|
|
Prev week |
Colapse all |
Post message
HTB22974: Multiple XSS in Calendarix 2011-05-10 advisory htbridge ch Vulnerability ID: HTB22974 Reference: http://www.htbridge.ch/advisory/multiple_xss_in_calendarix.html Product: Calendarix Vendor: http://www.calendarix.com ( http://www.calendarix.com ) Vulnerable Version: 0.8.20080808 Vendor Notification: 26 April 2011 Vulnerability Type: XSS (Cross Site Scriptin [ more ] [ reply ] Re: SQL Injection in Pixie 2011-05-10 security curmudgeon (jericho attrition org) On Thu, 20 Jan 2011, advisory (at) htbridge (dot) ch [email concealed] wrote: : Vulnerability ID: HTB22785 : Reference: http://www.htbridge.ch/advisory/sql_injection_in_pixie.html : : Vulnerability Details: : The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "refer [ more ] [ reply ] HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo 2011-05-10 advisory htbridge ch Vulnerability ID: HTB22976 Reference: http://www.htbridge.ch/advisory/multiple_xss_cross_site_scripting_vulner abilities_in_pommo.html Product: poMMo Vendor: Brice Burgess ( http://pommo.org/ ) Vulnerable Version: Aardvark PR16.1 Vendor Notification: 26 April 2011 Vulnerability Type: XSS (Cross Sit [ more ] [ reply ] OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability 2011-05-10 Patrick Webster (patrick osisecurity com au) Civica Spydus Library Management System (LMS) - Cross-site Scripting Vulnerability http://www.osisecurity.com.au/advisories/civica-spydus-library-managemen t-system-cross-site-scripting Release Date: 04-May-2011 Software: Civica - Spydus http://www.civicaplc.com/ "Libraries and information service [ more ] [ reply ] ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability 2011-05-09 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-157 May 9, 2011 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox -- TippingPoint(TM) IPS Cu [ more ] [ reply ] ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability 2011-05-09 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-156 May 9, 2011 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Sybase -- Affected Products: Sybase MBusiness Anywhere -- Tipp [ more ] [ reply ] ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability 2011-05-09 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-155 May 9, 2011 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Sybase -- Affected Products: Sybase MBusiness Anywhere -- T [ more ] [ reply ] ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability 2011-05-09 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-154 May 9, 2011 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Sybase -- Affected Products: Sybase MBusiness Anywhere -- Tipping [ more ] [ reply ] PR10-17 Various XSS and information disclosure flaws within KeyFax response management system 2011-05-09 research (research procheckup com) PR10-17: Various XSS and information disclosure flaws within KeyFax response management system http://www.omfax.co.uk Vulnerability found: 25th August 2010 Vendor informed: Vulnerability fixed: Severity: Medium/High Description: KeyFax response management system provides professional manageme [ more ] [ reply ] [security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification 2011-05-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824490 Version: 1 HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Infor [ more ] [ reply ] [security bulletin] HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification 2011-05-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824483 Version: 1 HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification NOTICE: The informati [ more ] [ reply ] [security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Modification 2011-05-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824440 Version: 1 HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Modification NOTICE: The information in [ more ] [ reply ] [security bulletin] HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS) 2011-05-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02822093 Version: 1 HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possi [ more ] [ reply ] Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720) 2011-05-09 wietse porcupine org (Wietse Venema) [On-line version will be at http://www.postfix.org/CVE-2011-1720.html] Summary ======= The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN (the ANONYMOUS mechanism is unaffected but should not be enable [ more ] [ reply ] TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection 2011-05-09 Advisories Toucan-System (advisories toucan-system com) [security bulletin] HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Service (DoS) 2011-05-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02826781 Version: 1 HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as po [ more ] [ reply ] TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write 2011-05-09 Advisories Toucan-System (advisories toucan-system com) Swiss Cyber Storm 3 2011-05-06 Ivan Buetler (ivan buetler csnc ch) Swiss Cyber Storm 3 is opening its door next week. We have two days of 36 lecturing talks (triple track) plus two days of hacking and cracking challenges in three different areas. Some of the 36 accepted Speakers * Stefano Di Paola * Marco Balduzzi * Prof. A. Gloor (MIT, USA) * Jeremy Brown (SCADA [ more ] [ reply ] Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones 2011-05-06 Barry Greene (bgreene senki org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: https://www.isc.org/CVE-2011-1907 is the authoritative source for this Security Advisory. Please check the source for any updates. Summary: When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger [ more ] [ reply ] Silently Pwning Protected-Mode IE9 and Innocent Windows Applications 2011-05-06 Mitja Kolsek (mitja kolsek acros si) Our advanced binary planting research goes on... and it's time to reveal some interesting hacks, for instance how to exploit binary planting (or DLL hijacking, if you prefer the less suitable term) to execute remote malicious code through Internet Explorer 9 in protected mode on Windows 7 - without [ more ] [ reply ] VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities 2011-05-06 VMware Security Team (security vmware com) [USN-1111-1] Linux kernel vulnerabilities 2011-05-05 Kees Cook (kees ubuntu com) ======================================================================== == Ubuntu Security Notice USN-1111-1 May 05, 2011 linux-source-2.6.15 vulnerabilities ======================================================================== == A security issue affects these releases of Ubuntu and its derivat [ more ] [ reply ] PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management 2011-05-05 research (research procheckup com) PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management Vulnerability found: 17th July 2010 Vendor informed: Vulnerability fixed: Severity: High Description: BMC Remedy Knowledge Management provides service desk analysts with a knowledge base of easy-to-find solut [ more ] [ reply ] HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar 2011-05-05 advisory htbridge ch Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_vcale ndar.html Product: VCalendar Vendor: UltraApps ( http://ultraapps.com ) Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF (Cross-Site Request Forgery) R [ more ] [ reply ] HTB22972: Multiple SQL injection vulnerabilities in PHPDug 2011-05-05 advisory htbridge ch Vulnerability ID: HTB22972 Reference: http://www.htbridge.ch/advisory/multiple_sql_injection_vulnerabilities_i n_phpdug.html Product: PHPDug Vendor: Kubelabs.com ( http://www.kubelabs.com/ ) Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type: [ more ] [ reply ] [USN-1122-2] Thunderbird vulnerabilities 2011-05-05 Micah Gersten (micah canonical com) ======================================================================== == Ubuntu Security Notice USN-1122-2 May 05, 2011 thunderbird vulnerabilities ======================================================================== == A security issue affects these releases of Ubuntu and its derivatives: - [ more ] [ reply ] HTB22968: XSS in PHP Directory Listing Script 2011-05-05 advisory htbridge ch Vulnerability ID: HTB22968 Reference: http://www.htbridge.ch/advisory/xss_in_php_directory_listing_script.html Product: PHP Directory Listing Script Vendor: http://www.evoluted.net ( http://www.evoluted.net ) Vulnerable Version: 3.1 Vendor Notification: 21 April 2011 Vulnerability Type: XSS (Cross [ more ] [ reply ] |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/sql_injection_in_calendarix.html
Product: Calendarix
Vendor: http://www.calendarix.com ( http://www.calendarix.com )
Vulnerable Version: 0.8.20080808
Vendor Notification: 26 April 2011
Vulnerability Type: SQL Injection
Risk leve
[ more ] [ reply ]