|
|
Prev week |
Colapse all |
Post message
BBcode XSS in eoCMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22677 Reference: http://www.htbridge.ch/advisory/bbcode_xss_in_eocms.html Product: eoCMS Vendor: eocms.com ( http://eocms.com ) Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted, Aw [ more ] [ reply ] LFI in eoCMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22676 Reference: http://www.htbridge.ch/advisory/lfi_in_eocms_1.html Product: eoCMS Vendor: eocms.com ( http://eocms.com ) Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: Local File Inclusion Status: Not Fixed, Vendor Alerted, Awaiting Vendo [ more ] [ reply ] SQL injection in eoCMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22675 Reference: http://www.htbridge.ch/advisory/sql_injection_in_eocms.html Product: eoCMS Vendor: eocms.com ( http://eocms.com ) Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting Vend [ more ] [ reply ] Path disclosure in eoCMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22674 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_eocms.html Product: eoCMS Vendor: eocms.com ( http://eocms.com ) Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting [ more ] [ reply ] LFI in eoCMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22673 Reference: http://www.htbridge.ch/advisory/lfi_in_eocms.html Product: eoCMS Vendor: eocms.com ( http://eocms.com ) Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: Local File Inclusion Status: Not Fixed, Vendor Alerted, Awaiting Vendor [ more ] [ reply ] XSS in Textpattern CMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22672 Reference: http://www.htbridge.ch/advisory/xss_in_textpattern_cms.html Product: Textpattern CMS Vendor: Team Textpattern ( http://textpattern.com/ ) Vulnerable Version: 4.2.0 Vendor Notification: 21 October 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Fi [ more ] [ reply ] SQL injection in MiniBB 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22671 Reference: http://www.htbridge.ch/advisory/sql_injection_in_minibb.html Product: MiniBB Vendor: MiniBB.com ( http://www.minibb.com/ ) Vulnerable Version: 2.5 Vendor Notification: 21 October 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaitin [ more ] [ reply ] Reset admin password in SweetRice CMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22669 Reference: http://www.htbridge.ch/advisory/reset_admin_password_in_sweetrice_cms.ht ml Product: SweetRice CMS Vendor: basic-cms.org ( http://www.basic-cms.org/ ) Vulnerable Version: 0.6.7 Vendor Notification: 21 October 2010 Vulnerability Type: Logic error Status: Not Fix [ more ] [ reply ] XSS in SweetRice CMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22668 Reference: http://www.htbridge.ch/advisory/xss_in_sweetrice_cms.html Product: SweetRice CMS Vendor: basic-cms.org ( http://www.basic-cms.org/ ) Vulnerable Version: 0.6.7 Vendor Notification: 21 October 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Fixed by [ more ] [ reply ] Shell create & command execution in JAF CMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22665 Reference: http://www.htbridge.ch/advisory/shell_create__command_execution_in_jaf_c ms.html Product: JAF CMS Vendor: JAF CMS ( http://jaf-cms.sourceforge.net/ ) Vulnerable Version: 4.0 RC2 Vendor Notification: 21 October 2010 Vulnerability Type: Shell create & command [ more ] [ reply ] RFI in JAF CMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22666 Reference: http://www.htbridge.ch/advisory/rfi_in_jaf_cms.html Product: JAF CMS Vendor: JAF CMS ( http://jaf-cms.sourceforge.net/ ) Vulnerable Version: 4.0 RC2 Vendor Notification: 21 October 2010 Vulnerability Type: Remote File Inclusion Status: Not Fixed, Vendor Alerte [ more ] [ reply ] BBcode XSS in MiniBB 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22670 Reference: http://www.htbridge.ch/advisory/bbcode_xss_in_minibb.html Product: MiniBB Vendor: MiniBB.com ( http://www.minibb.com/ ) Vulnerable Version: 2.5 Vendor Notification: 21 October 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerte [ more ] [ reply ] Adsoft Remote Sql Injection Vulnerability 2010-11-04 md r00t defacer gmail com #------------In The Name Of God------------ # Adsoft Remote Sql Injection Vulnerability ################################### #AUTHOR: md.r00t #Mail: md.r00t.defacer (at) gmail (dot) com [email concealed] #Forum: http://ajaxtm.com/forum ################################### #Google D0rk: # "Powered by AdSOFT" ###################### [ more ] [ reply ] Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 2010-11-03 Max Kanat-Alexander (mkanat bugzilla org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * There is a way to inject both headers and content to users, causing a serious [ more ] [ reply ] SQL injection in SweetRice CMS 2010-11-04 advisory htbridge ch Vulnerability ID: HTB22667 Reference: