|
|
Prev week |
Colapse all |
Post message
Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability 2010-12-23 Secunia Research (remove-vuln secunia com) Multiple Vulnerabilities in OpenClassifieds 1.7.0.3 2010-12-27 mike sitewat ch I understand that this is a vain hope that bugtraq will start posting something useful. Author:Michael Brooks (Rook)<br> Application:OpenClassifieds 1.7.0.3<br> download: http://open-classifieds.com/download/<br> Exploit chain:captcha bypass->sqli(insert)->persistant xss on front page<br> If regis [ more ] [ reply ] Re: [IMF 2011] 2nd Call - Deadline Extended - Addenunm 2010-12-24 Oliver Goebel (goebel cert uni-stuttgart de) Addenum: Merry Christmas to everyone! Ollie -- Oliver Goebel mailto:Goebel (at) CERT.Uni-Stuttgart (dot) DE [email concealed] Stabsstelle DV-Sicherheit (RUS-CERT) Tel:+49 711 685 1 CERT Universitaet Stuttgart Tel:+49 711 685 8-3678 / Fax:-3688 Breitscheidstr. 2, 70174 Stuttgart http:// [ more ] [ reply ] [security bulletin] HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code 2010-12-23 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02660122 Version: 2 HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as [ more ] [ reply ] Sigma Portal Denial of Service Vulnerability 2010-12-23 info securitylab ir ################################################################# # Securitylab.ir ################################################################# # Application Info: # Name: Sigma Portal # Vendor: http://www.sigma.ir ################################################################# # Vulnerabi [ more ] [ reply ] www.eVuln.com : HTTP Response Splitting in Social Share 2010-12-22 bt evuln com www.eVuln.com advisory: HTTP Response Splitting in Social Share Summary: http://evuln.com/vulns/168/summary.html Details: http://evuln.com/vulns/168/description.html -----------Summary----------- eVuln ID: EV0168 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Type: HTT [ more ] [ reply ] [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities 2010-12-21 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA-2136-1] New tor packages fix potential code execution 2010-12-22 Raphael Geissert (geissert debian org) VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw 2010-12-21 VMware Security Team (security vmware com) http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04 2010-12-21 research (research procheckup com) http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04 PR10-04 Directory traversal limited to file validation within Viva thumbs WordPress add-on Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Thursday, 4 February 2010 Vendor informed: Monday, 8 Februa [ more ] [ reply ] VSR Advisories: Citrix Access Gateway Command Injection Vulnerability 2010-12-21 VSR Advisories (advisories vsecurity com) Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows 2010-12-20 Secunia Research (remove-vuln secunia com) SQL injection in Hycus CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22738 Reference: http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms.html Product: Hycus CMS Vendor: Hycus Web Development Team ( http://www.hycus.com/ ) Vulnerable Version: 1.0.3 Vendor Notification: 07 December 2010 Vulnerability Type: SQL injection Status: Not Fixed, [ more ] [ reply ] Re: OpenBSD CARP Hash Vulnerability 2010-12-20 Jeffrey Walton (noloader gmail com) On Fri, Dec 17, 2010 at 10:08 PM, Sam Banks <wolfie (at) ontogeny.ac (dot) nz [email concealed]> wrote: > Hello Bugtraq, > > I disclosed this bug to the BSDs and no one is interested in fixing it > so here you go. The two files attached are as follows: > > [SNIP] > > The OpenBSD CARP implementation (and all derivatives, such as [ more ] [ reply ] XSS vulnerability in Injader CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22744 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_injader_cms.html Product: Injader CMS Vendor: http://www.injader.com/ ( http://www.injader.com/ ) Vulnerable Version: 2.4.4 Vendor Notification: 07 December 2010 Vulnerability Type: XSS (Cross Site Scripting [ more ] [ reply ] SQL injection in Injader CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22743 Reference: http://www.htbridge.ch/advisory/sql_injection_in_injader_cms_1.html Product: Injader CMS Vendor: http://www.injader.com/ ( http://www.injader.com/ ) Vulnerable Version: 2.4.4 Vendor Notification: 07 December 2010 Vulnerability Type: SQL Injection Status: Not F [ more ] [ reply ] SQL injection in Hycus CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22741 Reference: http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_3.html Product: Hycus CMS Vendor: Hycus Web Development Team ( http://www.hycus.com/ ) Vulnerable Version: 1.0.3 Vendor Notification: 07 December 2010 Vulnerability Type: SQL Injection Status: Not Fixe [ more ] [ reply ] PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel Audio and Web Conferencing) 2010-12-21 research (research procheckup com) http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-14 PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel Audio and Web Conferencing) Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Wednesday, 21 July 2010 Vendor informed: Monday, 26 Jul [ more ] [ reply ] LFI in Hycus CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22737 Reference: http://www.htbridge.ch/advisory/lfi_in_hycus_cms.html Product: Hycus CMS Vendor: Hycus Web Development Team ( http://www.hycus.com/ ) Vulnerable Version: 1.0.3 Vendor Notification: 07 December 2010 Vulnerability Type: LFI Status: Not Fixed, Vendor Alerted, Awa [ more ] [ reply ] [waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34 2010-12-20 come2waraxe yahoo com [waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 20. December 2010 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-77.html Affected Software: ~~ [ more ] [ reply ] [security bulletin] HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code 2010-12-21 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02660122 Version: 1 HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as [ more ] [ reply ] SQL injection in Hycus CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22740 Reference: http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_2.html Product: Hycus CMS Vendor: Hycus Web Development Team ( http://www.hycus.com/ ) Vulnerable Version: 1.0.3 Vendor Notification: 07 December 2010 Vulnerability Type: SQL Injection Status: Not Fixe [ more ] [ reply ] www.eVuln.com : Authentication Bypass by SQL Injection in Social Share 2010-12-21 bt evuln com www.eVuln.com advisory: Authentication Bypass by SQL Injection in Social Share Summary: http://evuln.com/vulns/167/summary.html Details: http://evuln.com/vulns/167/description.html -----------Summary----------- eVuln ID: EV0167 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level [ more ] [ reply ] XSS vulnerability in ImpressCMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22766 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_impresscms.html Product: ImpressCMS Vendor: The ImpressCMS Project ( http://www.impresscms.org ) Vulnerable Version: 1.2.3 Final and probably prior versions Vendor Notification: Vulnerability Type: XSS (Cros [ more ] [ reply ] Path disclosure in HTML-EDIT CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22736 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_html_edit_cms.html Product: HTML-EDIT CMS Vendor: html-edit web services ( http://www.html-edit.org/ ) Vulnerable Version: 3.1.8 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure Status [ more ] [ reply ] XSS vulnerability in Injader CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22745 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_injader_cms_1.html Product: Injader CMS Vendor: http://www.injader.com/ ( http://www.injader.com/ ) Vulnerable Version: 2.4.4 Vendor Notification: 07 December 2010 Vulnerability Type: XSS (Cross Site Scripti [ more ] [ reply ] XSS in HTML-EDIT CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22735 Reference: http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html Product: HTML-EDIT CMS Vendor: html-edit web services ( http://www.html-edit.org/ ) Vulnerable Version: 3.1.8 Vendor Notification: 02 December 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: [ more ] [ reply ] |
|
Privacy Statement |
Secunia Research 23/12/2010
- Microsoft Word LFO Parsing Double-Free Vulnerability -
======================================================================
Table of Contents
Affected Software...
[ more ] [ reply ]