|
|
Prev week |
Colapse all |
Post message
bbPress 1.0.2 <= Cross Site Scripting Vulnerability 2011-03-13 YGN Ethical Hacker Group (lists yehg net) ========================================= bbPress 1.0.2 <= Cross Site Scripting Vulnerability ========================================= 1. OVERVIEW bbPress 1.0.2 and lower versions were vulnerable to Cross Site Scripting. 2. APPLICATION DESCRIPTION bbPress is plain and simple forum software, [ more ] [ reply ] Checkpoint VPN - Priviledge Escalation 2011-03-12 Thierry Zoller (Thierry zoller lu) It appears this bug has gone unoticed to vulnerability databases maintainers, very likely due to the lack of disclosure/publication. This usually means it's also not in compliance/patching systems and exposes customers to unecessary risk. To counteract I'd like to drop this note. Checkpoin [ more ] [ reply ] Privacy, Security, Trust (PST 2011) - 2nd Call for Papers (Deadline: March 20) 2011-03-12 Serguei A. Mokhov on behalf of PST-11 (mokhov cse concordia ca) [ Apologies if you receive multiple copies of this announcement. Please pass it on to your colleagues and students who might be interested in contributing. ] Ninth Annual Conference on Privacy, Security and Trust ------------------------------------------------------ July 19-21, 2011 Montreal, [ more ] [ reply ] VUPEN Security Research - Apple Safari WebKit Block Dimensions Handling Integer Overflow 2011-03-11 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Apple Safari WebKit Block Dimensions Handling Integer Overflow http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.4 [ more ] [ reply ] Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability 2011-03-13 YGN Ethical Hacker Group (lists yehg net) ========================================== Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability ========================================== 1. OVERVIEW Joomla! 1.6.0 was vulnerable to Cross Site Scripting. 2. PRODUCT DESCRIPTION Joomla is a free and open source content management system (C [ more ] [ reply ] VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free 2011-03-11 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4. [ more ] [ reply ] VUPEN Security Research - Apple Safari WebKit Iframe Event Handling Remote Use-after-free 2011-03-11 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Apple Safari WebKit Iframe Event Handling Remote Use-after-free http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4. [ more ] [ reply ] DC4420 - London DEFCON - March meet - Tuesday 22nd March 2011 2011-03-11 Major Malfunction (majormal pirate-radio org) Another 22nd! How spooky is that? If I were a gambling man, I'd be betting on horse number 22 coming in 2nd in the 2nd race... or something.... and while we're on the subject of unlikely things, who says there's no such thing as free beer? Yes, this month we've found not one but two victi^Wspons [ more ] [ reply ] [SECURITY] [DSA 2190-1] wordpress security update 2011-03-11 Giuseppe Iuculano (iuculano debian org) Medium severity flaw in QNX Neutrino RTOS 2011-03-11 Tim Brown (timb nth-dimension org uk) I was recently taking a look at the state of play regarding the security of POSIX runtime linkers and was pointed at the QNX Neutrino RTOS to take a look. In doing so I noticed a problem relating to the way that it handles LD_DEBUG_OUTPUT which allows for the creation or overwriting of an arbitr [ more ] [ reply ] [security bulletin] HPSBMA02629 SSRT100381 rev.3 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS) 2011-03-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02711131 Version: 3 HPSBMA02629 SSRT100381 rev.3 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS) NOTICE: The information in [ more ] [ reply ] Call for Papers: Passwords^11 2011-03-10 Per Thorsheim (per thorsheim net) ANNOUNCEMENT & CALL FOR PAPERS : PASSWORDS^11 PASSWORDS^11 will be held at the University in Bergen (Norway), on June 7-8, 2011. The 2-day conference will be free and open for everyone to attend. Primary audience will be academics and security professionals with deep technical knowledge. Limited se [ more ] [ reply ] HTB22881: SQL injection vulnerability in CosmoShop 2011-03-10 advisory htbridge ch Vulnerability ID: HTB22881 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cosmoshop .html Product: CosmoShop Vendor: Zaunz Publishing GmbH ( http://www.cosmoshop.de/ ) Vulnerable Version: ePRO V10.05.00 Vendor Notification: 24 February 2011 Vulnerability Type: Blind SQL I [ more ] [ reply ] HTB22874: Path disclosure in Lazyest Gallery wordpress plugin 2011-03-10 advisory htbridge ch Vulnerability ID: HTB22874 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_lazyest_gallery_wordp ress_plugin.html Product: Lazyest Gallery wordpress plugin Vendor: Brimosoft ( http://brimosoft.nl/ ) Vulnerable Version: 1.0.26 Vendor Notification: 24 February 2011 Vulnerability Type: [ more ] [ reply ] HTB22878: XSS vulnerability in CosmoShop 2011-03-10 advisory htbridge ch Vulnerability ID: HTB22878 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cosmoshop.html Product: CosmoShop Vendor: Zaunz Publishing GmbH ( http://www.cosmoshop.de/ ) Vulnerable Version: ePRO V10.05.00 Vendor Notification: 24 February 2011 Vulnerability Type: Stored XSS (Cross Sit [ more ] [ reply ] HTB22875: XSS in Lazyest Gallery wordpress plugin 2011-03-10 advisory htbridge ch Vulnerability ID: HTB22875 Reference: http://www.htbridge.ch/advisory/xss_in_lazyest_gallery_wordpress_plugin. html Product: Lazyest Gallery wordpress plugin Vendor: Brimosoft ( http://brimosoft.nl/ ) Vulnerable Version: 1.0.26 Vendor Notification: 24 February 2011 Vulnerability Type: XSS (Cross S [ more ] [ reply ] HTB22879: Multiple XSS vulnerabilities in CosmoShop 2011-03-10 advisory htbridge ch Vulnerability ID: HTB22879 Reference: http://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_cosmosho p.html Product: CosmoShop Vendor: Zaunz Publishing GmbH ( http://www.cosmoshop.de/ ) Vulnerable Version: ePRO V10.05.00 Vendor Notification: 24 February 2011 Vulnerability Type: XSS (Cross [ more ] [ reply ] HTB22880: XSS vulnerability in CosmoShop 2011-03-10 advisory htbridge ch Vulnerability ID: HTB22880 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cosmoshop_1.html Product: CosmoShop Vendor: Zaunz Publishing GmbH ( http://www.cosmoshop.de/ ) Vulnerable Version: ePRO V10.05.00 Vendor Notification: 24 February 2011 Vulnerability Type: Stored XSS (Cross S [ more ] [ reply ] [DCA-2011-0007] Air Contacts Lite (iPhone / iPod App Denial Of Service) 2011-03-09 Rodrigo Escobar (ipax dclabs com br) [Discussion] - DcLabs Security Research Group advises about the following vulnerability(ies): [Software] - Air Contacts Lite (By i-NOVATiON GmbH) [Vendor Product Description] - Sharing contacts can't be easier. Wireless access to your iPhone contacts from your Mac or PC. This is the Lite Versio [ more ] [ reply ] RecordPress Multiple Vulnerabilities 2011-03-09 irancrash gmail com ---------------------------------------------------------------- WebApplication : RecordPress 0.3.1 Type of vunlnerability : CSRF ( Change Admin Password ) And XSS Risk of use : Medium ---------------------------------------------------------------- Producer Website : http://www.recordpress.org/ --- [ more ] [ reply ] |
|
Privacy Statement |
Joomla! 1.6.0 | SQL Injection Vulnerability
=================================
1. OVERVIEW
Joomla! 1.6.0 was vulnerable to SQL Injection.
2. BACKGROUND
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide We
[ more ] [ reply ]