|
|
Prev week |
Colapse all |
Post message
ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability 2011-03-02 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-102 March 2, 2011 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Postgres -- Affected Products: Postgres Plus SQL -- [ more ] [ reply ] ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability 2011-03-02 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-103 March 2, 2011 -- CVE ID: CVE-2011-0055 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Mozilla -- Affected Products: Mozilla Fire [ more ] [ reply ] [security bulletin] HPSBUX02638 SSRT100339 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass 2011-03-03 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02737002 Version: 1 HPSBUX02638 SSRT100339 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass NOTICE: The information in this Secur [ more ] [ reply ] ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability 2011-03-02 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-097 March 2, 2011 -- CVE ID: CVE-2011-0116 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- T [ more ] [ reply ] CubeCart 2.0.6 SQL injection / Cross Site Scripting 2011-03-02 Root d99y com ########################################################## # Exploit Title: CubeCart 2.0.6 SQL injection / Cross Site Scripting # Google Dork: "Powered by CubeCart 2.0.6" # home : http://www.D99Y.com # Date: 2/3/2011 # Author: NassRawI # Software Link: http://www.cubecart.com # Version: 2.0.6 ##### [ more ] [ reply ] PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting 2011-03-02 Root d99y com ########################################################## # Exploit Title: PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting # home : http://www.D99Y.com # Author: NassRawI # Date: 2/3/2011 # Google Dork: "Powered by: PhotoPost PHP 4.8c" # Software Link: http://www.photopost.com/ # [ more ] [ reply ] Prestashop Cartium 1.3.3 Multiple Cross Site Scripting (XSS) 2011-03-02 Antonio S.M (antonio_s_martino yahoo es) VidiScript (index.php) Cross Site Scripting 2011-03-02 Root d99y com ########################################################## # Exploit Title: VidiScript (index.php) Cross Site Scripting # home : http://www.D99Y.com # Author: NassRawI # Date: 2/3/2011 # Google Dork: "Powered By VidiScript.com" # Software Link: http://www.vidiscript.com/ ########################### [ more ] [ reply ] [USN-1082-1] Pango vulnerabilities 2011-03-02 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1082-1 March 02, 2011 pango1.0 vulnerabilities CVE-2010-0421, CVE-2011-0020, CVE-2011-0064 =========================================================== A security issue affects the following Ubuntu rele [ more ] [ reply ] [USN-1081-1] Linux kernel vulnerabilities 2011-03-02 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1081-1 March 02, 2011 linux vulnerabilities CVE-2010-3698, CVE-2010-3865, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4079, CVE-2010-4083, CVE-2010-4248, CVE-2010-4342, CVE-2010 [ more ] [ reply ] [USN-1080-1] Linux kernel vulnerabilities 2011-03-01 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1080-1 March 01, 2011 linux vulnerabilities CVE-2010-3865, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4248, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4527, CVE-2010 [ more ] [ reply ] DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ] 2011-03-01 ddivulnalert ddifrontline com Title: DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ] Severity: High Date Discovered:10/29/2010 Discovered By: Digital Defense, Inc. Vulnerability Research Team Additional Discovered By: r@b13$ Vulnerability Description: The Alcatel-Luce [ more ] [ reply ] HTB22848: XSS in Mingle Forum wordpress plugin 2011-03-01 advisory htbridge ch Vulnerability ID: HTB22848 Reference: http://www.htbridge.ch/advisory/xss_in_mingle_forum_wordpress_plugin.htm l Product: Mingle Forum wordpress plugin Vendor: Cartpauj ( http://cartpauj.com/ ) Vulnerable Version: 1.0.28 Vendor Notification: 15 February 2011 Vulnerability Type: XSS (Cross Site Scri [ more ] [ reply ] HTB22849: Path disclosure in Mingle