|
|
Prev week |
Colapse all |
Post message
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability 2010-10-27 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability Advisory ID: cisco-sa-20101027-cs Revision 1.0 For Public Release 2010 October 27 1600 UTC (GMT) +---------------------------------------------------------- [ more ] [ reply ] Authentication bypass in phpLiterAdmin 2010-10-27 advisory htbridge ch Vulnerability ID: HTB22653 Reference: http://www.htbridge.ch/advisory/authentication_bypass_in_phpliteradmin.h tml Product: phpLiterAdmin Vendor: phpLiterAdmin ( http://code.google.com/p/phpliteradmin/ ) Vulnerable Version: 1.0 RC1 and probably prior versions Vendor Notification: 13 October 2010 [ more ] [ reply ] LFI in DZCP 2010-10-27 advisory htbridge ch Vulnerability ID: HTB22656 Reference: http://www.htbridge.ch/advisory/lfi_in_dzcp.html Product: DZCP Vendor: dzcp.de ( http://www.dzcp.de ) Vulnerable Version: 1.5.4 Vendor Notification: 13 October 2010 Vulnerability Type: Local File Inclusion Status: Fixed by Vendor Risk level: High Credit: H [ more ] [ reply ] [DSECRG-09-032] Oracle Application Server - Linked XSS vulnerability 2010-10-27 DSecRG (research dsecrg com) rPSA-2010-0073-1 lftp 2010-10-27 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2010-0073-1 Published: 2010-10-27 Products: rPath Linux 2 Rating: Informational Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: lftp=conary.rpath.com@rpl:2/3.7.11-0.1-1 rPath Issue Tracking System: https://is [ more ] [ reply ] [security bulletin] HPSBMI02582 SSRT100269 rev.1 - Palm webOS Camera Application, Unauthorized Write Access 2010-10-27 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02518539 Version: 1 HPSBMI02582 SSRT100269 rev.1 - Palm webOS Camera Application, Unauthorized Write Access NOTICE: The information in this Security Bulletin should be acted upon as soon as poss [ more ] [ reply ] XSS vulnerability in BlogBird platform 2010-10-27 advisory htbridge ch Vulnerability ID: HTB22647 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_blogbird_1.html Product: BlogBird Vendor: BlogBird ( http://www.blogbird.nl/ ) Vulnerable Version: Current actual version on http://www.blogbird.nl/ Vendor Notification: 13 October 2010 Vulnerability Type: S [ more ] [ reply ] Orbit Downloader Insecure Library Loading Vulnerability 2010-10-27 apa-iutcert nsec ir A vulnerability has been discovered in Orbit Downloader ,which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: ? schannel.dll This can be exploited to [ more ] [ reply ] SQL injection in Energine 2010-10-27 advisory htbridge ch Vulnerability ID: HTB22655 Reference: http://www.htbridge.ch/advisory/sql_injection_in_energine.html Product: Energine Vendor: Energine ( http://energine.org/ ) Vulnerable Version: Vendor Notification: 13 October 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting [ more ] [ reply ] Nessus Client Insecure Library Loading Vulnerability 2010-10-27 apa-iutcert nsec ir A vulnerability has been discovered in Nessus Client ,which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: ? Wintab32.dll This can be exploited to [ more ] [ reply ] Internet Download Manager Insecure Library Loading Vulnerability 2010-10-27 apa-iutcert nsec ir A vulnerability has been discovered in Internet Download Manager ,which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: ? Schannel.dll This can be expl [ more ] [ reply ] FlipAlbum Vista Pro Insecure Library Loading Vulnerability 2010-10-27 apa-iutcert nsec ir A vulnerability has been discovered in FlipAlbum Vista Pro, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: ? dwmapi.dll This can be exploited to [ more ] [ reply ] rPSA-2010-0072-1 curl 2010-10-27 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2010-0072-1 Published: 2010-10-27 Products: rPath Appliance Platform Linux Service 2 rPath Linux 2 Rating: Minor Exposure Level Classification: Indirect User Non-deterministic Denial of Service Updated Versions: curl=conary.rpath.com@rpl:2/7.17.0-2.3-1 rPat [ more ] [ reply ] rPSA-2010-0075-1 sudo 2010-10-27 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2010-0075-1 Published: 2010-10-27 Products: rPath Appliance Platform Linux Service 2 rPath Linux 2 Rating: Major Exposure Level Classification: Local User Deterministic Privilege Escalation Updated Versions: sudo=conary.rpath.com@rpl:2/1.7.2p1-0.1-1 rPath I [ more ] [ reply ] [DSECRG-09-029] Oracle BI Publisher Enterprise 10 - Response Splitting 2010-10-27 DSecRG (research dsecrg com) XSRF (CSRF) in Zomplog 2010-10-27 advisory htbridge ch Vulnerability ID: HTB22645 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_zomplog.html