|
|
Prev week |
Colapse all |
Post message
XSS vulnerability in Zimplit CMS 2010-12-07 advisory htbridge ch Vulnerability ID: HTB22715 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms.html Product: Zimplit CMS Vendor: Zimplit ( http://www.zimplit.com/ ) Vulnerable Version: Current at 22.11.2010 and Probably Prior Versions Vendor Notification: 22 November 2010 Vulnerability Ty [ more ] [ reply ] XSS vulnerability in Zimplit CMS 2010-12-07 advisory htbridge ch Vulnerability ID: HTB22716 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms_1.html Product: Zimplit CMS Vendor: Zimplit ( http://www.zimplit.com/ ) Vulnerable Version: Current at 22.11.2010 and Probably Prior Versions Vendor Notification: 22 November 2010 Vulnerability [ more ] [ reply ] LFI in Exponent CMS 2010-12-07 advisory htbridge ch Vulnerability ID: HTB22717 Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms.html Product: Exponent CMS Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ ) Vulnerable Version: 2.0.0pr2 Vendor Notification: 22 November 2010 Vulnerability Type: Local File Inclusion Statu [ more ] [ reply ] LFI in Exponent CMS 2010-12-07 advisory htbridge ch Vulnerability ID: HTB22718 Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms_1.html Product: Exponent CMS Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ ) Vulnerable Version: 2.0.0pr2 Vendor Notification: 22 November 2010 Vulnerability Type: Local File Inclusion Sta [ more ] [ reply ] www.eVuln.com : XSS vulnerability in WWWThreads (php version) 2010-12-07 bt evuln com www.eVuln.com advisory: XSS vulnerability in WWWThreads (php version) Summary: http://evuln.com/vulns/155/summary.html Details: http://evuln.com/vulns/155/description.html -----------Summary----------- eVuln ID: EV0155 Software: n/a Vendor: WWWThreads Version: 2006.11.25 Critical Level: low Type: [ more ] [ reply ] VMSA-2010-0019 VMware ESX third party updates for Service Console 2010-12-07 VMware Security Team (security vmware com) Call for papers: 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) 2010-12-06 Christopher Kruegel (chris cs ucsb edu) ------------------------------------------------------------------------ [ Please excuse multiple copies of this e-mail. ] ------------------------------------------------------------------------ LEET '11: Call for Papers 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) March [ more ] [ reply ] [www.eVuln.com] SQL Injection vulnerability in Alguest 2010-12-06 bt evuln com New eVuln Advisory: SQL Injection vulnerability in Alguest Summary: http://evuln.com/vulns/154/summary.html Details: http://evuln.com/vulns/154/description.html -----------Summary----------- eVuln ID: EV0154 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: medium Typ [ more ] [ reply ] DIMVA 2011 Call for Workshops Proposals 2010-12-05 Lorenzo Cavallaro (lorenzo cavallaro gmail com) FYI, (Apologies if you receive multiple copies) ----- BEGIN DIMVA 2011 Call for Workshops Proposals ----- This year, in a break from previous DIMVAs, we want to allow for a small number of workshops to be co-located with the main conference. Researchers and practitioners are therefore invited [ more ] [ reply ] OWASP Zed Attack Proxy version 1.1.0 2010-12-05 psiinon (psiinon gmail com) Hi, The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Version 1.1.0 of ZAP has now been released. This release adds the following main features: OWASP rebranding Brute Force scanner c/o the OWASP DirBuster project Po [ more ] [ reply ] rPSA-2010-0076-1 gnupg 2010-12-06 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2010-0076-1 Published: 2010-12-06 Products: rPath Linux 2 Rating: Informational Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: gnupg=conary.rpath.com@rpl:2/2.0.9-1.1-1 rPath Issue Tracking System: https://is [ more ] [ reply ] 'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330) 2010-12-05 Mark Stanislav (mark stanislav gmail com) 'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330) Mark Stanislav - mark.stanislav (at) gmail (dot) com [email concealed] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'includes/controller.php' script that allows for arbitrary local file inclusion due to a null-byte att [ more ] [ reply ] Vulnerabilities in Register Plus Redux for WordPress 2010-12-03 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about Cross-Site Scripting, Insufficient Anti-automation and Full path disclosure vulnerabilities in plugin Register Plus Redux for WordPress. Register Plus Redux is a fork of plugin Register Plus. ------------------------- Affected products: --------------------- [ more ] [ reply ] Re: Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) 2010-12-02 StenoPlasma @ ExploitDevelopment (StenoPlasma exploitdevelopment com) To all, The reason I wrote this article was not to explain how to create a hidden user account. I wrote the article to show you that you can modify the SAM in real time in a way that is undetectable by ANYONE. This modification allows you to masquerade any user account as the built-in Administ [ more ] [ reply ] [eVuln.com] PHP Code Execution in Alguest 2010-12-03 bt evuln com New eVuln Advisory: PHP Code Execution in Alguest Summary: http://evuln.com/vulns/153/summary.html Details: http://evuln.com/vulns/153/description.html -----------Summary----------- eVuln ID: EV0153 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: high Type: PHP Code Execution [ more ] [ reply ] [eVuln.com] Cookie authentication bypass in Alguest 2010-12-03 bt evuln com New eVuln Advisory: Cookie authentication bypass in Alguest Summary: http://evuln.com/vulns/152/summary.html Details: http://evuln.com/vulns/152/description.html -----------Summary----------- eVuln ID: EV0152 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: high Type [ more ] [ reply ] VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues 2010-12-03 VMware Security team (security vmware com) [security bulletin] HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS) 2010-12-03 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02629503 Version: 1 HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be [ more ] [ reply ] [security bulletin] HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS) 2010-12-03 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02627925 Version: 1 HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be ac [ more ] [ reply ] New paper by Amit Klein (Trusteer): "Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview)" 2010-12-02 Amit Klein (amit klein trusteer com) Hi list The IE9 (platform preview) Javascript Math.random implementation is vulnerable to seed reconstruction. The seed reveals the computer's boot time (and on Windows 7 - also CPU clock speed). These can be used to finger-print computers and track users within the same Windows session even if the [ more ] [ reply ] Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) 2010-12-02 Steno Plasma (exploitdevelopmentdotcom gmail com) ---------------------------------------------------------- www.ExploitDevelopment.com 2010-M$-001 ---------------------------------------------------------- TITLE: Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise [ more ] [ reply ] NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration 2010-12-01 Research@NGSSecure (research1 nccgroup local) Cisco IPSec VPN Implementation Group Name Enumeration 01/12/2010 Gavin Jones of NGS Secure has discovered a vulnerability in (Cisco) Cisco VPN Concentrator, Cisco PIX and Cisco Adaptive Security Appliance. Versions affected include: -Cisco ASA 5500 Series Adaptive Security Appliances -Cisco PIX [ more ] [ reply ] [SECURITY] [DSA-2129-1] New krb5 packages fix checksum verification weakness 2010-12-01 Stefan Fritsch (sf debian org) [SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution 2010-12-01 Giuseppe Iuculano (iuculano debian org) [USN-1025-1] Bind vulnerabilities 2010-12-01 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1025-1 December 01, 2010 bind9 vulnerabilities CVE-2010-3613, CVE-2010-3614 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.0 [ more ] [ reply ] Vulnerabilities in Fabrica Engine 2010-12-01 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about Cross-Site Scripting, Denial of Service and SQL Injection vulnerabilities in Fabrica Engine (which I found in 2008 and 2009 at web site of one online shop). It's commercial engine for online shops. SecurityVulns ID: 11274. ------------------------- Affected [ more ] [ reply ] Re: D-Link DIR-300 authentication bypass 2010-12-01 Karol CeliÅ?ski (karol celin pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Polish D-Link branch confirmed the bug and produced relevant patched firmware: DIR-300: ftp://ftp.dlink.pl/dir/dir-300/driver_software/DIR-300_fw_revA_1-05B09_a ll_en_20101130.zip ftp://ftp.dlink.pl/dir/dir-300/driver_software/DIR-300_fw_revB_2-05B03_a l [ more ] [ reply ] Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow 2010-12-01 Secunia Research (remove-vuln secunia com) |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:249
http://www.mandriva.com/security/
______________________________________________________________________
[ more ] [ reply ]