|
|
Prev week |
Colapse all |
Post message
Tugux CMS (nid) BLIND sql injection vulnerability 2011-03-20 eidelweiss windowslive com =================================================================== Tugux CMS (nid) BLIND sql injection vulnerability =================================================================== Software: Tugux CMS Vendor: www.tugux.com Vuln Type: BLind SQL Injection Download link: http://sour [ more ] [ reply ] XSS vulnerability in Web Poll Pro 2011-03-19 Hector x90 ymail com Product: Web Poll Pro Vendor: http://www.got.my Vulnerable Version: 1.0.3 and probably prior versions Vulnerability Type: Stored XSS (Cross Site Scripting) Risk level: Medium Credit: Hector.x90 Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable applicati [ more ] [ reply ] [USN-1090-1] Linux kernel vulnerabilities 2011-03-18 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1090-1 March 18, 2011 linux vulnerabilities CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4163, CVE-2010-4175 =========================================================== A security issue affect [ more ] [ reply ] [USN-1089-1] Linux kernel vulnerabilities 2011-03-18 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1089-1 March 18, 2011 linux, linux-ec2 vulnerabilities CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4175, CVE-2010-4242 =========================================== [ more ] [ reply ] libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) 2011-03-18 cxib securityreason com [ libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) ] Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CERT: VU#325039 Affected Software: - libzip 0.9.3 - PHP 5.3.5 (fixed 5.3.6) Origi [ more ] [ reply ] XOOPS 2.5.0 <= Cross Site Scripting Vulnerability 2011-03-18 YGN Ethical Hacker Group (lists yehg net) XOOPS 2.5.0 <= Cross Site Scripting Vulnerability 1. OVERVIEW The XOOPS 2.5.0 and lower versions were vulnerable to Cross Site Scripting. 2. BACKGROUND XOOPS is an acronym of eXtensible Object Oriented Portal System. It's the #1 Content Management System (CMS) project on www.sourceforge.net a [ more ] [ reply ] OWASP AppSec USA 2011 Call for Papers 2011-03-18 Adam Baso (adam comotheory com) The OWASP AppSec USA 2011 Call for Papers (CFP) is now open. Visit the following URL to submit your abstract for the September 22-23, 2011 talks in Minneapolis, Minnesota: http://www.appsecusa.org/talks.html We're excited to announce that speakers will be in good company with our first keynote, OW [ more ] [ reply ] [TEHTRI-Security] Quick BlackBerry Security Check 2011-03-17 Laurent OUDOT at TEHTRI-Security (laurent oudot-ml tehtri-security com) Gents, If you are a lucky BlackBerry owner, or an administrator of many BB devices, you can do a quick security check of your smartphone(s), by browsing this web page from your device (free quick check): http://tehtris.com/bbcheck For now, this will check for you if you are potentially vulne [ more ] [ reply ] [USN-1079-3] OpenJDK 6 vulnerabilities 2011-03-17 Steve Beattie (sbeattie ubuntu com) =========================================================== Ubuntu Security Notice USN-1079-3 March 17, 2011 openjdk-6b18 vulnerabilities CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706 ================= [ more ] [ reply ] Deferral Announcement for the March 2011 Cisco IOS Software Security Advisories 2011-03-17 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco PSIRT regularly discloses vulnerabilities in Cisco IOS Software on the fourth Wednesday in March and September via the Cisco IOS Security Advisory bundle. The next bundled disclosure was planned for Wednesday, March 23, 2011, but Cisco will defe [ more ] [ reply ] [Announcement] ClubHACK Magazine Issue 