Product: Zomplog Vendor: Gerben Schmidt ( http://www.zomp.nl/zomplog/ ) Vulnerable Version: 3.9 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: CSRF (Cross-Site Requ [ more ] [ reply ] Secunia PSI Insecure Library Loading Vulnerability 2010-10-27 apa-iutcert nsec ir A vulnerability has been discovered in Secunia PSI,which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: ? Schannel.dll This can be exploited to load a [ more ] [ reply ] ACDSee Photo Manager Insecure Library Loading Vulnerability 2010-10-27 apa-iutcert nsec ir A vulnerability has been discovered in ACDSee Photo Manager,which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: ? dwmapi.dll This can be exploited to [ more ] [ reply ] Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability 2010-10-27 Secunia Research (remove-vuln secunia com) LFI in Novaboard 2010-10-27 advisory htbridge ch Vulnerability ID: HTB22657 Reference: http://www.htbridge.ch/advisory/lfi_in_novaboard.html Product: Novaboard Vendor: Novaboard ( http://www.novaboard.net/ ) Vulnerable Version: 1.1.4 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: Local File Inclusion Stat [ more ] [ reply ] XSS vulnerability in Zomplog 2010-10-27 advisory htbridge ch Vulnerability ID: HTB22644 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zomplog_2.html Product: Zomplog Vendor: Gerben Schmidt ( http://www.zomp.nl/zomplog/ ) Vulnerable Version: 3.9 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: XSS (Cross [ more ] [ reply ] SQL injection in BloofoxCMS registration plugin 2010-10-27 advisory htbridge ch Vulnerability ID: HTB22658 Reference: http://www.htbridge.ch/advisory/sql_injection_in_bloofoxcms_registration _plugin.html Product: BloofoxCMS Vendor: bloofox.com ( http://bloofox.com/ ) Vulnerable Version: 0.3.5 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type [ more ] [ reply ] XSS vulnerability in Zomplog 2010-10-27 advisory htbridge ch Vulnerability ID: HTB22642 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zomplog.html Product: Zomplog Vendor: Gerben Schmidt ( http://www.zomp.nl/zomplog/ ) Vulnerable Version: 3.9 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: XSS (Cross Si [ more ] [ reply ] RE: [vonage.com #25400427] RE: How Visual Studio Makes Your Applications Vulnerable to Binary Planting 2010-10-26 Mitja Kolsek (mitja kolsek acros si) Hi Michael, Indeed, MFC is the culprit. We were aware of Visual Studio as a typical environment for building MFC apps, and MFC is an integral part of it. Presumably other ways of building MFC apps will result in vulnerable builds too, but we noticed that older some versions of MFC libraries were no [ more ] [ reply ] RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack 2010-10-26 Thor (Hammer of God) (thor hammerofgod com) >Am Montag, den 25.10.2010, 22:56 +0000 schrieb Thor (Hammer of God): >> The main point is that you've got to get people to not only connect up >> to your remote share, but you've got to get them to execute the file, >> etc. So I'm just wondering what makes this anything more than any >> other "put [ more ] [ reply ] RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack 2010-10-26 Jann Horn (jannhorn googlemail com) Am Montag, den 25.10.2010, 22:56 +0000 schrieb Thor (Hammer of God): > The main point is that you've got to get people to not only connect up > to your remote share, but you've got to get them to execute the file, > etc. So I'm just wondering what makes this anything more than any > other "put a ma [ more ] [ reply ] RE: How Visual Studio Makes Your Applications Vulnerable to Binary Planting 2010-10-26 Michael Wojcik (Michael Wojcik microfocus com) Unless I misread the description, this is an error in MFC, not in Visual Studio. Applications built using MFC and command-line tools would be equally vulnerable; non-MFC applications built using Visual Studio would not be (via this vector - obviously they could be vulnerable to binary planting thro [ more ] [ reply ] [security bulletin] HPSBMA02603 SSRT100319 rev.1 - HP Insight Control Power Management for Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) 2010-10-26 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02564294 Version: 1 HPSBMA02603 SSRT100319 rev.1 - HP Insight Control Power Management for Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) NOTICE: The information i [ more ] [ reply ] |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zomplog_1.html
Product: Zomplog
Vendor: Gerben Schmidt ( http://www.zomp.nl/zomplog/ )
Vulnerable Version: 3.9 and probably prior versions
Vendor Notification: 13 October 2010
Vulnerability Type: Stored XSS
[ more ] [ reply ]