|
|
Prev week |
Colapse all |
Post message
NewvCommon.ocx ActiveX Insecure Method Vulnerability 2011-01-10 wsn1983 gmail com NewvCommon.ocx ActiveX Insecure Method Vulnerability ======== Vulnerable:All Version Vendor:www.newv.com.cn Details: ======== A Insecure method vulnerability has been found in NewV SmartClient. The specific flaw exists within the DelFile method of the Newv ActiveX control (NewvCommon.ocx [ more ] [ reply ] NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute 2011-01-10 yuguo cn gmail com Vendor: NewV ( http:// www.newv.com.cn/ ) Product: NewV smartclient (http://demo.newv.com.cn/lds/module/smartclientsetting.exe) Vulnerable Version: 1.0.0.18 Status: Not Fixed, Vendor Alerted Risk level: High Credit: Yu Guo(yuguo.cn#gmail.com) Description: An input validation issue exists in the [ more ] [ reply ] www.eVuln.com : "fold" and "site" SQL Injections in WikLink 2011-01-10 bt evuln com www.eVuln.com advisory: "fold" and "site" SQL Injections in WikLink Summary: http://evuln.com/vulns/172/summary.html Details: http://evuln.com/vulns/172/description.html -----------Summary----------- eVuln ID: EV0172 Software: WikLink Vendor: n/a Version: 0.1.3 Critical Level: medium T [ more ] [ reply ] NewvCommon.ocx ActiveX Remote Code Execution Vulnerability 2011-01-10 wsn1983 gmail com NewvCommon.ocx ActiveX Remote Code Execution Vulnerability ======== Vulnerable:All Version Vendor:www.newv.com.cn Details: ======== A remote buffer overflow vulnerability has been found in NewV SmartClient. The specific flaw exists within the WriteTextFile method of the Newv ActiveX contro [ more ] [ reply ] Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service 2011-01-09 Digit Security Research (research digit-security com) Web Hacking & Database Hijack Online Challenge 2011-01-06 Ivan Buetler (ivan buetler csnc ch) Hi bugtraq list, Do you feel like a free online wargame? Advanced challenge with two steps to the gold nugget. First, hack a web app and then use the gathered information to hijack the database. Test your skills! Try out the January CarGame challenge now. http://www.hacking-lab.com/sh/z0EnyQV E [ more ] [ reply ] call for participation 2011-01-07 chpardhasaradhisarma gmail com nullcon Diwitiya (Second Edition), 25th-26th Feb Goa -------------------- Early Bird Registration started Limited seats available nullcon,The International Security Conference is an initiative by null ? The open security community, a registered non-profit society in India. null is by far the large [ more ] [ reply ] McAfee Commandline Updater 2011-01-07 Technion (technion lolware net) Product Affected Updater for McAfee Virusscan Command Line 6.0 This product is available attached to this document: https://kc.mcafee.com/corporate/index?page=content&id=KB67513 As far as can be determined, there has only ever been one version of this application. Background It is stated by McAfe [ more ] [ reply ] CUDA drivers/Linux security hole 2011-01-07 gran classic chem msu su Hello, We have recently found serious security breach in CUDA Linux drivers: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9e a936bHW-7675-1380-00.htm http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9e a936bHW-7676-1022+00.htm In brief, driver maps pin [ more ] [ reply ] Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability 2011-01-07 YGN Ethical Hacker Group (lists yehg net) Joomla! Security Team has confirmed that this issue will not be fixed. >> While noted, your exploit report does not fall within the JSST remit as >> we no longer support J1.0.x branch (as you are aware and indicate). >> The vulnerability mentioned is not known to exist in any current supported rel [ more ] [ reply ] [USN-1040-1] Django vulnerabilities 2011-01-07 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1040-1 January 07, 2011 python-django vulnerabilities CVE-2010-4534, CVE-2010-4535 =========================================================== A security issue affects the following Ubuntu releases: Ubu [ more ] [ reply ] [USN-1039-1] AppArmor update 2011-01-07 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1039-1 January 07, 2011 apparmor update