents Running on Linux and HP Insight Management Agents Running on Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure 2011-05-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02735590 Version: 3 HPSBMA02661 SSRT100408 rev.3 - HP SNMP Agents Running on Linux and HP Insight Management Agents Running on Windows, Remote Cross Site Scripting (XSS), URL Redirection, Informa [ more ] [ reply ] HTB22980: XSRF (CSRF) in Open Classifieds 2011-05-12 advisory htbridge ch Vulnerability ID: HTB22980 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_open_classifieds.html Product: Open Classifieds Vendor: Open Classifieds Team ( http://www.open-classifieds.com/ ) Vulnerable Version: 1.7.1.1 and probably prior versions Vendor Notification: 28 April 2011 Vulnerabi [ more ] [ reply ] [Bkis] sNews 1.7.1 XSS vulnerability 2011-05-12 Bkis (minhbq bkav com vn) 1. General Information sNews is a free content management system (CMS) written in PHP and MySQL. It is available at http://snewscms.com/. In April 2011, Bkis Security discovered an XSS (Cross-site Scripting) vulnerability in sNews CMS version 1.7.1. Taking advantage of this vulnerability, hacker mi [ more ] [ reply ] CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass 2011-05-11 CORE Security Technologies Advisories (advisories coresecurity com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Oracle GlassFish Server Administration Console Authentication Bypass 1. *Advisory Information* Title: Oracle GlassFish Server Administration Console Authentica [ more ] [ reply ] [USN-1130-1] Exim vulnerability 2011-05-10 Kees Cook (kees ubuntu com) ======================================================================== == Ubuntu Security Notice USN-1130-1 May 10, 2011 exim4 vulnerability ======================================================================== == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu [ more ] [ reply ] ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-167 May 10, 2011 -- CVE ID: CVE-2011-1248 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Microsoft -- Affected Products: M [ more ] [ reply ] [security bulletin] HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files 2011-05-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02821425 Version: 1 HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files NOTICE: The informat [ more ] [ reply ] CA20110510-01: Security Notice for CA eHealth 2011-05-10 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- CA20110510-01: Security Notice for CA eHealth Issued: May 10, 2011 CA Technologies support is alerting customers to a security risk with CA eHealth. A vulnerability exists that may potentially allow an attacker to compromise web user security. The vulnerability [ more ] [ reply ] [Announcement] ClubHACK Magazine Issue 16-May 2011 released 2011-05-11 abhijeet clubhack com Hello All, Here we are again with the latest issue of ClubHack Magazine. This time also the issue is dedicated to Browser security. ClubHack Magazine: http://chmag.in Direct Download: http://chmag.in/issue/may2011.pdf Tech Gyan - First ever public disclosure of Password secrets of "Apple Safari" [ more ] [ reply ] [PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel 2011-05-11 Timo Warns (warns pre-sense de) PRE-CERT Security Advisory ========================== * Advisory: PRE-SA-2011-04 * Released on: 10 May 2011 * Last updated on: 10 May 2011 * Affected product: Linux Kernel 2.4 and 2.6 * Impact: information disclosure, denial-of-service * Origin: storage devices * Credit: Timo Warns (PRESENSE Techno [ more ] [ reply ] ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-158 May 10, 2011 -- CVE ID: CVE-2011-0065 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox -- TippingPo [ more ] [ reply ] [USN-1131-1] Postfix vulnerability 2011-05-11 Marc Deslauriers (marc deslauriers canonical com) ======================================================================== == Ubuntu Security Notice USN-1131-1 May 11, 2011 postfix vulnerability ======================================================================== == A security issue affects these releases of Ubuntu and its derivatives: - Ubunt [ more ] [ reply ] ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-166 May 10, 2011 -- CVE ID: CVE-2011-1854 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Products [ more ] [ reply ] [security bulletin] HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized File System Write Access 2011-05-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02822174 Version: 1 HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized File System Write Access NOTICE: The information in this Secu [ more ] [ reply ] ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-165 May 10, 2011 -- CVE ID: CVE-2011-1853 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affec [ more ] [ reply ] Apache Struts 2 Multiple Reflected XSS in XWork error pages 2011-05-10 marian ventuneac gmail com Security Advisory: MVSA-11-006 CVE: CVE-2011-1772 Vendor: Apache Software Foundation Product: Struts 2 Framework Vulnerabilities: Multiple Reflected XSS in XWork error pages Risk: High Attack Vector: From Remote Authentication: Not Required References: - http://secureappdev.blogspot.com [ more ] [ reply ] ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-164 May 10, 2011 -- CVE ID: CVE-2011-1852 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affecte [ more ] [ reply ] [security bulletin] HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) 2011-05-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02746026 Version: 2 HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) NOTICE: The information in [ more ] [ reply ] ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-160 May 10, 2011 -- CVE ID: CVE-2011-1848 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewle [ more ] [ reply ] ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-162 May 10, 2011 -- CVE ID: CVE-2011-1850 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Produc [ more ] [ reply ] ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-163 May 10, 2011 -- CVE ID: CVE-2011-1851 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Prod [ more ] [ reply ] ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-161 May 10, 2011 -- CVE ID: CVE-2011-1849 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Produ [ more ] [ reply ] ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability 2011-05-10 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-159 May 10, 2011 -- CVE ID: CVE-2011-0066 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox -- Tipp [ more ] [ reply ] [security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code 2011-05-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02822750 Version: 1 HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted up [ more ] [ reply ] HTB22977: XSRF (CSRF) in poMMo 2011-05-10 advisory htbridge ch Vulnerability ID: HTB22977 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_pommo.html Product: poMMo Vendor: Brice Burgess ( http://pommo.org/ ) Vulnerable Version: Aardvark PR16.1 Vendor Notification: 26 April 2011 Vulnerability Type: CSRF (Cross-Site Request Forgery) Risk level: Low Cre [ more ] [ reply ] |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_argyle_social.html
Product: Argyle Social
Vendor: Argyle Social ( http://argylesocial.com/ )
Vulnerable Version: Current at 26/04/2011
Vendor Notification: 28 April 2011
Vulnerability Type: CSRF (Cross-Site Request
[ more ] [ reply ]