SecurityFocus

ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-050

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for

[ more ] [ reply ]

ZDI-11-049: IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-049: IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-049

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigation

[ more ] [ reply ]

HTB22819: XSS vulnerability in WebAsyst Shop-Script 2011-02-08
advisory htbridge ch

Vulnerability ID: HTB22819
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webasyst_shop_scrip
t_1.html
Product: WebAsyst Shop-Script
Vendor: WebAsyst, LLC ( http://www.shop-script.ru/ )
Vulnerable Version: Current version 2011.01.23 (shop-script.ru/demo/)
Vendor Notification: 25 Jan

[ more ] [ reply ]

ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-048

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigatio

[ more ] [ reply ]

ZDI-11-047: IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-047: IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-047

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for this vuln

[ more ] [ reply ]

ZDI-11-046: IBM Lotus Domino Calendar Request Attachment Name Parsing Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-046: IBM Lotus Domino Calendar Request Attachment Name Parsing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-046

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mi

[ more ] [ reply ]

HTB22814: XSS vulnerability in ViArt Shop 2011-02-08
advisory htbridge ch

Vulnerability ID: HTB22814
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_viart_shop.html
Product: ViArt Shop
Vendor: Viart Software ( http://www.viart.com/ )
Vulnerable Version: Enterprise v.4.0.5
Vendor Notification: 25 January 2011
Vulnerability Type: XSS (Cross Site Scripting)

[ more ] [ reply ]

ZDI-11-041: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-041: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-041

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations

[ more ] [ reply ]

HTB22815: XSS vulnerability in ViArt Shop 2011-02-08
advisory htbridge ch

Vulnerability ID: HTB22815
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_viart_shop_1.html
Product: ViArt Shop
Vendor: Viart Software ( http://www.viart.com/ )
Vulnerable Version: Enterprise v.4.0.5
Vendor Notification: 25 January 2011
Vulnerability Type: Stored XSS (Cross Site S

[ more ] [ reply ]

HTB22816: XSS vulnerability in ViArt Shop 2011-02-08
advisory htbridge ch

Vulnerability ID: HTB22816
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_viart_shop_2.html
Product: ViArt Shop
Vendor: Viart Software ( http://www.viart.com/ )
Vulnerable Version: Enterprise v.4.0.5
Vendor Notification: 25 January 2011
Vulnerability Type: Stored XSS (Cross Site S

[ more ] [ reply ]

Re: Microsoft Terminal Services vulnerable to MITM-attacks. 2011-02-08
sam vaughey gmail com

Does this issue still exist ?

[ more ] [ reply ]

HTB22811: XSS vulnerability in UMI.CMS 2011-02-08
advisory htbridge ch

Vulnerability ID: HTB22811
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_umi_cms.html
Product: UMI.CMS
Vendor: umisoft ( http://www.umi-cms.ru/ )
Vulnerable Version: 2.8.1.2
Vendor Notification: 25 January 2011
Vulnerability Type: Stored XSS (Cross Site Scripting)
Risk level: Low

[ more ] [ reply ]

[USN-1059-1] Dovecot vulnerabilities 2011-02-07
Marc Deslauriers (marc deslauriers canonical com)

===========================================================
Ubuntu Security Notice USN-1059-1 February 07, 2011
dovecot vulnerabilities
CVE-2010-3304, CVE-2010-3706, CVE-2010-3707, CVE-2010-3779,
CVE-2010-3780
===========================================================

A security issue affe

[ more ] [ reply ]

HTB22812: XSRF (CSRF) in UMI.CMS 2011-02-08
advisory htbridge ch

Vulnerability ID: HTB22812
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_umi_cms.html
Product: UMI.CMS
Vendor: umisoft ( http://www.umi-cms.ru/ )
Vulnerable Version: 2.8.1.2
Vendor Notification: 25 January 2011
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Risk level: Low
Credit

[ more ] [ reply ]

ZDI-11-040: Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-040: Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-040

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations

[ more ] [ reply ]

ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-044

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for thi

[ more ] [ reply ]

ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-045

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

[ more ] [ reply ]

ZDI-11-043: Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability 2011-02-07
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-043: Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-043

February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for th

[ more ] [ reply ]

Re: Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure 2011-02-07
info dokeos com

Dokeos 1.8.6.2 fixes these 2 security holes. Dokeos 1.8.6.2 has been released one day after we got informed about this security release.

Download @sourceforge http://bit.ly/dYOvDc

[ more ] [ reply ]

R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities 2011-02-07
HD Moore (HD_Moore rapid7 com)

R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities
February 7, 2011

-- Vulnerability Details:

The Accellion File Transfer Appliance, prior to version FTA_8_0_562, suffers from a number of security flaws that can lead to a remote root compromise.

1. Message Routing Daemon Defaul

[ more ] [ reply ]

R7-0038: Check Point Endpoint Security Server Information Disclosure 2011-02-07
HD Moore (HD_Moore rapid7 com)

R7-0038: Check Point Endpoint Security Server Information Disclosure
February 7, 2011

-- Vulnerability Details:

The Check Point Endpoint Security Server and Integrity Server products inadvertently expose a number of private directories through the web interface. These directories include the SSL p

[ more ] [ reply ]

[SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability 2011-02-05
Mark Thomas (markt apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2011-0534 Apache Tomcat DoS vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.6
- - Tomcat 6.0.0 to 6.0.30

Description:
Tomcat did not enforce the maxHttpHeaderSize limit while pa

[ more ] [ reply ]

[SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat 2011-02-05
Mark Thomas (markt apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The original report is [1].

Tomcat is affected when accessing a form based security constrained
page or any page that calls javax.servlet.ServletRequest.getLocale() or
javax.servlet.ServletRequest.getLocales().

Work-arounds have been implemented in t

[ more ] [ reply ]

[ MDVSA-2011:021 ] postgresql 2011-02-07
security mandriva com

[SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions 2011-02-05
Mark Thomas (markt apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.3
- - Tomcat 6.0.0 to 6.0.?
- - Tomcat 5.5.0 to 5.5.?
- - Earlier, unsupporte

[ more ] [ reply ]

Troopers11 - Security Conference in Germany 2011-02-07
mozilla sun ids-guide de

We want to announce TROOPERS11, Europe's premium IT Security event. The conference features international top guys/girls, spends a lot of attention to ensure the best experience for every participant and saves a lot on lame marketing presentations, shabby conference sites and overall profit oriented

[ more ] [ reply ]

[SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability 2011-02-05
Mark Thomas (markt apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2011-0013 Apache Tomcat Manager XSS vulnerability

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.5
- - Tomcat 6.0.0 to 6.0.29
- - Tomcat 5.5.0 to 5.5.31
- - Earlier, unsupported versions may also b

[ more ] [ reply ]

Re: TinyWebGallery: XSS + Directory Traversal 2011-02-07
tinywebgallery mdempfle de

This is already fixed in TWG 1.8.4.

And this can only be used if you have already a login to the system!

- Michael

[ more ] [ reply ]

[SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions 2011-02-05
Mark Thomas (markt apache org)

CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.3
- Tomcat 6.0.0 to 6.0.?
- Tomcat 5.5.0 to 5.5.?
- Earlier, unsupported versions may also be affected

Description:
When runn

[ more ] [ reply ]

Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure 2011-02-05
beford (xbefordx gmail com)

Affected products
=================
Dokeos 1.8.6.1 / 2.0
Chamilo 1.8.7.1

Resume
======
Two file disclosure flaws exists on these LMS platforms, which could
allow an attacker registered on the system to obtain files from the
server, i.e your database configuration file, or any other file
readeable

[ more ] [ reply ]