http://www.htbridge.ch/advisory/sql_injection_in_sweetrice_cms.html Product: SweetRice CMS Vendor: basic-cms.org ( http://www.basic-cms.org/ ) Vulnerable Version: 0.6.7 Vendor Notification: 21 October 2010 Vulnerability Type: SQL Injection Status: Fixed by Ven [ more ] [ reply ] Zen Cart 1.3.9h Local File Inclusion Vulnerability 2010-11-03 Salvatore Fresta aka Drosophila (drosophilaxxx gmail com) Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer 2010-11-03 neza0x gmail com Directory Traversal still alive? I mean, does your tool bypass Apache, IIS latest versions? Or it is applicable to IIS 4? It would be nice to have new techniques, improve multi-byte encoders and so on. Sent via BlackBerry from Danux Network -----Original Message----- From: "chr1x" <chr1x@s [ more ] [ reply ] CVE-2010-3863: Apache Shiro information disclosure vulnerability 2010-11-03 Les Hazlewood (lhazlewood apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2010-3863: Apache Shiro information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shiro 1.0.0-incubating The unsupported JSecurity 0.9.x versions are also affected Description: Sh [ more ] [ reply ] [Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution 2010-11-02 Onapsis Research Labs (research onapsis com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-0009 : Oracle Virtual Server Agent Remote Command Execution This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will [ more ] [ reply ] [Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation 2010-11-02 Onapsis Research Labs (research onapsis com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-0010: Oracle Virtual Server Agent Local Privilege Escalation This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you wil [ more ] [ reply ] [Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access 2010-11-02 Onapsis Research Labs (research onapsis com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-0008 : Oracle Virtual Server Agent Arbitrary File Access This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will ga [ more ] [ reply ] XSS vulnerability in Kandidat CMS 2010-11-02 advisory htbridge ch Vulnerability ID: HTB22649 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_kandidat_cms_1.html Product: Kandidat CMS Vendor: Kan-Studio ( http://www.kan-studio.ru/ ) Vulnerable Version: 1.4.2 and probably prior versions Vendor Notification: 19 October 2010 Vulnerability Type: XSS ( [ more ] [ reply ] XSS vulnerability in MemHT Portal 2010-11-02 advisory htbridge ch Vulnerability ID: HTB22662 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_memht_portal.html Product: MemHT Portal Vendor: Miltenovik Manojlo ( http://www.memht.com/ ) Vulnerable Version: 4.0.1 and probably prior versions Vendor Notification: 19 October 2010 Vulnerability Type: Sto [ more ] [ reply ] XSS vulnerability in MemHT Portal 2010-11-02 advisory htbridge ch Vulnerability ID: HTB22664 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_memht_portal_1.html Product: MemHT Portal Vendor: Miltenovik Manojlo ( http://www.memht.com/ ) Vulnerable Version: 4.0.1 and probably prior versions Vendor Notification: 19 October 2010 Vulnerability Type: S [ more ] [ reply ] XSS vulnerability in Kandidat CMS 2010-11-02 advisory htbridge ch Vulnerability ID: HTB22650 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_kandidat_cms_2.html Product: Kandidat CMS Vendor: Kan-Studio ( http://www.kan-studio.ru/ ) Vulnerable Version: 1.4.2 and probably prior versions Vendor Notification: 19 October 2010 Vulnerability Type: Store [ more ] [ reply ] Stored XSS vulnerability in Webmedia Explorer 2010-11-02 advisory htbridge ch Vulnerability ID: HTB22661 Reference: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_webmedia_exp lorer.html Product: Webmedia Explorer Vendor: Marc Salmurri ( http://www.webmediaexplorer.com/ ) Vulnerable Version: 6.13.1 and probably prior versions Vendor Notification: 19 October 2010 [ more ] [ reply ] Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal 2010-11-02 advisory htbridge ch Vulnerability ID: HTB22663 Reference: http://www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerab ility_in_memht_portal.html Product: MemHT Portal Vendor: Miltenovik Manojlo ( http://www.memht.com/ ) Vulnerable Version: 4.0.1 and probably prior versions Vendor Notification: 19 October 2 [ more ] [ reply ] XSS vulnerability in Kandidat CMS 2010-11-02 advisory htbridge ch Vulnerability ID: HTB22648 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_kandidat_cms.html Product: Kandidat CMS Vendor: Kan-Studio ( http://www.kan-studio.ru/ ) Vulnerable Version: 1.4.2 and probably prior versions Vendor Notification: 19 October 2010 Vulnerability Type: Stored [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:220
http://www.mandriva.com/security/
______________________________________________________________________
[ more ] [ reply ]