|
|
Prev week |
Colapse all |
Post message
ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability 2011-04-19 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-138 April 19, 2011 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPoint(TM) IPS Customer [ more ] [ reply ] [USN-1108-2] DHCP vulnerability 2011-04-19 Marc Deslauriers (marc deslauriers canonical com) ======================================================================== == Ubuntu Security Notice USN-1108-2 April 19, 2011 dhcp3 vulnerability ======================================================================== == A security issue affects these releases of Ubuntu and its derivatives: - Ubunt [ more ] [ reply ] [SECURITY] [DSA 2220-1] Request Tracker security update 2011-04-19 Florian Weimer (fw deneb enyo de) Re: SQL Injection in LightNEasy 2011-04-19 security curmudgeon (jericho attrition org) Not only was this previously discovered, you don't seem to understand the variables: On Thu, 30 Dec 2010, advisory (at) htbridge (dot) ch [email concealed] wrote: : Vulnerability ID: HTB22754 : Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy_1.html : Product: LightNEasy : : Vulnerability Details: : T [ more ] [ reply ] Re: SQL Injection in LightNEasy 2011-04-19 security curmudgeon (jericho attrition org) Nice try.. republishing old findings again? On Thu, 30 Dec 2010, advisory (at) htbridge (dot) ch [email concealed] wrote: : Vulnerability ID: HTB22750 : Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy.html : Product: LightNEasy : The vulnerability exists due to failure in the "/LightNEasy.php" script [ more ] [ reply ] HTB22938: Multiple XSS in Universal Post Manager wordpress plugin 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22938 Reference: http://www.htbridge.ch/advisory/multiple_xss_in_universal_post_manager_w ordpress_plugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects ( Artyom Chakhoyan ) ( http://www.profprojects.com/ ) Vulnerable Version: 1.0.9 Vendor Notificatio [ more ] [ reply ] HTB22942: Path disclousure in Dalbum 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22942 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_dalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ ( http://www.dalbum.org/ ) Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: H [ more ] [ reply ] HTB22937: Path disclosure in Universal Post Manager wordpress plugin 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22937 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_universal_post_manage r_wordpress_plugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects ( Artyom Chakhoyan ) ( http://www.profprojects.com/ ) Vulnerable Version: 1.0.9 Vendor Notifica [ more ] [ reply ] [security bulletin] HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access 2011-04-19 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02788734 Version: 1 HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access NOTICE: The information in this Security Bu [ more ] [ reply ] HTB22943: XSS in Dalbum 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22943 Reference: http://www.htbridge.ch/advisory/xss_in_dalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ ( http://www.dalbum.org/ ) Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: XSS (Cross Site Scripting) Risk level: Medium Credit: [ more ] [ reply ] [USN-1114-1] KDENetwork vulnerability 2011-04-18 Jamie Strandboge (jamie canonical com) ======================================================================== == Ubuntu Security Notice USN-1114-1 April 18, 2011 kdenetwork vulnerability ======================================================================== == A security issue affects these releases of Ubuntu and its derivatives: - [ more ] [ reply ] Windows Synchronization Object Vulnerabilites in Antivirus Suites 2011-04-19 Lists (lists softwareintegrity com) Abstract In 2009 we examined the effects of manipulating synchronization objects in security software suites frequently found on personal computers running Windows XP and Vista. The synchronization objects were mutexes and events, and the security software included products from AVG, Avast, Avira, [ more ] [ reply ] HTB22933: Multiple Path disclosure in webSPELL 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22933 Reference: http://www.htbridge.ch/advisory/multiple_path_disclosure_in_webspell.htm l Product: webSPELL Vendor: http://www.webspell.org/ ( http://www.webspell.org/ ) Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: Path disclosure Risk lev [ more ] [ reply ] HTB22931: XSS vulnerability in InTerra Blog Machine 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_interra_blog_machin e.