|
|
Prev week |
Colapse all |
Post message
[USN-1053-1] Subversion vulnerabilities 2011-02-01 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1053-1 February 01, 2011 subversion vulnerabilities CVE-2007-2448, CVE-2010-3315, CVE-2010-4539, CVE-2010-4644 =========================================================== A security issue affects the foll [ more ] [ reply ] [security bulletin] HPSBMA02627 SSRT090246 rev.1 - HP OpenView Performance Insight Server, Remote Execution of Arbitrary Code 2011-02-01 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02695453 Version: 1 HPSBMA02627 SSRT090246 rev.1 - HP OpenView Performance Insight Server, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted up [ more ] [ reply ] Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability 2011-02-01 YGN Ethical Hacker Group (lists yehg net) ==================================================== Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability ==================================================== 1. OVERVIEW The Zikula 1.2.4 and lower versions were vulnerable to Cross Site Request Forgery (CSRF). 2. BACKGROUND Ziku [ more ] [ reply ] HTB22803: Path disclosure in Razor CMS 2011-02-01 advisory htbridge ch Vulnerability ID: HTB22803 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_razor_cms.html Product: Razor CMS Vendor: http://www.razorcms.co.uk ( http://www.razorcms.co.uk ) Vulnerable Version: 1.1 Vendor Notification: 18 January 2011 Vulnerability Type: Path disclosure Status: Awaiti [ more ] [ reply ] [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities 2011-01-31 CORE Security Technologies Advisories (advisories coresecurity com) ZDI-11-035: IBM DB2 db2dasrrm validateUser Remote Code Execution Vulnerability 2011-01-31 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-035: IBM DB2 db2dasrrm validateUser Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-035 January 31, 2011 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: IBM -- Affected Products: IBM DB2 Universal Database -- Vulnerability Details: Th [ more ] [ reply ] ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability 2011-01-31 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-034 January 31, 2011 -- CVE ID: CVE-2011-0276 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Products: [ more ] [ reply ] [HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb 2011-01-31 Hafez Kamal (aphesz hackinthebox org) Happy 2011 everyone! Just a reminder that the Call for Papers for the second annual HITBSecConf in Europe is closing on the 18TH OF FEBRUARY! We've received some awesome submissions so far and the event is really shaping up nicely. The event will once again take place at the NH Grand Krasnapolsky i [ more ] [ reply ] VirtueMart eCommerce for Joomla <= 1.1.6 Blind SQL Injection 2011-01-31 Andrea Fabrizi (andrea fabrizi gmail com) ************************************************************** Application: VirtueMart Version affected: <= 1.1.6 Website: http://www.virtuemart.net/ Discovered By: Andrea Fabrizi Email: andrea.fabrizi (at) gmail (dot) com [email concealed] Web: http://www.andreafabrizi.it Vuln: Blind SQL Injection ***************************** [ more ] [ reply ] CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue 2011-01-28 Jan Lehnardt (jan apache org) CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache CouchDB 0.8.0 to 1.0.1 Description: Apache CouchDB versions prior to version 1.0.2 are vulnerable to cross site scripting (XSS) attacks. Mitigation: All [ more ] [ reply ] TELUS Security Labs VR - Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow 2011-01-28 noreply telus com Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow TSL ID: FSC20110125-06 1. Affected Software Novell ZENworks Handheld Management 7.0 Reference: http://www.novell.com/products/zenworks/handhelds 2. Vulnerability Summary A buffer overflow vulnerability exists in Novell ZENwor [ more ] [ reply ] TELUS Security Labs VR - Symantec Antivirus Intel Alert HandlerService Denial of Service 2011-01-28 noreply telus com Symantec Antivirus Intel Alert Handler Service Denial of Service TSL ID: FSC20101213-06 1. Affected Software Symantec Antivirus Corporate Edition 10.1.8.8000 and possibly prior Symantec System Center 10.1.8.8000 and possibly prior Reference: http://www.symantec.com/business/antivirus-c [ more ] [ reply ] TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution 2011-01-28 noreply telus com Symantec Alert Management System HNDLRSVC Arbitrary Command Execution TSL ID: FSC20100727-01 1. Affected Software Symantec Antivirus Corporate Edition 10.1.8.8000 and possibly prior Symantec System Center 10.1.8.8000 and possibly prior Reference: http://www.symantec.com/business/antivi [ more ] [ reply ] FreeBSD local denial of service - forced reboot 2011-01-28 HI-TECH . (isowarez isowarez isowarez googlemail com) # Exploit Title: FreeBSD local denial of service - forced reboot # Date: 28. January 2011 # Author: Kingcope # Software Link: http://www.freebsd.org # Operating System: FreeBSD # Tested on: 8.0-RELEASE This source code when compiled and executed will reboot at least FreeBSD 8.0-RELEASE because of a [ more ] [ reply ] CA20101231-01: Security Notice for CA ARCserve D2D (updated) 2011-01-27 Williams, James K (James Williams ca com) CA20101231-01: Security Notice for CA ARCserve D2D Issued: December 31, 2010 Last Updated: January 26, 2011 CA Technologies support is alerting customers to a security risk with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an [ more ] [ reply ] HTB22793: XSRF (CSRF) in KaiBB 2011-01-27 advisory htbridge ch Vulnerability ID: HTB22793 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_kaibb.html Product: KaiBB Vendor: Mi-Dia ( http://www.kaibb.co.uk/ ) Vulnerable Version: 1.0.2 and probably prior versions Vendor Notification: 13 January 2011 Vulnerability Type: CSRF (Cross-Site Request Forgery) S [ more ] [ reply ] HTB22796: Path disclousure in DBHcms 2011-01-27 advisory htbridge ch Vulnerability ID: HTB22796 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_dbhcms.html Product: DBHcms Vendor: Kai-Sven Bunk ( http://www.drbenhur.com/ ) Vulnerable Version: Vendor Notification: 13 January 2011 Vulnerability Type: Path disclosure Status: Awaiting Vendor Response Ri [ more ] [ reply ] HTB22797: Path disclousure in BLOG:CMS 2011-01-27 advisory htbridge ch Vulnerability ID: HTB22797 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_blogcms.html Product: BLOG:CMS Vendor: Radek Hulán ( http://blogcms.com/ ) Vulnerable Version: 4.2.1.f and probably prior versions Vendor Notification: 13 January 2011 Vulnerability Type: Path disclousure St [ more ] [ reply ] Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212) 2011-01-27 StenoPlasma @ www.ExploitDevelopment.com (exploitdevelopmentdotcom gmail com) ------------------------------------------------------------------------ ------------- www.ExploitDevelopment.com 2010-WEB-002 (CERT VU#870532) (Security Focus BID 45985) ------------------------------------------------------------------------ ------------- TITLE: Lomtec ActiveWeb Professional 3.0 CM [ more ] [ reply ] [SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities 2011-01-26 joey infodrom org (Martin Schulze) OpenOffice.org Multiple Memory Corruption Vulnerabilities 2011-01-26 VSR Advisories (advisories vsecurity com) Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities 2011-01-26 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities Advisory ID: cisco-sa-20110126-csg2 http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml Revision 1.0 For Public Release 2011 January 26 1600 UTC (GMT) +-------- [ more ] [ reply ] |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_pluck_cms_1.html
Product: Pluck
Vendor: Pluck CMS ( http://www.pluck-cms.org )
Vulnerable Version: 4.6.4
Vendor Notification: 18 January 2011
Vulnerability Type: Path disclosure
Risk level: Low
Credit: High-T
[ more ] [ reply ]