|
|
Prev week |
Colapse all |
Post message
[security bulletin] HPSBMA02667 SSRT100464 rev.2 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection 2011-04-27 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02807712 Version: 1 HPSBMA02667 SSRT100464 rev.2 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection NOTICE: The information in this Security Bulletin should be acted upon as soon as p [ more ] [ reply ] CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server 2011-04-26 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server Issued: April 26, 2011 CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist t [ more ] [ reply ] [security bulletin] HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code 2011-04-26 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02781143 Version: 1 HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon a [ more ] [ reply ] HTB22955: Path disclosure in BuddyPress WordPress plugin 2011-04-26 advisory htbridge ch Vulnerability ID: HTB22955 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_buddypress_wordpress_ plugin.html Product: BuddyPress Vendor: BuddyPress ( http://buddypress.org/ ) Vulnerable Version: 1.2.8 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclosure Risk level: L [ more ] [ reply ] HTB22948: Path disclosure in Cotonti 2011-04-26 advisory htbridge ch Vulnerability ID: HTB22948 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_cotonti.html Product: Cotonti Vendor: Cotonti Team ( http://www.cotonti.com/ ) Vulnerable Version: Siena 0.9.0 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: Hi [ more ] [ reply ] HTB22952: XSS vulnerabilities in Noah's Classifieds 2011-04-26 advisory htbridge ch Vulnerability ID: HTB22952 Reference: http://www.htbridge.ch/advisory/xss_vulnerabilities_in_noah_s_classified s.html Product: Noah's Classifieds Vendor: Noah's Classifieds ( http://www.noahsclassifieds.org/ ) Vulnerable Version: 5.0.4 and probably prior versions Vendor Notification: 12 April 2011 [ more ] [ reply ] HTB22956: XSS vulnerabilities in phpList 2011-04-26 advisory htbridge ch Vulnerability ID: HTB22956 Reference: http://www.htbridge.ch/advisory/xss_vulnerabilities_in_phplist.html Product: phpList Vendor: Tincan Ltd ( http://www.phplist.com/ ) Vulnerable Version: 2.10.13 and probably prior versions Vendor Notification: 12 April 2011 Vulnerability Type: XSS Risk level: M [ more ] [ reply ] HTB22954: Path disclousure in yappa-ng Photo Gallery 2011-04-26 advisory htbridge ch Vulnerability ID: HTB22954 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_yappa_ng_photo_galle ry.html Product: yappa-ng Photo Gallery Vendor: http://www.zirkon.at/ ( http://www.zirkon.at/ ) Vulnerable Version: 2.3.2 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclo [ more ] [ reply ] HTB22957: XSRF (CSRF) in phpList 2011-04-26 advisory htbridge ch Vulnerability ID: HTB22957 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_phplist.html Product: phpList Vendor: Tincan Ltd ( http://www.phplist.com/ ) Vulnerable Version: 2.10.13 and probably prior versions Vendor Notification: 12 April 2011 Vulnerability Type: CSRF (Cross-Site Request Fo [ more ] [ reply ] HTB22953: XSS in Max's PHP Photo Album 2011-04-26 advisory htbridge ch Vulnerability ID: HTB22953 Reference: http://www.htbridge.ch/advisory/xss_in_max_s_php_photo_album.html Product: Max's PHP Photo Album Vendor: http://www.phpf1.com ( http://www.phpf1.com ) Vulnerable Version: 2008-04-01 Vendor Notification: 12 April 2011 Vulnerability Type: XSS (Cross Site Scripti [ more ] [ reply ] HTB22951: XSS in WP-Ajax-Recent-Posts wordpress plugin 2011-04-26 advisory htbridge ch Vulnerability ID: HTB22951 Reference: http://www.htbridge.ch/advisory/xss_in_wp_ajax_recent_posts_wordpress_pl ugin.html Product: WP-Ajax-Recent-Posts wordpress plugin Vendor: QiQiBoY ( http://www.qiqiboy.com/ ) Vulnerable Version: 1.0.1 Vendor Notification: 12 April 2011 Vulnerability Type: XSS (C [ more ] [ reply ] Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay 2011-04-26 Vladimir '3APA3A' Dubrovin (3APA3A securityvulns ru) Dear Alexandr Polyakov, AFAIK, SMB NTLM relaying was closed with MS08-068 and Kerberos was never possible to relay. Are you sure authentication is really possible with patched windows systems? --Monday, April 25, 2011, 12:21:57 PM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]: AP> Digital Security [ more ] [ reply ] Re: SQL Injection in phpMySport 2011-04-26 security curmudgeon (jericho attrition org) : Vulnerability ID: HTB22770 : Reference: http://www.htbridge.ch/advisory/sql_injection_in_phpmysport.html : Vulnerability Details: : The vulnerability exists due to failure in the "/index.php" script to : properly sanitize user-supplied input in "v1" variable. Attacker can : alter queries to t [ more ] [ reply ] [TOOL RELEASE] T50 - an Experimental Mixed Packet Injector ( v5.3) 2011-04-25 Nelson Brito (nbrito sekure org) AST-2011-006: Asterisk Manager User Shell Access 2011-04-21 Asterisk Security Team (security asterisk org) AT-TFTP Server Remote Denial of Service Vulnerability 2011-04-25 SecPod Research (research secpod com) Hi, SecPod Research Team Member Antu Sanadi has found a DoS Vulnerability in AT-TFTP Server Advisory and POC details has been attached to this mail. Regards, SecPod Research Team http://www.secpod.com ######################################################################## ####### AT-TFTP S [ more ] [ reply ] Re: HTB22945: Multiple XSS in ZENphoto 2011-04-22 Christian Kujau (lists nerdbynature de) On Thu, 21 Apr 2011 at 13:42, advisory (at) htbridge (dot) ch [email concealed] wrote: > The vulnerability exists due to failure in the "/themes/zenpage/slideshow.php" > script to properly sanitize user-supplied input in "_zp_themeroot" > variable then register_globals is on. You mean "if register_globals is on"? I thought an [ more ] [ reply ] [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay 2011-04-25 Alexandr Polyakov (alexandr polyakov dsec ru) XSS in Webmin 1.540 + exploit for privilege escalation 2011-04-24 Javier Bassi (javierbassi gmail com) Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi <javierbassi [at] gmail [dot] com [ more ] [ reply ] [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011) 2011-04-23 ACM CCS 2011 (acmccs2011 gmail com) Apologies for multiple copies of this announcement. ------------------------------------------------------ 18th ACM Conference on Computer and Communications Security (ACM CCS 2011) CALL FOR PAPERS OCTOBER 17 - 21, 2011 SWISSOTEL Chicago, Chicago, IL, USA http://sigsac.org/ccs/CCS2011 The annual [ more ] [ reply ] [security bulletin] HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure 2011-04-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02789514 Version: 1 HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure NOTICE: The information in this Security Bulletin s [ more ] [ reply ] [security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection 2011-04-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Document ID: c02807712 Version: 1 HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-04-21 Last Up [ more ] [ reply ] AST-2011-005: File Descriptor Resource Exhaustion 2011-04-21 Asterisk Security Team (security asterisk org) [USN-1120-1] tiff vulnerability 2011-04-21 Marc Deslauriers (marc deslauriers canonical com) ======================================================================== == Ubuntu Security Notice USN-1120-1 April 21, 2011 tiff vulnerability ======================================================================== == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu [ more ] [ reply ] |
|
Privacy Statement |
: Vulnerability ID: HTB22776
: Reference: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_diafan_cms.h
tml
: Product: diafan.CMS
: Vulnerability Details:
: User can execute arbitrary JavaScript code within the vulnerable application.
:
: The vulnerability exists due to failure in the
[ more ] [ reply ]