|
|
Prev week |
Colapse all |
Post message
Path disclosure in Habari 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22732 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_habari.html Product: Habari Vendor: Habari ( http://habariproject.org/en/ ) Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure Status: Fixed by Vendor Risk leve [ more ] [ reply ] Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability 2010-12-20 Secunia Research (remove-vuln secunia com) SQL Injection in HTML-EDIT CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22734 Reference: http://www.htbridge.ch/advisory/sql_injection_in_html_edit_cms.html Product: HTML-EDIT CMS Vendor: html-edit web services ( http://www.html-edit.org/ ) Vulnerable Version: 3.1.8 Vendor Notification: 02 December 2010 Vulnerability Type: SQL Injection Status: Fi [ more ] [ reply ] nSense-2010-005: Winamp 2010-12-21 Henri Lindberg henri+lists (at) nsense (dot) fi [email concealed] (henri+lists nsense fi) Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows 2010-12-20 Secunia Research (remove-vuln secunia com) XSS vulnerability in Habari 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22731 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.html Product: Habari Vendor: Habari ( http://habariproject.org/en/ ) Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Fixed by Ven [ more ] [ reply ] Path disclosure in GetSimple CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22730 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_getsimple_cms.html Product: GetSimple CMS Vendor: http://get-simple.info/ ( http://get-simple.info/ ) Vulnerable Version: 2.03 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure Status: [ more ] [ reply ] SQL injection in Injader CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22742 Reference: http://www.htbridge.ch/advisory/sql_injection_in_injader_cms.html Product: Injader CMS Vendor: http://www.injader.com/ ( http://www.injader.com/ ) Vulnerable Version: 2.4.4 Vendor Notification: 07 December 2010 Vulnerability Type: SQL Injection Status: Not Fix [ more ] [ reply ] SQL injection in Hycus CMS 2010-12-21 advisory htbridge ch Vulnerability ID: HTB22739 Reference: http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_1.html Product: Hycus CMS Vendor: Hycus Web Development Team ( http://www.hycus.com/ ) Vulnerable Version: 1.0.3 Vendor Notification: 07 December 2010 Vulnerability Type: SQL Injection Status: Not Fixe [ more ] [ reply ] nSense-2010-004: Sybase Afaria 2010-12-21 Henri Lindberg henri+lists (at) nsense (dot) fi [email concealed] (henri+lists nsense fi) Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow 2010-12-20 Secunia Research (remove-vuln secunia com) Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability 2010-12-20 Secunia Research (remove-vuln secunia com) Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability 2010-12-20 Secunia Research (remove-vuln secunia com) Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow 2010-12-20 Secunia Research (remove-vuln secunia com) Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004 2010-12-20 Sense of Security (lists senseofsecurity com au) Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability 2010-12-20 Secunia Research (remove-vuln secunia com) Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability 2010-12-20 Secunia Research (remove-vuln secunia com) www.eVuln.com : "postid" SQL Injection in Social Share 2010-12-20 bt evuln com www.eVuln.com advisory: "postid" SQL Injection in Social Share Summary: http://evuln.com/vulns/166/summary.html Details: http://evuln.com/vulns/166/description.html -----------Summary----------- eVuln ID: EV0166 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: medium Type: S [ more ] [ reply ] Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability 2010-12-20 Secunia Research (remove-vuln secunia com) MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability 2010-12-20 YGN Ethical Hacker Group (lists yehg net) ============================================ MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability ============================================ 1. OVERVIEW MyBB was vulnerable to Cross Site Scripting Vulnerability. 2. APPLICATION DESCRIPTION MyBB is a free bulletin board system software packag [ more ] [ reply ] [SECURITY] [DSA 2134-1] Upcoming changes in advisory format 2010-12-18 Moritz Muehlenhoff (jmm debian org) Default SSL Keys in Multiple Routers 2010-12-19 cheffner devttys0 com Many routers that provide an HTTPS administrative interface use default or hard-coded SSL keys that can be recovered by extracting the file system from the device's firmware. The LittleBlackBox project contains a database of over 2,000 (and growing) private SSL keys that are correlated with their r [ more ] [ reply ] OpenBSD CARP Hash Vulnerability 2010-12-18 Sam Banks (wolfie ontogeny ac nz) Hello Bugtraq, I disclosed this bug to the BSDs and no one is interested in fixing it so here you go. The two files attached are as follows: * scapy-carp.patch - A patch against the latest Scapy (currently 2.1.0) so it understands the CARP protocol. The PoC won't work without the patch * carp-poc. [ more ] [ reply ] Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277 2010-12-17 Rodrigo Branco (rbranco checkpoint com) Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Embedded Video WordPress Plugin Cross Site Scripting Vulnerability [ more ] [ reply ] Apple Quicktime Memory Corruption - CVE-2010-3801 2010-12-17 Rodrigo Branco (rbranco checkpoint com) Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Apple Quicktime Memory Corruption when parsing FPX files CVE-2010-38 [ more ] [ reply ] Making Security Suck Less 2010-12-16 Pete Herzog (lists isecom org) Hi, "Now not everything about the old security model is bad. Personally, I really like the Zen feel of it. It's like raking the fine, white, beach sand into those concentric lines and around rocks and dead fish and stuff. It's very Zen. Then as the tide rises, the wind blows, and Frisbees get b [ more ] [ reply ] Re: XSS vulnerability in Expression CMS 2010-12-17 security curmudgeon (jericho attrition org) : Vulnerability ID: HTB22618 : Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_expression_cms_1.ht ml : Product: Expression : Vendor: Backbone Technology ( http://www.backbonetechnology.com ) : Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions How do you know y [ more ] [ reply ] Re: XSS vulnerability in Lantern CMS 2010-12-17 security curmudgeon (jericho attrition org) : Vulnerability ID: HTB22620 : Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lantern_cms.html : Product: Lantern CMS : Vendor: Lantern ( http://www.lanterncms.com/www/html/7-home-page.asp ) : Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions From the vendor p [ more ] [ reply ] |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.html
Product: Habari
Vendor: Habari ( http://habariproject.org/en/ )
Vulnerable Version: 0.6.5
Vendor Notification: 02 December 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by V
[ more ] [ reply ]