|
|
Prev week |
Colapse all |
Post message
Mutare Software EVM - CSRF and XSS Vulnerabilities 2011-03-04 Travis Lee (travisle gmail com) Description: Mutare Software EVM 2.2.9 (possibly earlier versions) is vulnerable to CSRF and XSS. An attacker could do the following to a users' EVM settings: A. Change their EVM PIN B. Delete all of their voice messages C. Change or add any of their delivery address for voicemails CERT Vulne [ more ] [ reply ] [DCA-2011-0002]: TOTVS ERP Microsiga Protheus - Users Enumeration 2011-03-04 Flavio do Carmo Junior aka waKKu (carmo flavio dclabs com br) [DCA-2011-0002] [Discussion] - DcLabs Security Research Group advises about following vulnerability(ies): [Software] - TOTVS ERP Microsiga Protheus [Vendor Product Description - Portuguese] - Software de Gestão - TOTVS A TOTVS é uma empresa de software, inovação, relacionamento e suporte à gestã [ more ] [ reply ] [DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection 2011-03-04 Flavio do Carmo Junior aka waKKu (carmo flavio dclabs com br) [DCA-2011-0003] [Discussion] - DcLabs Security Research Group advises about following vulnerability(ies): [Software] - LMS Web Ensino [Vendor Product Description - Portuguese] - O Learning Management System (LMS) Web Ensino é uma ferramenta completa para o gerenciamento e oferta de cursos e trei [ more ] [ reply ] [DCA-2011-0001] TP-LINK TL-WR740N Multiple Vulnerabilities - Stored XSS - Web Console and Upnp server DoS 2011-03-04 Ewerson Guimarães (Crash) - Dclabs (crash dclabs com br) [DCA-2011-0001] [Discussion] - DcLabs Security Research Group advises about following vulnerability(ies): [Software/Hardware] - TP-LINK TL-WR740N [Vendor Product Description] - The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port [ more ] [ reply ] HTB22837: Path disclosure in PrestaShop 2011-03-03 advisory htbridge ch Vulnerability ID: HTB22837 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_prestashop.html Product: PrestaShop Vendor: PrestaShop ( http://www.prestashop.com/ ) Vulnerable Version: Prestashop 1.3.6 final Vendor Notification: 17 February 2011 Vulnerability Type: Path disclosure Risk l [ more ] [ reply ] [security bulletin] HPSBPI02640 SSRT100410 rev.1 - HP MFP Digital Sending Software Running on Windows, Authentication Bypass 2011-03-03 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02738104 Version: 1 HPSBPI02640 SSRT100410 rev.1 - HP MFP Digital Sending Software Running on Windows, Authentication Bypass NOTICE: The information in this Security Bulletin should be acted upo [ more ] [ reply ] HTB22865: XSS vulnerability in xtcModified 2011-03-03 advisory htbridge ch Vulnerability ID: HTB22865 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_xtcmodified_2.html Product: xtcModified Vendor: xtcModified Team ( http://www.xtc-modified.org/ ) Vulnerable Version: 1.05 and probably prior versions Vendor Notification: 17 February 2011 Vulnerability Type [ more ] [ reply ] HTB22853: XSS vulnerability in Pragyan CMS 2011-03-03 advisory htbridge ch Vulnerability ID: HTB22853 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pragyan_cms.html Product: Pragyan CMS Vendor: Pragyan Team ( http://sourceforge.net/projects/pragyan/ ) Vulnerable Version: v.3.0 beta Vendor Notification: 17 February 2011 Vulnerability Type: Stored XSS (Cr [ more ] [ reply ] HTB22856: XSS vulnerability in Pragyan CMS 2011-03-03 advisory htbridge ch Vulnerability ID: HTB22856 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pragyan_cms_1.html Product: Pragyan CMS Vendor: Pragyan Team ( http://sourceforge.net/projects/pragyan/ ) Vulnerable Version: v.3.0 beta Vendor Notification: 17 February 2011 Vulnerability Type: Stored XSS ( [ more ] [ reply ] HTB22855: XSRF (CSRF) in Pragyan CMS 2011-03-03 advisory htbridge ch Vulnerability ID: HTB22855 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_pragyan_cms.html Product: Pragyan CMS Vendor: Pragyan Team ( http://sourceforge.net/projects/pragyan/ ) Vulnerable Version: v.3.0 beta Vendor Notification: 17 February 2011 Vulnerability Type: CSRF (Cross-Site Reque [ more ] [ reply ] HTB22866: XSS vulnerability in xtcModified 2011-03-03 advisory htbridge ch Vulnerability ID: HTB22866 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_xtcmodified_3.html Product: xtcModified Vendor: xtcModified Team ( http://www.xtc-modified.org/ ) Vulnerable Version: 1.05 and probably prior versions Vendor Notification: 17 February 2011 Vulnerability Type [ more ] [ reply ] HTB22857: Path disclosure in Tribiq CMS 2011-03-03 advisory htbridge ch Vulnerability ID: HTB22857 Reference: http://www.htbridge.ch/advisory/full_path_disclosure_in_tribiq_cms.html Product: Tribiq CMS Vendor: Tribal Limited ( http://tribiq.com/ ) Vulnerable Version: 5.2.7b and probably prior versions Vendor Notification: 17 February 2011 Vulnerability Type: Path disc [ more ] [ reply ] HTB22863: XSS vulnerability in xtcModified 2011-03-03 advisory htbridge ch Vulnerability ID: HTB22863 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_xtcmodified.html Product: xtcModified Vendor: xtcModified Team ( http://www.xtc-modified.org/ ) Vulnerable Version: 1.05 and probably prior versions Vendor Notification: 17 February 2011 Vulnerability Type: [ more ] [ reply ] [USN-1050-1] Thunderbird vulnerabilities 2011-03-03 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1050-1 March 03, 2011 thunderbird vulnerabilities CVE-2010-1585, CVE-2011-0053, CVE-2011-0061, CVE-2011-0062 =========================================================== A security issue affects the fol [ more ] [ reply ] iDefense Security Advisory 03.02.11: Apple CoreGraphics Library Heap Memory Corruption Vulnerability 2011-03-02 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 03.02.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 02, 2011 I. BACKGROUND Apple's CoreGraphics library is an API used to create and manipulate graphical elements. This API is used by many Apple applications, including the Safari browser on both Windows a [ more ] [ reply ] ZDI-11-101: Apple iPhone Webkit Library Javascript Array sort Method Remote Code Execution Vulnerability 2011-03-02 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-101: Apple iPhone Webkit Library Javascript Array sort Method Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-101 March 2, 2011 -- CVE ID: CVE-2011-0154 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple [ more ] [ reply ] ZDI-11-100: Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability 2011-03-02 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-100: Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-100 March 2, 2011 -- CVE ID: CVE-2011-0149 -- CVSS: 9, (AV:N/AC:M/Au:N/C:C/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- Tipping [ more ] [ reply ] ZDI-11-099: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability 2011-03-02 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-099: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-099 March 2, 2011 -- CVE ID: CVE-2011-0133 -- CVSS: 9.7, (AV:N/AC:L/Au:N/C:C/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint [ more ] [ reply ] ZDI-11-098: Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability 2011-03-02 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-098: Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-098 March 2, 2011 -- CVE ID: CVE-2011-0132 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- Vulne [ more ] [ reply ] ZDI-11-096: Apple Safari WebKit Range Object Remote Code Execution Vulnerability 2011-03-02 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-096: Apple Safari WebKit Range Object Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-096 March 2, 2011 -- CVE ID: CVE-2011-0115 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint [ more ] [ reply ] ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution Vulnerability 2011-03-02 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-095 March 2, 2011 -- CVE ID: CVE-2010-1824 -- CVSS: 9.7, (AV:N/AC:L/Au:N/C:C/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- Tipping [ more ] [ reply ] [USN-1080-2] Linux kernel vulnerabilities 2011-03-02 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1080-2 March 02, 2011 linux-ec2 vulnerabilities CVE-2010-3865, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4248, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4527, CVE- [ more ] [ reply ] iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability 2011-03-02 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 03.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 01, 2011 I. BACKGROUND The Alcatel-Lucent OmniPCX Enterprise Communication Server (CS) is a communication server platform that provides multimedia call processing for both Alcatel-Lucent and third-party [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:041
http://www.mandriva.com/security/
______________________________________________________________________
[ more ] [ reply ]