|
|
Prev week |
Colapse all |
Post message
Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) 2010-11-25 g maone informaction com [Suspected Spam]Vulnerabilities in Register Plus for WordPress 2010-11-25 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about Cross-Site Scripting, Insufficient Anti-automation and Full path disclosure vulnerabilities in plugin Register Plus for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are versions of plugin Register Plus 3.5.1 a [ more ] [ reply ] NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) 2010-11-25 0kn0ck secniche org Hi List NoScript fails to detect the reflective XSS from trusted domains when an attack is conducted through SQLXSSI. The bypass in NoScript has been successfully conducted by using "Reflective XSS" through Union SQL poisoning attacks by exploiting the reverted errors in the browser. The attack str [ more ] [ reply ] CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp 2010-11-25 0kn0ck secniche org Advisory: Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp CVE-2010-2408 Version Affected - 11.5.10.2, 12.0.6, 12.1.3 About: Oracle I-Recruitment Suite Oracle iRecruitment is a web based full-cycle recruiting solution that gives managers, recruiters and candidates the a [ more ] [ reply ] XSS vulnerability in Wolf CMS 2010-11-25 advisory htbridge ch Vulnerability ID: HTB22680 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_wolf_cms_2.html Product: Wolf CMS Vendor: Wolf CMS team ( http://www.wolfcms.org/ ) Vulnerable Version: 0.6.0b and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: XSS (Cross [ more ] [ reply ] XSS vulnerability in Frog CMS 2010-11-25 advisory htbridge ch Vulnerability ID: HTB22683 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_frog_cms_1.html Product: Frog CMS Vendor: Philippe Archambault ( http://www.madebyfrog.com/ ) Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: S [ more ] [ reply ] XSRF (CSRF) in Frog CMS 2010-11-25 advisory htbridge ch Vulnerability ID: HTB22685 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_frog_cms.html Product: Frog CMS Vendor: Philippe Archambault ( http://www.madebyfrog.com/ ) Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: CSRF (Cross [ more ] [ reply ] XSS vulnerability in Wolf CMS 2010-11-25 advisory htbridge ch Vulnerability ID: HTB22678 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_wolf_cms.html Product: Wolf CMS Vendor: Wolf CMS team ( http://www.wolfcms.org/ ) Vulnerable Version: 0.6.0b and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: Stored XSS ( [ more ] [ reply ] XSS vulnerability in Wolf CMS 2010-11-25 advisory htbridge ch Vulnerability ID: HTB22679 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_wolf_cms_1.html Product: Wolf CMS Vendor: Wolf CMS team ( http://www.wolfcms.org/ ) Vulnerable Version: 0.6.0b and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: Stored XSS [ more ] [ reply ] [security bulletin] HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized 2010-11-24 security-alert hp com Modification, Denial of Service (DoS) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02515878 Version: 1 HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized Modification, De [ more ] [ reply ] [USN-1021-1] Apache vulnerabilities 2010-11-25 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1021-1 November 25, 2010 apache2 vulnerabilities CVE-2010-1452, CVE-2010-1623 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6 [ more ] [ reply ] TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption 2010-11-25 Advisories Toucan-System (advisories toucan-system com) [USN-1022-1] APR-util vulnerability 2010-11-25 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1022-1 November 25, 2010 apr-util vulnerability CVE-2010-1623 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9 [ more ] [ reply ] [eVuln.com] SQL injections in FreeTicket 2010-11-25 bt evuln com Subject: [eVuln.com] SQL injections in FreeTicket New eVuln Advisory: SQL injections in FreeTicket Summary: http://evuln.com/vulns/146/summary.html Details: http://evuln.com/vulns/146/description.html -----------Summary----------- eVuln