|
|
Prev week |
Colapse all |
Post message
CFP for BugCON 2011 @ Mexico City 2011-04-12 Carlos A. Lozano (vendetta bugcon org) >>>>>>>>>>>>>>>> o<<<<<<<<<<<<<<<<<<< BugCON Security Conferences 2011 Safety is just a myth?! October 5 - 7 @ Mexico City CALL FOR PAPERS www.bugcon.org >>>>>>>>>>>>>>>> o<<<<<<<<<<<<<<<<<<< BugCON is a purely technical convention where all security researchers can show their research, projects a [ more ] [ reply ] Re: [Full-disclosure] Medium severity flaw in Konqueror 2011-04-12 Vincent Danen (vdanen redhat com) * [2011-04-11 22:07:24 +0100] Tim Brown wrote: >I was recently taking a look at Konquerer and spotted an example of universal >XSS. Essentially, the error page displayed when a requested URL is not >available includes said URL. If said URL includes HTML fragments these will >be rendered. CVE-201 [ more ] [ reply ] HTB22930: Multiple XSS in WebCalendar 2011-04-12 advisory htbridge ch Vulnerability ID: HTB22930 Reference: http://www.htbridge.ch/advisory/xss_in_webcalendar.html Product: WebCalendar Vendor: k5n.us ( http://www.k5n.us/ ) Vulnerable Version: 1.2.3 Vendor Notification: 29 March 2011 Vulnerability Type: XSS (Cross Site Scripting) Risk level: Medium Credit: High-Tech [ more ] [ reply ] HTB22927: CSRF (Cross-Site Request Forgery) in Webjaxe 2011-04-12 advisory htbridge ch Vulnerability ID: HTB22927 Reference: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_webja xe.html Product: Webjaxe Vendor: Webjaxe ( http://media4.obspm.fr/outils/webjaxe/en/ ) Vulnerable Version: 1.02 Vendor Notification: 29 March 2011 Vulnerability Type: CSRF (Cross-Site Requ [ more ] [ reply ] Re: [Full-disclosure] Medium severity flaw in Konqueror 2011-04-12 Tim Brown (timb nth-dimension org uk) On Tuesday 12 April 2011 03:36:24 Vincent Danen wrote: > * [2011-04-11 22:07:24 +0100] Tim Brown wrote: > >I was recently taking a look at Konquerer and spotted an example of > >universal XSS. Essentially, the error page displayed when a requested > >URL is not available includes said URL. If said [ more ] [ reply ] Medium severity flaw in Konqueror 2011-04-11 Tim Brown (timb nth-dimension org uk) I was recently taking a look at Konquerer and spotted an example of universal XSS. Essentially, the error page displayed when a requested URL is not available includes said URL. If said URL includes HTML fragments these will be rendered. CVE-2010-2952 has been assigned to this issue. Tim -- [ more ] [ reply ] [USN-1108-1] DHCP vulnerability 2011-04-11 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1108-1 April 11, 2011 dhcp3 vulnerability CVE-2011-0997 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 [ more ] [ reply ] rPSA-2011-0013-1 openssl openssl-scripts 2011-04-11 rPath Update Announcements (announce-noreply rpath com) Vulnerabilities in Microsoft Reader and HIS 2011-04-11 Luigi Auriemma (aluigi autistici org) Microsoft Reader is a PC/tablet software for reading the ebooks in LIT format and the Audible audio books. The following are a couple of integer overflows, an heap and an array indexing overflow and the writing of a NULL byte in an arbitrary memory location: http://aluigi.org/adv/msreader_1-adv.t [ more ] [ reply ] Passwords^11 - Call for Papers ending April 17! 2011-04-11 Per Thorsheim (per thorsheim net) A quick reminder that the Call for Papers for Passwords^11 ends on Sunday, April 17. We have already accepted and announced some of the speakers, with more to come. We are still interested in talks, especially within some narrow areas: 1. Hybrid-wordlist-mangling ruleset construction logic for too [ more ] [ reply ] ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability 2011-04-11 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-118 April 11, 2011 -- CVE ID: CVE-2010-4229 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Produc [ more ] [ reply ] WOOT '11 Call for Papers (reminder) 2011-04-10 Michal Zalewski (lcamtuf coredump cx) Hi all, This is just a reminder that the deadline for WOOT paper submissions is coming soon. If you are looking to present interesting attack-related research to your peers in the industry and in the academia, act now :-) http://www.usenix.org/events/woot11/cfp/ Progress in the field of computer [ more ] [ reply ] ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability 2011-04-11 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-117 April 11, 2011 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: McAfee -- Affected Products: McAfee Firewall Report [ more ] [ reply ] [Tool] sqlmap 0.9 released 2011-04-11 Miroslav Stampar (miroslav stampar gmail com) Hi, We are glad to release sqlmap version 0.9. Introduction ============ sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features [ more ] [ reply ] Arbitary File Upload Vulnerability in Elxis CMS component eForum v1.1 2011-04-10 by_argos hotmail com ======================================================================== == Elxis CMS component eForum v1.1 - Arbitary File Upload Vulnerability ======================================================================== == Software: eForum v1.1 (Elxis CMS component) Vendor: http://www.isop [ more ] [ reply ] Re: XSRF (CSRF) in Wolf CMS 2011-04-09 security curmudgeon (jericho attrition org) Date: 2010-04-03 http://packetstorm.crazydog.pt/1004-exploits/wolfcms-xsrf.txt This looks to be the same finding in 0.6.0a On Thu, 25 Nov 2010, advisory (at) htbridge (dot) ch [email concealed] wrote: : Vulnerability ID: HTB22681 : Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_wolf_cms.html : Product: Wolf CMS : [ more ] [ reply ] joomlacontenteditor (com_jce) BLIND sql injection vulnerability 2011-04-08 eidelweiss windowslive com =================================================================== joomlacontenteditor (com_jce) BLIND sql injection vulnerability =================================================================== Software: joomlacontenteditor (com_jce) Vendor: www.joomlacontenteditor.net Vuln Ty [ more ] [ reply ] |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_plogger.html
Product: Plogger
Vendor: Plogger Team ( http://www.plogger.org/ )
Vulnerable Version: 1.0 RC1
Vendor Notification: 29 March 2011
Vulnerability Type: Path disclosure
Risk level: Low
Credit: High-T
[ more ] [ reply ]