SecurityFocus

www.eVuln.com : "link" and "linkdescription" XSS in Social Share 2010-12-17
bt evuln com

www.eVuln.com advisory:

"link" and "linkdescription" XSS in Social Share

Summary: http://evuln.com/vulns/165/summary.html

Details: http://evuln.com/vulns/165/description.html

-----------Summary-----------

eVuln ID: EV0165

Software: Social Share

Vendor: n/a

Version: 2010-06-05

Critical L

[ more ] [ reply ]

Re: D-Link DIR-300 authentication bypass 2010-12-16
Narendra Choyal (narendrachoyal gmail com)

Hi

Dlink confirmed my bug in DIR-320 and DIR-600. Links for relevant
patched firmware:

ftp://ftp.dlink.pl/dir/dir-320/driver_software/DIR-320_fw_revA_1-21B03_a
ll_en_20101213.zip

ftp://ftp.dlink.pl/dir/dir-600/driver_software/DIR-600_fw_revB_2-05B01_a
ll_en_20101213.zip

[ more ] [ reply ]

www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share 2010-12-17
bt evuln com

www.eVuln.com advisory:

"title" and "ur"l - Non-persistent XSS in Social Share

Summary: http://evuln.com/vulns/164/summary.html

Details: http://evuln.com/vulns/164/description.html

-----------Summary-----------

eVuln ID: EV0164

Software: Social Share

Vendor: n/a

Version: 2010-06-05

Crit

[ more ] [ reply ]

[ GLSA 201012-01 ] Chromium: Multiple vulnerabilities 2010-12-17
Tobias Heinlein (keytoaster gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201012-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ MDVSA-2010:257 ] kernel 2010-12-17
security mandriva com

[USN-1033-1] Eucalyptus vulnerability 2010-12-16
Kees Cook (kees ubuntu com)

===========================================================
Ubuntu Security Notice USN-1033-1 December 16, 2010
eucalyptus vulnerability
CVE-2010-3905
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advi

[ more ] [ reply ]

cross site scripting vulnerability in BLOG:CMS 2010-12-15
advisory htbridge ch

Vulnerability ID: HTB22726
Reference: http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_bl
ogcms.html
Product: BLOG:CMS
Vendor: Radek HulÃ¡n ( http://blogcms.com/ )
Vulnerable Version: 4.2.1.e and probably prior versions
Vendor Notification: 30 November 2010
Vulnerability Type:

[ more ] [ reply ]

'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332) 2010-12-15
Mark Stanislav (mark stanislav gmail com)

'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)
Mark Stanislav - mark.stanislav (at) gmail (dot) com [email concealed]

I. DESCRIPTION
---------------------------------------
A vulnerability exists in the 'Pointter PHP Content Management System' authentication system which allows for

[ more ] [ reply ]

XSS vulnerability in BLOG:CMS 2010-12-15
advisory htbridge ch

Vulnerability ID: HTB22725
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms_1.html
Product: BLOG:CMS
Vendor: Radek HulÃ¡n ( http://blogcms.com/ )
Vulnerable Version: 4.2.1.e and probably prior versions
Vendor Notification: 30 November 2010
Vulnerability Type: XSS (Cross Site

[ more ] [ reply ]

PR10-06: Cross-domain redirect on PGP Universal Web Messenger 2010-12-16
research (research procheckup com)

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-06

PR10-06 Cross-domain redirect on PGP Universal Web Messenger
Advisory publicly released: Thursday, 16 December 2010
Vulnerability found: Wednesday, 10 February 2010
Vendor informed: Wednesday, 10 February 2010
Vulnerability fi

[ more ] [ reply ]

XSRF (CSRF) in BLOG:CMS 2010-12-15
advisory htbridge ch

Vulnerability ID: HTB22727
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_blogcms.html
Product: BLOG:CMS
Vendor: Radek HulÃ¡n ( http://blogcms.com/ )
Vulnerable Version: 4.2.1.e and probably prior versions
Vendor Notification: 30 November 2010
Vulnerability Type: CSRF (Cross-Site Request

[ more ] [ reply ]

Stored Cross Site Scripting vulnerability in BEdita 2010-12-15
advisory htbridge ch

Vulnerability ID: HTB22728
Reference: http://www.htbridge.ch/advisory/stored_cross_site_scripting_vulnerabilit
y_in_bedita.html
Product: BEdita
Vendor: Chialab & ChannelWeb ( http://www.bedita.com/ )
Vulnerable Version: 3.0.1.2550 "betula" and probably prior versions
Vendor Notificatio

[ more ] [ reply ]

XSRF (CSRF) in BEdita 2010-12-15
advisory htbridge ch

Vulnerability ID: HTB22729
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_bedita.html
Product: BEdita
Vendor: Chialab & ChannelWeb ( http://www.bedita.com/ )
Vulnerable Version: 3.0.1.2550 "betula" and probably prior versions
Vendor Notification: 30 November 2010
Vulnerabili

[ more ] [ reply ]