ID: EV0146 Software: FreeTicket Vendor: Mrcgiguy Version: 1 [ more ] [ reply ] XSS vulnerability in Frog CMS 2010-11-25 advisory htbridge ch Vulnerability ID: HTB22684 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_frog_cms_2.html Product: Frog CMS Vendor: Philippe Archambault ( http://www.madebyfrog.com/ ) Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: X [ more ] [ reply ] Re: Mozilla Firefox 3.6.12 Denial of Service Vulnerability 2010-11-24 Michal Zalewski (lcamtuf coredump cx) [eVuln.com] email XSS in SimpLISTic 2010-11-24 bt evuln com New eVuln Advisory: email XSS in SimpLISTic Summary: http://evuln.com/vulns/145/summary.html Details: http://evuln.com/vulns/145/description.html -----------Summary----------- eVuln ID: EV0145 Software: SimpLISTic Vendor: Mrcgiguy Version: 2.0 Critical Level: low Type: Cross Site Scrip [ more ] [ reply ] [eVuln.com] Multiple XSS in MCG GuestBook 2010-11-24 bt evuln com New eVuln Advisory: Multiple XSS in MCG GuestBook Summary: http://evuln.com/vulns/144/summary.html Details: http://evuln.com/vulns/144/description.html -----------Summary----------- eVuln ID: EV0144 Software: MCG GuestBook Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross S [ more ] [ reply ] The Unbearable Lightness Of Non-Fixing: A Short Study in Security Reactiveness And Proactiveness 2010-11-24 ACROS Security Lists (lists acros si) Roughly 100 days after the Binary Planting (a.k.a. DLL hijacking, DLL preloading, Insecure Library Loading) vulnerability has been (re)discovered in hundreds of Windows applications (and likely undiscovered in thousands more), we've taken a unique opportunity to compare software vendors' fixing of [ more ] [ reply ] [eVuln.com] sitename XSS in Hot Links Lite 2010-11-23 bt evuln com New eVuln Advisory: sitename XSS in Hot Links Lite Summary: http://evuln.com/vulns/143/summary.html Details: http://evuln.com/vulns/143/description.html -----------Summary----------- eVuln ID: EV0143 Software: Hot Links Lite Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site Scrip [ more ] [ reply ] Microsoft Visual Studio vulnerability 2010-11-23 jabea jabea net ----------------------------------------------------------------- Microsoft Visual Studio vulnerability Overview: In Microsoft Visual Studio 2010 the DLL CPFE.DLL is vulnerable. A badly written source file make the application crash at loading. That make it really easy to make a simple denial of s [ more ] [ reply ] Juniper VPN client rdesktop clickhack 2010-11-22 niekt0 (niekt0 hysteria sk) Juniper VPN client rdesktop clickhack ================================ discovered by niekt0 (at) hysteria (dot) sk [email concealed] PRODUCT: Juniper VPN client + Windows remote desktop (or console access) VERSION AFFECTED: Win Vista/7 + Juniper VPN client (all versions) EXPOSURE: Remote code execution (SYSTEM privileges) S [ more ] [ reply ] [SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow 2010-11-22 Stefan Fritsch (sf debian org) ESA-2010-019: RSA, The Security Division of EMC, is reissuing this advisory regarding a potential cross-site scripting vulnerability that has been identified in RSAR Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Patch 105162 2010-11-23 Security_Alert emc com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2010-019: RSA, The Security Division of EMC, is reissuing this advisory regarding a potential cross-site scripting vulnerability that has been identified in RSA® Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Patch 105162 (Security [ more ] [ reply ] NGS00015 Patch Notification: ImageIO Memory Corruption 2010-11-22 Research@NGSSecure (research ngssecure com) ImageIO Memory Corruption - CVE-2010-1845 22/11/2010 Dominic Chell of NGS Secure has discovered a high risk memory corruption vulnerability affecting the ImageIO rendering framework. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code executi [ more ] [ reply ] |
|
Privacy Statement |
It correctly detects and blocks this variant (raw hexadecimal), but also the other 3 (quoted hexadecimal, raw binary and quoted binary) which have not been covered by this disclosure.
[ more ] [ reply ]