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team ( http://code.google.com/p/interra/ ) Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 Mar [ more ] [ reply ] HTB22941: CSRF (Cross-Site Request Forgery) in Dalbum 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22941 Reference: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_dalbu m.html Product: Dalbum Vendor: http://www.dalbum.org/ ( http://www.dalbum.org/ ) Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: CSRF (Cross-Site Request Fo [ more ] [ reply ] HTB22940: XSS in SocialGrid wordpress plugin 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22940 Reference: http://www.htbridge.ch/advisory/xss_in_socialgrid_wordpress_plugin.html Product: SocialGrid wordpress plugin Vendor: Michael Whalen ( http://whalesalad.com ) Vulnerable Version: 2.3 Vendor Notification: 05 April 2011 Vulnerability Type: XSS (Cross Site Scripti [ more ] [ reply ] HTB22934: SQL Injection in WP-StarsRateBox wordpress plugin 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22934 Reference: http://www.htbridge.ch/advisory/sql_injection_in_wp_starsratebox_wordpre ss_plugin.html Product: WP-StarsRateBox wordpress plugin Vendor: www.starsrate.com ( www.starsrate.com ) Vulnerable Version: 1.1 Vendor Notification: 05 April 2011 Vulnerability Type: SQL [ more ] [ reply ] HTB22935: Multiple XSS in WP-StarsRateBox wordpress plugin 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22935 Reference: http://www.htbridge.ch/advisory/multiple_xss_in_wp_starsratebox_wordpres s_plugin.html Product: WP-StarsRateBox wordpress plugin Vendor: www.starsrate.com ( www.starsrate.com ) Vulnerable Version: 1.1 Vendor Notification: 05 April 2011 Vulnerability Type: XSS [ more ] [ reply ] HTB22932: Multiple XSS in webSPELL 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22932 Reference: http://www.htbridge.ch/advisory/multiple_xss_in_webspell.html Product: webSPELL Vendor: http://www.webspell.org/ ( http://www.webspell.org/ ) Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: XSS (Cross Site Scripting) Risk leve [ more ] [ reply ] [Annoucement] CHMag Call for Articles 2011-04-19 abhijeet clubhack com ClubHACK Magazine is seeking for submissions for next issue i.e. May 2011 issue. IF you have something interesting and would like to share, please send in your articles to abhijeet (at) clubhack (dot) com [email concealed] Topics/Themes for May issue is - Browser Security. It has as 6 sections: 1.Tech Gyan - Main artic [ more ] [ reply ] HTB22939: Multiple SQL Injection in Universal Post Manager wordpress plugin 2011-04-19 advisory htbridge ch Vulnerability ID: HTB22939 Reference: http://www.htbridge.ch/advisory/multiple_sql_injection_in_universal_post _manager_wordpress_plugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects ( Artyom Chakhoyan ) ( http://www.profprojects.com/ ) Vulnerable Version: 1.0.9 Vendor N [ more ] [ reply ] [DCA-2011-0011] - Ocomon Multiple SQL Injection 2011-04-19 Ewerson Guimarães (Crash) - Dclabs (crash dclabs com br) [DCA-2011-0011] [Discussion] - DcLabs Security Research Group advises about following vulnerability(ies): [Software] - Ocomon [Vendor Product Description] - The OCOMON came in March 2002 as a personal project of programmer Franque Custodio, with the initial characteristics of the registration, mo [ more ] [ reply ] ZDI-11-136: IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability 2011-04-18 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-136 (formerly ZDI-CAN-1022): IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-136 April 18, 2011 -- CVE ID: CVE-2011-1206 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: IBM - [ more ] [ reply ] Re: Does anyone know how to contact OpenSSH non-public? 2011-04-18 Rico Secada (coolzone it dk) On Sun, 17 Apr 2011 21:47:13 +0200 Jann Horn <jannhorn (at) googlemail (dot) com [email concealed]> wrote: > Hello, > does anyone know how to contact the openssh guys without using a > public mailinglist/IRC channel/...? I tried openssh (at) openssh (dot) com [email concealed], but > I didn't get an answer. It's nothing big, but I'd like to make sure > th [ more ] [ reply ] ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch 2011-04-18 Security_Alert emc com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch Advisories Updated April 14, 2011 Summary: A potential cross-site scripting vulnerability has been iden [ more ] [ reply ] ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability 2011-04-18 Security_Alert emc com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability. EMC Identifier: ESA-2011-013 CVE Identifier: CVE-2011-1421 Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Affected products: [ more ] [ reply ] [USN-1113-1] Postfix vulnerabilities 2011-04-18 Marc Deslauriers (marc deslauriers canonical com) ======================================================================== == Ubuntu Security Notice USN-1113-1 April 18, 2011 postfix vulnerabilities ======================================================================== == A security issue affects these releases of Ubuntu and its derivatives: - U [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2221-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
April 19, 2011
[ more ] [ reply ]