14-March 2011 released 2011-03-17 abhijeet clubhack com Hi All So here we are with our 14th Issue of CHMag. We are loving the contribution of readers. Keep that coming. From this month we are Introducing new section i.e Matruix Vibhag. ClubHACK Magazine: http://chmag.in Direct Download:- http://chmag.in/issue/mar2011.pdf In this issue we have the foll [ more ] [ reply ] [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel 2011-03-17 Timo Warns (Warns pre-sense de) PRE-CERT Security Advisory ========================== * Advisory: PRE-SA-2011-02 * Released on: 16 Mar 2011 * Last updated on: 16 Mar 2011 * Affected product: Linux Kernel 2.4 and 2.6 * Impact: disclosure of sensitive information * Origin: storage devices * Credit: Timo Warns (PRESENSE Technologie [ more ] [ reply ] HTB22889: XSS in Rating-Widget wordpress plugin 2011-03-17 advisory htbridge ch Vulnerability ID: HTB22889 Reference: http://www.htbridge.ch/advisory/xss_in_rating_widget_wordpress_plugin.ht ml Product: Rating-Widget wordpress plugin Vendor: Vova Feldman ( http://rating-widget.com/ ) Vulnerable Version: 1.3.1 Vendor Notification: 03 March 2011 Vulnerability Type: XSS (Cross Si [ more ] [ reply ] HTB22890: XSS in Rating-Widget wordpress plugin 2011-03-17 advisory htbridge ch Vulnerability ID: HTB22890 Reference: http://www.htbridge.ch/advisory/xss_in_rating_widget_wordpress_plugin_1. html Product: Rating-Widget wordpress plugin Vendor: Vova Feldman ( http://rating-widget.com/ ) Vulnerable Version: 1.3.1 Vendor Notification: 03 March 2011 Vulnerability Type: XSS (Cross [ more ] [ reply ] HTB22892: Path disclosure in Smen Social Button wordpress plugin 2011-03-17 advisory htbridge ch Vulnerability ID: HTB22892 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_smen_social_button_wo rdpress_plugin.html Product: Smen Social Button wordpress plugin Vendor: Alexandru Dumencu ( http://smen.ro/ ) Vulnerable Version: 0.7 Vendor Notification: 03 March 2011 Vulnerability Type [ more ] [ reply ] HTB22891: XSS in Rating-Widget wordpress plugin 2011-03-17 advisory htbridge ch Vulnerability ID: HTB22891 Reference: http://www.htbridge.ch/advisory/xss_in_rating_widget_wordpress_plugin_2. html Product: Rating-Widget wordpress plugin Vendor: Vova Feldman ( http://rating-widget.com/ ) Vulnerable Version: 1.3.1 Vendor Notification: 03 March 2011 Vulnerability Type: XSS (Cross [ more ] [ reply ] HTB22893: XSS in Sodahead Polls wordpress plugin 2011-03-17 advisory htbridge ch Vulnerability ID: HTB22893 Reference: http://www.htbridge.ch/advisory/xss_in_sodahead_polls_wordpress_plugin.h tml Product: Sodahead Polls wordpress plugin Vendor: SodaHead.com ( SodaHead.com ) Vulnerable Version: 2.0.2 Vendor Notification: 03 March 2011 Vulnerability Type: XSS (Cross Site Scriptin [ more ] [ reply ] HTB22894: XSS in Sodahead Polls wordpress plugin 2011-03-17 advisory htbridge ch Vulnerability ID: HTB22894 Reference: http://www.htbridge.ch/advisory/xss_in_sodahead_polls_wordpress_plugin_1 .html Product: Sodahead Polls wordpress plugin Vendor: SodaHead.com ( SodaHead.com ) Vulnerable Version: 2.0.2 Vendor Notification: 03 March 2011 Vulnerability Type: XSS (Cross Site Script [ more ] [ reply ] [DSECRG-11-014] SAP GUI (sapgui) - DLL hijacking 2011-03-16 Alexandr Polyakov (alexandr polyakov dsec ru) [DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS 2011-03-16 Alexandr Polyakov (alexandr polyakov dsec ru) |
|
Privacy Statement |
zgmzgm[at]mail.ustc.edu.cn
-- Disclosure Timeline:
3-17-2011
-- Affected Vendor:
Imagemagick 6.6.8-5
Libtiff 6.9.4
-- Problem Description:
A buffer overflow is triggered by displaying a malformed tiff image by the Imagemagick.The error information is followed:
display: malformed.tif:
[ more ] [ reply ]