|
|
Prev week |
Colapse all |
Post message
[DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS 2011-03-16 Alexandr Polyakov (alexandr polyakov dsec ru) [DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS 2011-03-16 Alexandr Polyakov (alexandr polyakov dsec ru) [DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS SAP Crystal Report Server 2008 - multiple cross-site scripting vulnerabilities. SAP Crystal Report Server 2008 - Multiple cross-site scripting vulnerabilities. [DSecRG-11-011] (Internal DSECRG-00147) Multiple XSS vulnerabilities found in [ more ] [ reply ] [USN-1088-1] Kerberos vulnerability 2011-03-15 Steve Beattie (sbeattie ubuntu com) =========================================================== Ubuntu Security Notice USN-1088-1 March 15, 2011 krb5 vulnerability CVE-2011-0284 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS [ more ] [ reply ] MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled 2011-03-15 Tom Yu (tlyu mit edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-003 MIT krb5 Security Advisory 2011-003 Original release: 2011-03-15 Last update: 2011-03-15 Topic: KDC vulnerable to double-free when PKINIT enabled CVE-2011-0284 CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Ba [ more ] [ reply ] [SECURITY] [DSA 2192-1] chromium-browser security update 2011-03-15 Giuseppe Iuculano (iuculano debian org) [RT-SA-2011-002] SugarCRM list privilege restriction bypass 2011-03-15 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: SugarCRM list privilege restriction bypass RedTeam Pentesting discovered a vulnerability in SugarCRM that allows logged in users to bypass restrictions of their list privilege, allowing to list all entries. Details ======= Product: SugarCRM Community Edition SugarCRM Professio [ more ] [ reply ] [RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution 2011-03-15 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: nostromo nhttpd directory traversal leading to arbitrary command execution During a penetration test, RedTeam Pentesting discovered a directory traversal vulnerability leading to arbitrary command execution in the nostromo HTTP server. Details ======= Product: nostromo (nhttp [ more ] [ reply ] ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server 2011-03-15 Security_Alert emc com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA® Access Manager Server. Summary: RSA Access Manager Server contains a potential vulnerability that could be exploited by malicious pe [ more ] [ reply ] ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability 2011-03-15 Security_Alert emc com HTB22887: XSS vulnerability in LotusCMS 2011-03-15 advisory htbridge ch Vulnerability ID: HTB22887 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lotuscms_3.html Product: LotusCMS Vendor: Arboroia Network ( http://www.lotuscms.org/ ) Vulnerable Version: 3.0.3 and probably prior versions Vendor Notification: 01 March 2011 Vulnerability Type: Stored XSS [ more ] [ reply ] HTB22886: XSRF (CSRF) in LotusCMS 2011-03-15 advisory htbridge ch Vulnerability ID: HTB22886 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_lotuscms.html Product: LotusCMS Vendor: Arboroia Network ( http://www.lotuscms.org/ ) Vulnerable Version: 3.0.3 and probably prior versions Vendor Notification: 01 March 2011 Vulnerability Type: CSRF (Cross-Site Req [ more ] [ reply ] HTB22885: XSS vulnerability in LotusCMS 2011-03-15 advisory htbridge ch Vulnerability ID: HTB22885 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lotuscms_2.html Product: LotusCMS Vendor: Arboroia Network ( http://www.lotuscms.org/ ) Vulnerable Version: 3.0.3 and probably prior versions Vendor Notification: 01 March 2011 Vulnerability Type: XSS (Cross [ more ] [ reply ] HTB22883: XSS vulnerability in LotusCMS 2011-03-15 advisory htbridge ch Vulnerability ID: HTB22883 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lotuscms.html Product: LotusCMS Vendor: Arboroia Network ( http://www.lotuscms.org/ ) Vulnerable Version: 3.0.3 and probably prior versions Vendor Notification: 01 March 2011 Vulnerability Type: Stored XSS ( [ more ] [ reply ] HTB22884: XSS vulnerability in LotusCMS 2011-03-15 advisory htbridge ch Vulnerability ID: HTB22884 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lotuscms_1.html Product: LotusCMS Vendor: Arboroia Network ( http://www.lotuscms.org/ ) Vulnerable Version: 3.0.3 and probably prior versions Vendor Notification: 01 March 2011 Vulnerability Type: Stored XSS [ more ] [ reply ] HTB22882: Path disclosure in OXID eShop 2011-03-15 advisory htbridge ch Vulnerability ID: HTB22882 