https://launchpad.net/bugs/693082 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 [ more ] [ reply ] [USN-1037-1] ifupdown update 2011-01-07 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1037-1 January 06, 2011 ifupdown update https://launchpad.net/bugs/689892 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.04 [ more ] [ reply ] [USN-1038-1] dpkg vulnerability 2011-01-06 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1038-1 January 06, 2011 dpkg vulnerability CVE-2010-1679 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS [ more ] [ reply ] [SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal 2011-01-06 Raphael Geissert (geissert debian org) XSS vulnerability in PHP MicroCMS 2011-01-06 advisory htbridge ch Vulnerability ID: HTB22764 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_php_microcms.html Product: PHP MicroCMS Vendor: ApPHP ( http://www.apphp.com/ ) Vulnerable Version: 1.0.1 and probably prior versions Vendor Notification: 21 December 2010 Vulnerability Type: XSS (Cross Site [ more ] [ reply ] SQL Injection in phpMySport 2011-01-06 advisory htbridge ch Vulnerability ID: HTB22771 Reference: http://www.htbridge.ch/advisory/sql_injection_in_phpmysport_1.html Product: phpMySport Vendor: phpMySport ( http://phpmysport.sourceforge.net/ ) Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, [ more ] [ reply ] SQL Injection in phpMySport 2011-01-06 advisory htbridge ch Vulnerability ID: HTB22772 Reference: http://www.htbridge.ch/advisory/sql_injection_in_phpmysport_2.html Product: phpMySport Vendor: phpMySport ( http://phpmysport.sourceforge.net/ ) Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, [ more ] [ reply ] XSS vulnerability in WonderCMS 2011-01-06 advisory htbridge ch Vulnerability ID: HTB22759 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_wondercms.html Product: WonderCMS Vendor: Robert Isoski ( http://krneky.com/en/wondercms ) Vulnerable Version: 0.3.3 and probably prior versions Vendor Notification: 21 December 2010 Vulnerability Type: XSS [ more ] [ reply ] XSRF (CSRF) in PHP MicroCMS 2011-01-06 advisory htbridge ch Vulnerability ID: HTB22765 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_php_microcms.html Product: PHP MicroCMS Vendor: ApPHP ( http://www.apphp.com/ ) Vulnerable Version: 1.0.1 and probably prior versions Vendor Notification: 21 December 2010 Vulnerability Type: CSRF (Cross-Site Reques [ more ] [ reply ] SQL Injection in Phenotype CMS 2011-01-06 advisory htbridge ch Vulnerability ID: HTB22769 Reference: http://www.htbridge.ch/advisory/sql_injection_in_phenotype_cms.html Product: Phenotype CMS Vendor: http://www.phenotype-cms.com ( http://www.phenotype-cms.com ) Vulnerable Version: 3.0 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Sta [ more ] [ reply ] SQL Injection in phpMySport 2011-01-06 advisory htbridge ch Vulnerability ID: HTB22770 Reference: http://www.htbridge.ch/advisory/sql_injection_in_phpmysport.html Product: phpMySport Vendor: phpMySport ( http://phpmysport.sourceforge.net/ ) Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Ve [ more ] [ reply ] Path disclousure in phpMySport 2011-01-06 advisory htbridge ch Vulnerability ID: HTB22773 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_phpmysport.html Product: phpMySport Vendor: phpMySport ( http://phpmysport.sourceforge.net/ ) Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: Path disclosure Status: Not Fixe [ more ] [ reply ] Authentication bypass in phpMySport 2011-01-06 advisory htbridge ch Vulnerability ID: HTB22774 Reference: http://www.htbridge.ch/advisory/authentication_bypass_in_phpmysport.html Product: phpMySport Vendor: phpMySport ( http://phpmysport.sourceforge.net/ ) Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: Authentication bypass Statu [ more ] [ reply ] [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option 2011-01-05 Stefan Fritsch (sf debian org) |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_energine.
html
Product: Energine
Vendor: Energine ( http://www.memht.com/ )
Vulnerable Version: 2.3.8 and probably prior versions
Vendor Notification: 28 December 2010
Vulnerability Type: SQL Inject
[ more ] [ reply ]