XSS vulnerability in BEdita 2010-12-15
advisory htbridge ch

Vulnerability ID: HTB22723
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_bedita.html
Product: BEdita
Vendor: Chialab & ChannelWeb ( http://www.bedita.com/ )
Vulnerable Version: 3.0.1.2550 "betula" and probably prior versions
Vendor Notification: 30 November 2010
Vul

[ more ] [ reply ]

XSS vulnerability in BLOG:CMS 2010-12-15
advisory htbridge ch

Vulnerability ID: HTB22724
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms.html
Product: BLOG:CMS
Vendor: Radek HulÃ¡n ( http://blogcms.com/ )
Vulnerable Version: 4.2.1.e and probably prior versions
Vendor Notification: 30 November 2010
Vulnerability Type: Stored XSS (Cross

[ more ] [ reply ]

'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333) 2010-12-15
Mark Stanislav (mark stanislav gmail com)

'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333)
Mark Stanislav - mark.stanislav (at) gmail (dot) com [email concealed]

I. DESCRIPTION
---------------------------------------
A vulnerability exists in the 'Pointter PHP Micro-Blogging Social Network' authentication system which all

[ more ] [ reply ]

Updated online binary planting exposure test continues operation 2010-12-15
ACROS Security Lists (lists acros si)

After our Online Binary Planting Exposure Test became defunct as a result of
Microsoft fixing the Windows Address Book binary planting bug, we updated the test
with two unfixed vulnerabilities. Everyone is welcome to keep testing their Windows
computers for Internet-based binary planting attacks.

[ more ] [ reply ]

[security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS) 2010-12-16
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01835108
Version: 4

HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

[ more ] [ reply ]

RE: [Full-disclosure] OpenBSD Paradox 2010-12-15
Larry Seltzer (larry larryseltzer com)

Theo,

How would one go about getting the code that was worked on at the time? I
don't see it at openbsd.org.

Also, do you have a sense of what other projects used that code?
Presumably at least some of them did audits as well.

LJS

[ more ] [ reply ]

[security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning 2010-12-16
security-alert hp com

Call for Paper @ Swiss Cyber Storm 3 2010-12-16
Ivan Buetler (ivan buetler csnc ch)

===============================================
Call for Papers @ Swiss Cyber Storm 3 Sec Conf
===============================================
* Rapperswil, Switzerland (near Zurich)
* May 12-15, 2011
* 3 parallel tracks
* Track1: Cyber Crime
* Track2: Exploits & Defense
* Track3: OWASP
============

[ more ] [ reply ]

www.eVuln.com : "error" Non-persistent XSS in slickMsg 2010-12-16
bt evuln com

www.eVuln.com advisory:

error - Non-persistent XSS in slickMsg

Summary: http://evuln.com/vulns/163/summary.html

Details: http://evuln.com/vulns/163/description.html

-----------Summary-----------

eVuln ID: EV0163

Software: slickMsg

Vendor: n/a

Version: 0.7-alpha

Critical Level: low

Type

[ more ] [ reply ]

[ MDVSA-2010:256 ] git 2010-12-16
security mandriva com

VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201) 2010-12-16
VUPEN Security Research (advisories vupen com)

VUPEN Security Research - Microsoft Office Publisher Record Array Indexing
Vulnerability (VUPEN-SR-2010-201)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

"Microsoft Publisher, is a desktop publishing application from Microsoft. It
is
an entry-level application,

[ more ] [ reply ]

[security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS) 2010-12-16
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02655735
Version: 1

HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS)

NOTICE: The information in this Securi

[ more ] [ reply ]

VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200) 2010-12-16
VUPEN Security Research (advisories vupen com)

VUPEN Security Research - Microsoft Office Publisher Size Value Heap
Corruption Vulnerability (VUPEN-SR-2010-200)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

"Microsoft Publisher, is a desktop publishing application from Microsoft. It
is
an entry-level applica

[ more ] [ reply ]

VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199) 2010-12-16
VUPEN Security Research (advisories vupen com)

VUPEN Security Research - Microsoft Internet Explorer Animation
Use-after-free Vulnerability (VUPEN-SR-2010-199)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

""Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Micros

[ more ] [ reply ]

[security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code 2010-12-16
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02239581
Version: 1

HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin shou

[ more ] [ reply ]

VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability (VUPEN-SR-2010-206) 2010-12-16
VUPEN Security Research (advisories vupen com)

VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array
Indexing Vulnerability (VUPEN-SR-2010-206)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

"Microsoft Publisher, is a desktop publishing application from Microsoft. It
is
an entry-level appli

[ more ] [ reply ]

Re: D-Link DIR-300 authentication bypass 2010-12-16
Karol CeliÅ?ski (karol celin pl)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

Dlink confirmed my bug in DIR-320 and DIR-600. Links for relevant
patched firmware:

ftp://ftp.dlink.pl/dir/dir-320/driver_software/DIR-320_fw_revA_1-21B03_a
ll_en_20101213.zip

ftp://ftp.dlink.pl/dir/dir-600/driver_software/DIR-600_fw_revB_2-05B01_

[ more ] [ reply ]