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_oxid_eshop.html Product: OXID eShop Vendor: OXID eSales AG ( http://www.oxid-esales.com/ ) Vulnerable Version: CE 4.4.7 Vendor Notification: 01 March 2011 Vulnerability Type: Path disclosure Status: Not Fixed [ more ] [ reply ] HTB22888: File Content Disclosure in LotusCMS 2011-03-15 advisory htbridge ch Vulnerability ID: HTB22888 Reference: http://www.htbridge.ch/advisory/file_content_disclosure_in_lotuscms.html Product: LotusCMS Vendor: Arboroia Network ( http://www.lotuscms.org/ ) Vulnerable Version: 3.0.3 and probably prior versions Vendor Notification: 01 March 2011 Vulnerability Type: File C [ more ] [ reply ] HTB22877: Path disclosure in xt:Commerce 2011-03-15 advisory htbridge ch Vulnerability ID: HTB22877 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_xtcommerce.html Product: xt:Commerce Vendor: xt:Commerce GmbH ( http://www.xt-commerce.com/ ) Vulnerable Version: VEYTON 4.0.13 Vendor Notification: 01 March 2011 Vulnerability Type: Path disclosure Status: Fi [ more ] [ reply ] [SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass 2011-03-15 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1088 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.10 - - Earlier versions are not affected Description: When a web application was started, @S [ more ] [ reply ] [USN-1079-2] OpenJDK 6 vulnerabilities 2011-03-15 Steve Beattie (sbeattie ubuntu com) =========================================================== Ubuntu Security Notice USN-1079-2 March 15, 2011 openjdk-6b18 vulnerabilities CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706 ================= [ more ] [ reply ] [USN-1085-2] tiff regression 2011-03-15 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1085-2 March 15, 2011 tiff regression https://launchpad.net/bugs/731540 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 [ more ] [ reply ] VMSA-2011-0005 VMware vCenter Orchestrator remote code execution vulnerability 2011-03-14 VMware Security Team (security vmware com) [security bulletin] HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code 2011-03-14 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02750690 Version: 1 HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin [ more ] [ reply ] [DCA-2011-0004] - Trend WebReputation API Bypass 2011-03-14 Ewerson Guimarães (Crash) - Dclabs (crash dclabs com br) [DCA-2011-0004] [Discussion] - DcLabs Security Research Group advises about following vulnerability(ies): [Software] - Trend WebReputation API [Vendor Product Description] - Secure any endpoint ? physical or virtual ? with the industry?s strongest, most reliable protection, while reducing the i [ more ] [ reply ] [DSECRG-11-010] SAP NetWeaver logon.html - XSS 2011-03-14 Alexandr Polyakov (alexandr polyakov dsec ru) [USN-1087-1] libvpx vulnerability 2011-03-11 Micah Gersten (micah canonical com) =========================================================== Ubuntu Security Notice USN-1087-1 March 11, 2011 libvpx vulnerability CVE-2010-4489 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory [ more ] [ reply ] [DSECRG-11-009] SAP NetWaver XI SOAP Adapter - XSS 2011-03-14 Alexandr Polyakov (alexandr polyakov dsec ru) [DSECRG-11-009] SAP NetWaver XI SOAP Adapter - XSS SAP NetWeaver 7.0 application XI SOAP Adapter has linked XSS vulnerability Digital Security Research Group [DSecRG] Advisory DSecRG-11-009 (Internal DSecRG-00120) Application: SAP NetWeaver Versions Affected: SAP NetWeaver XI SOAP Ad [ more ] [ reply ] ClubHACK Magazine: Call for Articles 2011-03-14 abhijeet clubhack com ClubHACK Magazine is seeking for submissions for next two issues - April and May 2011. IF you have something interesting and would like to share, please send in your articles to abhijeet (at) clubhack (dot) com [email concealed] Topics/Themes for next two issues are :- 1) April issue : Browser security 2) May issue : Wireles [ more ] [ reply ] BoutikOne Multiples SQL Injection Vulnerability 2011-03-13 cdx security gmail com - BoutikOne - Multiples SQL Injection Vulnerability RELEASE DATE : 13.03.2011 by Alz <cdx[dot]security[at]gmail[dot]com [-] Google Dork: "Powered by BoutikOne" [-> categorie.php] Var <path> : http://[target]/categories.php?path=[sqli] [-> list.php] Var <path> : http://[target]/list.php?path=[sql [ more ] [ reply ] |
|
Privacy Statement |
[DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS
SAP NetWeaver Integration Directory has multiple linked XSS vulnerabilities.
Digital Security Research Group [DSecRG] Advisory DSecRG-11-012 ( Internal DSecRG-00159)
Application: SAP NetWeaver XI
Versions Affected:
[ more ] [ reply ]