SecurityFocus

Re: Cisco IOS UDP Denial of Service Vulnerability 2011-05-05
psirt cisco com

Hello,

The Cisco PSIRT is investigating this issue. If we determine that any of our products are vulnerable, information will be available at: http://www.cisco.com/go/psirt/

Please direct any questions to psirt (at) cisco (dot) com. [email concealed]

Paul Oxman
PSIRT Incident Manager

poxman (at) cisco (dot) com [email concealed]
Phone: +65 6317 7418
P

[ more ] [ reply ]

HTB22973: XSS in AJAX Calendar 2011-05-05
advisory htbridge ch

Vulnerability ID: HTB22973
Reference: http://www.htbridge.ch/advisory/xss_in_ajax_calendar.html
Product: AJAX Calendar
Vendor: OpenCrypt ( http://www.opencrypt.com )
Vulnerable Version: 1.0
Vendor Notification: 21 April 2011
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by Vendor
Ri

[ more ] [ reply ]

t2'11: Call for Papers 2011 (Helsinki / Finland) 2011-05-05
Tomi Tuominen (tomi tuominen t2 fi)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# t2'11 - Call For Papers #
Helsinki, Finland
October 27 - 28, 2011

We are pleased to announce the annual t2'11 infosec conference, which
will take place in Helsinki, Finland, from October 27

[ more ] [ reply ]

HTB22970: Multiple XSS vulnerabilities in PHPDug 2011-05-05
advisory htbridge ch

Vulnerability ID: HTB22970
Reference: http://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_phpdug.h
tml
Product: PHPDug
Vendor: Kubelabs.com ( http://www.kubelabs.com/ )
Vulnerable Version: 2.0.0 and probably prior versions
Vendor Notification: 21 April 2011
Vulnerability Type: XSS (Cros

[ more ] [ reply ]

Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities 2011-05-05
Cisco Systems Product Security Incident Response Team (psirt cisco com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Response: Cisco IOS Software Denial of Service
Vulnerabilities

http://www.cisco.com/warp/public/707/cisco-sr-20110505-ios.shtml

Revision 1.0

For Public Release 2011 May 05 1600 UTC (GMT)

Cisco Response
==============

This is the Ci

[ more ] [ reply ]

HTB22971: XSRF (CSRF) in PHPDug 2011-05-05
advisory htbridge ch

Vulnerability ID: HTB22971
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_phpdug.html
Product: PHPDug
Vendor: Kubelabs.com ( http://www.kubelabs.com/ )
Vulnerable Version: 2.0.0 and probably prior versions
Vendor Notification: 21 April 2011
Vulnerability Type: CSRF (Cross-Site Request For

[ more ] [ reply ]

Fwd: [USN-1122-1] Thunderbird vulnerabilities 2011-05-05
Micah Gersten (micah canonical com)

========================================================================
==
Ubuntu Security Notice USN-1122-1
May 05, 2011

thunderbird vulnerabilities
========================================================================
==

A security issue affects these releases of Ubuntu and its derivatives:

-

[ more ] [ reply ]

Re: Cisco IOS SNMP Message Processing Denial Of Service Vulnerability 2011-05-05
psirt cisco com

[USN-1126-2] PHP Regressions 2011-05-05
Steve Beattie (sbeattie ubuntu com)

========================================================================
==
Ubuntu Security Notice USN-1126-2
May 05, 2011

php5 regressions
========================================================================
==

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.

[ more ] [ reply ]

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability 2011-05-04
vuln nipc org cn

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability

------------------------------------------------------------------
I. Summary

Cisco Internetwork Operating System (IOS) 15.0 attempts to process SNMP solicited operations on improper ports (UDP 161,162), which allows remote attacker

[ more ] [ reply ]

[security bulletin] HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection 2011-05-04
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Document ID: c02807712
Version: 3

HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-04-21
Last Up

[ more ] [ reply ]

Cisco IOS UDP Denial of Service Vulnerability 2011-05-04
vuln nipc org cn

Cisco IOS UDP Denial of Service Vulnerability

------------------------------------------------------------------
I. Summary

Cisco routers running IOS 15.0 allows a remote attacker to cause a denial of service via a flood of UDP packets (a randomly chosen UDP port).

-------------------------------

[ more ] [ reply ]

[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface 2011-05-04
RedTeam Pentesting GmbH (release redteam-pentesting de)

Advisory: Client Side Authorization ZyXEL ZyWALL USG Appliances Web
Interface

The ZyXEL ZyWALL USG appliances perform parts of the authorization for
their management web interface on the client side using JavaScript. By
setting the JavaScript variable "isAdmin" to "true", a user with limi

[ more ] [ reply ]

[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances 2011-05-04
RedTeam Pentesting GmbH (release redteam-pentesting de)

Advisory: Authentication Bypass in Configuration Import and Export of
ZyXEL ZyWALL USG Appliances

Unauthenticated users with access to the management web interface of
certain ZyXEL ZyWALL USG appliances can download and upload
configuration files, that are applied automatically.