Forum wordpress plugin 2011-03-01 advisory htbridge ch Vulnerability ID: HTB22849 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_mingle_forum_wordpres s_plugin.html Product: Mingle Forum wordpress plugin Vendor: Cartpauj ( http://cartpauj.com/ ) Vulnerable Version: 1.0.28 Vendor Notification: 15 February 2011 Vulnerability Type: Path dis [ more ] [ reply ] HTB22858: SQL Injection in WP Forum wordpress plugin 2011-03-01 advisory htbridge ch Vulnerability ID: HTB22858 Reference: http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_wordpress_plug in.html Product: WP Forum wordpress plugin Vendor: Fredrik Fahlstad ( http://www.fahlstad.se/ ) Vulnerable Version: 1.7.8 Vendor Notification: 15 February 2011 Vulnerability Type: SQL Inje [ more ] [ reply ] HTB22859: SQL Injection in WP Forum wordpress plugin 2011-03-01 advisory htbridge ch Vulnerability ID: HTB22859 Reference: http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_wordpress_plug in_1.html Product: WP Forum wordpress plugin Vendor: Fredrik Fahlstad ( http://www.fahlstad.se/ ) Vulnerable Version: 1.7.8 Vendor Notification: 15 February 2011 Vulnerability Type: SQL In [ more ] [ reply ] HTB22860: SQL Injection in WP Forum wordpress plugin 2011-03-01 advisory htbridge ch Vulnerability ID: HTB22860 Reference: http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_wordpress_plug in_2.html Product: WP Forum wordpress plugin Vendor: Fredrik Fahlstad ( http://www.fahlstad.se/ ) Vulnerable Version: 1.7.8 Vendor Notification: 15 February 2011 Vulnerability Type: SQL In [ more ] [ reply ] HTB22861: XSS in Question and Answer Forum wordpress plugin 2011-03-01 advisory htbridge ch Vulnerability ID: HTB22861 Reference: http://www.htbridge.ch/advisory/xss_in_question_and_answer_forum_wordpre ss_plugin.html Product: Question and Answer Forum wordpress plugin Vendor: David Woodford ( hhttp://trevorpythag.co.uk ) Vulnerable Version: 1.2.4 Vendor Notification: 15 February 2011 Vul [ more ] [ reply ] HTB22862: Path disclosure in NextGEN Gallery wordpress plugin 2011-03-01 advisory htbridge ch Vulnerability ID: HTB22862 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_nextgen_gallery_wordp ress_plugin.html Product: NextGEN Gallery wordpress plugin Vendor: Alex Rabe ( http://alexrabe.de/ ) Vulnerable Version: 1.7.3 Vendor Notification: 15 February 2011 Vulnerability Type: Pat [ more ] [ reply ] Re: Re: prestashop vuln: sql injection submitted to bugtraq () securityfocus com 2011-03-01 Antonio S.M (antonio_s_martino yahoo es) The provided exploit works fine in Prestashop Cartium 1.3.3 version. As confirmed by Prestashop, the exploit can not be replicated in Prestashop core without the integration of Cartium module. The vulnerability test has been provided in order to allow the vulnerability verification. [ more ] [ reply ] [USN-1079-1] OpenJDK 6 vulnerabilities 2011-03-01 Steve Beattie (sbeattie ubuntu com) =========================================================== Ubuntu Security Notice USN-1079-1 March 01, 2011 openjdk-6 vulnerabilities CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706 ==================== [ more ] [ reply ] Re: prestashop vuln: sql injection submitted to bugtraq (at) securityfocus (dot) com [email concealed] 2011-03-01 antonio_s_martino yahoo es SnapProof (cart.php) Cross Site Scripting 2011-03-01 difficult-511 hotmail com ########################################################## # Exploit Title: SnapProof (cart.php) Cross Site Scripting # Google Dork: inurl:"Created and powered by SnapProof" # home : www.D99Y.com # Date: 1/3/2011 # Author: Difficult 511 # Software Link: http://www.snapproof.com/ ################## [ more ] [ reply ] [security bulletin] HPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS) 2011-03-01 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02729756 Version: 1 HPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. [ more ] [ reply ] |
|
Privacy Statement |
Ubuntu Security Notice USN-1083-1 March 03, 2011
linux-lts-backport-maverick vulnerabilities
CVE-2009-4895, CVE-2010-0435, CVE-2010-2066, CVE-2010-2226,
CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521,
CVE-2010-2524, C
[ more ] [ reply ]