|
|
Prev week |
Colapse all |
Post message
Re: HTB22905: Path disclosure in Wordpress 2011-03-30 Patrick Kelley (psworn gmail com) Seems like most of the "vulnerabilities" from the last couple days are not actual software issues, but problems with configuration of the server or just not following the directions provided by the vendor. If that is our measure for vulnerability, I can show about 10 for the wristwatch I am wearing [ more ] [ reply ] Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability 2011-03-30 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability Advisory ID: cisco-sa-20110330-acs Revision 1.0 For Public Release 2011 March 30 1600 UTC (GMT) +----------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability 2011-03-30 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability Advisory ID: cisco-sa-20110330-nac Revison 1.0 For Public Release 2011 March 30 1600 UTC (GMT) +--------------------------------- [ more ] [ reply ] ESA-2011-012: Security update for EMC NetWorker Module for Microsoft Applications 2011-03-30 Security_Alert emc com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-012: Security update for EMC NetWorker Module for Microsoft Applications. EMC Identifier: ESA-2011-012 CVE Identifier: CVE-2011-0647 Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Affected products: EMC Ne [ more ] [ reply ] [USN-1095-1] Quagga vulnerabilities 2011-03-29 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1095-1 March 29, 2011 quagga vulnerabilities CVE-2010-1674, CVE-2010-1675 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.0 [ more ] [ reply ] [USN-1094-1] Libvirt vulnerability 2011-03-29 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1094-1 March 29, 2011 libvirt vulnerability CVE-2011-1146 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 L [ more ] [ reply ] [USN-1097-1] Tomcat vulnerabilities 2011-03-29 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1097-1 March 29, 2011 tomcat6 vulnerabilities CVE-2010-3718, CVE-2011-0013, CVE-2011-0534 =========================================================== A security issue affects the following Ubuntu relea [ more ] [ reply ] DataDynamics Report Library CoreHandler XSS 2011-03-30 david daly dionach com Class Input Validation Error CVE Remote Yes Local No Published Mar 30 2011 11:00AM Credit Dionach Vulnerable Grapecity DataDynamics Report Library 1.6.1871.61 and earlier Grapecity's DataDynamics Report Library is prone to a cross-site scripting vulnerability because it fails to sufficiently san [ more ] [ reply ] [USN-1096-1] Subversion vulnerability 2011-03-29 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1096-1 March 29, 2011 subversion vulnerability CVE-2011-0715 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu [ more ] [ reply ] [USN-1098-1] vsftpd vulnerability 2011-03-29 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1098-1 March 29, 2011 vsftpd vulnerability CVE-2011-0762 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 [ more ] [ reply ] VMSA-2011-0006 VMware vmrun utility local privilege escalation 2011-03-30 VMware Security Team (security vmware com) [SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities 2011-03-29 joey infodrom org (Martin Schulze) Re: HTB22905: Path disclosure in Wordpress 2011-03-29 Christian Sciberras (uuf6429 gmail com) Ridiculous! I've been talking about this for some time, the actual list of vulnerable files follows: wp-admin\admin-functions.php wp-admin\includes\admin.php wp-admin\includes\class-ftp-pure.php wp-admin\includes\class-ftp-sockets.php wp-admin\includes\class-wp-filesystem-direct.php wp-admin\includ [ more ] [ reply ] Re: "Simple PHP Newsletter" Remote Admin Password Change With install path 2011-03-29 Patrick Kelley (psworn gmail com) So, essentially this threat can be removed by simply deleting the "install" directory, which is common practice when installing web applications? On Tue, Mar 29, 2011 at 10:03 AM, <cseye_ut (at) yahoo (dot) com [email concealed]> wrote: > ######################################################################## ############# > [ more ] [ reply ] HTB22903: XSS in Spitfire CMS 2011-03-29 advisory htbridge ch Vulnerability ID: HTB22903 Reference: http://www.htbridge.ch/advisory/xss_in_spitfire_cms.html Product: Spitfire CMS Vendor: Spitfire ( http://spitfire.clausmuus.de/ ) Vulnerable Version: 1.0.436 Vendor Notification: 15 March 2011 Vulnerability Type: XSS Risk level: Medium Credit: High-Tech Brid [ more ] [ reply ] HTB22904: Path disclosure in bbPress 2011-03-29 advisory htbridge ch Vulnerability ID: HTB22904 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_bbpress.html Product: bbPress Vendor: http://bbpress.org ( http://bbpress.org ) Vulnerable Version: 1.0.3 Vendor Notification: 15 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Te [ more ] [ reply ] XSS Vulnerability in Tracks 1.7.2 2011-03-29 Netsparker Advisories (advisories mavitunasecurity com) Information -------------------- Name : XSS vulnerability in Tracks Software : Tracks 1.7.2. Vendor Hompeage : http://getontracks.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com> Advisory Reference : NS-11-003 Des [ more ] [ reply ] HTB22905: Path disclosure in Wordpress 2011-03-29 advisory htbridge ch Vulnerability ID: HTB22905 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_wordpress.html Product: Wordpress Vendor: http://wordpress.org/ ( http://wordpress.org/ ) Vulnerable Version: 3.1 Vendor Notification: 15 March 2011 Vulnerability Type: Path disclosure Status: Not Fixed Risk l [ more ] [ reply ] "WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path 2011-03-29 cseye_ut yahoo com ######################################################################## ############# #### "WESPA PHP Newsletter v3.0" Remote Admin Password Change With #### #### install path #### ######################################################################## ############# # # # Author: alieye # # # [ more ] [ reply ] "Simple PHP Newsletter" Remote Admin Password Change With install path 2011-03-29 cseye_ut yahoo com ######################################################################## ############# #### "Simple PHP Newsletter" Remote Admin Password Change With #### #### install path #### ######################################################################## ############# # # # Author: alieye # # # # c [ more ] [ reply ] "WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path 2011-03-28 cseye_ut yahoo com "Simple PHP Newsletter" Remote Admin Password Change With install path 2011-03-28 cseye_ut yahoo com Solaris 10 Port Stealing Vulnerability 2011-03-28 Chris O'Regan (chris encs concordia ca) I reported this to Oracle, but I have been told that this is part of the BSD standard and a desire feature (!). In a nutshell, as an ordinary user, I can bind to a port using a specific address even if another process is already bound to it with a wildcard address. This makes it very easy for an un [ more ] [ reply ] ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability 2011-03-28 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-113 March 28, 2011 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Zend -- Affected Products: Zend Zend Server -- TippingPoint(TM) IPS Customer [ more ] [ reply ] [AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities 2011-03-28 Michele Orru (antisnatchor gmail com) OpenCMS <= 7.5.3 multiple vulnerabilities Name: OpenCMS <= 7.5.3 multiple vulnerabilities Systems Affected: OpenCMS <= 7.5.3 Severity: High Vendor: http://www.opencms.org Advisory: http://antisnatchor.com/opencms_7.5.3_multiple_vulnerabilities Author: Michele "antisnatchor" Orru (michele.orru [ more ] [ reply ] |
|
Privacy Statement |
WordPress issue is avoidable by just configuring the server to common
standards of not displaying errors in a production environment. That
seems pretty simple. I can see instances where I would want the
software to reveal the path if n
[ more ] [ reply ]