Details

[ more ] [ reply ]

Announcement - DeepSec 2011 - Call for Papers 2011-05-03
DeepSec Conference (deepsec deepsec net)

--- DeepSec 2011 "High Five" - Call for Papers

For the fifth time the DeepSec In-Depth Security Conference invites
security researchers and professionals to submit suggestions for talks
and workshops for our conference which will take place in November 2011
in Vienna.
Please visit our updated websi

[ more ] [ reply ]

[USN-1128-1] Vino vulnerabilities 2011-05-02
Marc Deslauriers (marc deslauriers canonical com)

========================================================================
==
Ubuntu Security Notice USN-1128-1
May 02, 2011

vino vulnerabilities
========================================================================
==

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu

[ more ] [ reply ]

CSRF (Cross-Site Request Forgery) in FREELANCER 2011-05-02
bolok boloke80 gmail com

Product: FREELANCER
Vendor: http://www.got.my ( http://www.got.my/FREELANCER/ )
Vulnerable Version: 1.0.0
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Risk level: Low
Credit: Hector.x90

Vulnerability Details:
The vulnerability exists due to failure in the "index.php" script to properly ver

[ more ] [ reply ]

TeamSHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager Service Level component 2011-05-02
Shatter (shatter appsecinc com)

NATO CCD COE's 3rd International Conference on Cyber Conflict . 7-10 June, Tallinn, Estonia. 2011-05-03
iccc ccdcoe org

For the third year in a row, the NATO Cooperative Cyber Defence Centre of Excellence invites experts from government, military, academia and the private sector to Tallinn to discuss recent trends in cyber security.

This year the ICCC (www.ccdcoe.org/ICCC) takes place on 7-10 June and will focus on

[ more ] [ reply ]

TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU 2011-05-02
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

April 21, 2011

Risk Level:
High

Affected versions:
Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform)

Remote exploitable:
Yes

Credits:
This vulnerability was discovered and researched b

[ more ] [ reply ]

Proofpoint Protection Server Cross-Site Scripting Vulnerability - SOS-11-005 2011-05-03
Lists (lists senseofsecurity com)

Sense of Security - Security Advisory - SOS-11-005

Release Date. 03-May-2011
Last Update. -
Vendor Notification Date. 28-Apr-2011
Product. Proofpoint Protection Server
Platform. Appliance
Affected versions.

[ more ] [ reply ]

[USN-1129-1] Perl vulnerabilities 2011-05-03
Marc Deslauriers (marc deslauriers canonical com)

========================================================================
==
Ubuntu Security Notice USN-1129-1
May 03, 2011

perl vulnerabilities
========================================================================
==

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu

[ more ] [ reply ]

HTB22962: Multiple XSS in YaPiG 2011-05-03
advisory htbridge ch

Vulnerability ID: HTB22962
Reference: http://www.htbridge.ch/advisory/multiple_xss_in_yapig.html
Product: YaPiG (Yet Another PHP Image Gallery)
Vendor: http://yapig.sourceforge.net/ ( http://yapig.sourceforge.net/ )
Vulnerable Version: 0.95
Vendor Notification: 19 April 2011
Vulnerability Type: XS

[ more ] [ reply ]

[ MDVSA-2011:082 ] python-feedparser 2011-05-02
security mandriva com

HTB22963: CSRF (Cross-Site Request Forgery) in SelectaPix Image Gallery 2011-05-03
advisory htbridge ch

Vulnerability ID: HTB22963
Reference: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_selec
tapix_image_gallery.html
Product: SelectaPix Image Gallery
Vendor: http://www.outofthetrees.co.uk/ ( http://www.outofthetrees.co.uk/ )
Vulnerable Version: 1.4.1
Vendor Notification: 19 Apri

[ more ] [ reply ]

Path disclousure in MEGA PORTAL 2011-05-02
bolok boloke80 gmail com

Product: MEGA PORTAL
Vendor: http://www.got.my
Demo: http://www.got.my/MEGA-PORTAL/
Vulnerability Type: Path disclosure
Risk level: medium
Credit: Hector.x90

Vulnerability Details:
A remote user can determine the full path to the web root directory and other potentially sensitive information.
The f

[ more ] [ reply ]

HTB22964: XSS in SelectaPix Image Gallery 2011-05-03
advisory htbridge ch

Vulnerability ID: HTB22964
Reference: http://www.htbridge.ch/advisory/xss_in_selectapix_image_gallery.html
Product: SelectaPix Image Gallery
Vendor: http://www.outofthetrees.co.uk/ ( http://www.outofthetrees.co.uk/ )
Vulnerable Version: 1.4.1
Vendor Notification: 19 April 2011
Vulnerability Type:

[ more ] [ reply ]

HTB22966: XSS in (e)2 interactive Photo Gallery 2011-05-03
advisory htbridge ch

Vulnerability ID: HTB22966
Reference: http://www.htbridge.ch/advisory/xss_in_e2_interactive_photo_gallery.html

Product: (e)2 interactive Photo Gallery
Vendor: http://www.e2interactive.com ( http://www.e2interactive.com )
Vulnerable Version: 0.9
Vendor Notification: 19 April 2011
Vulnerability Type

[ more ] [ reply ]

Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv 2011-05-03
Damien Miller (djm cvs openbsd org)

OpenSSH Security Advisory: portable-keysign-rand-helper.adv

This document may be found at:
http://www.openssh.com/txt/portable-keysign-rand-helper.adv

1. Vulnerability

Portable OpenSSH's ssh-keysign utility may allow unauthorised
local access to host keys on platforms if ssh-rand-

[ more ] [ reply ]

HTB22967: Multiple SQL Injection in Shutter 2011-05-03
advisory htbridge ch

Vulnerability ID: HTB22967
Reference: http://www.htbridge.ch/advisory/sql_injection_in_shutter.html
Product: Shutter
Vendor: http://shutter.tenfourzero.net/ ( http://shutter.tenfourzero.net/ )
Vulnerable Version: 0.1.4
Vendor Notification: 19 April 2011
Vulnerability Type: SQL Injection
Risk level

[ more ] [ reply ]