|
|
Prev week |
Colapse all |
Post message
RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo 2010-10-13 Thor (Hammer of God) (thor hammerofgod com) >Hmm... maybe difficult to verify, since I did not post a PoC test. >Maybe a kind Oracle admin could point me to a patched fcgi-bin/echo? >Funny if any such existed: an admin careful to keep patches up-to-date, but >careless in not following security recommendations to remove... >Maybe, contact me o [ more ] [ reply ] Re: XSS in Oracle default fcgi-bin/echo 2010-10-13 paul szabo sydney edu au I wrote about a week ago: > Many Oracle web server installations have a fcgi-bin/echo script > left over from default demo (google for inurl:fcgi-bin/echo). That > script seems vulnerable to XSS. (PoC exploit and explanation of > impact withheld now.) > > I asked security (at) oracle (dot) com [email concealed] and they sai [ more ] [ reply ] Directory Traversal Vulnerability in Robo-FTP 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22627 Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_rob o_ftp.html Product: Robo-FTP Vendor: Serengeti Systems Incorporated ( http://www.robo-ftp.com ) Vulnerable Version: 3.7.3 and Probably Prior Versions Vendor Notification: 27 September 2010 [ more ] [ reply ] XSS vulnerability in Ronny CMS 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22630 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_ronny_cms_2.html Product: Ronny CMS Vendor: TO4KA Programming Team ( http://ronny-cms.ru/ ) Vulnerable Version: 1.1 r935 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: [ more ] [ reply ] Directory Traversal Vulnerability in AnyConnect 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22629 Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_any connect.html Product: AnyConnect Vendor: AnyConnect ( http://www.anyconnect.net ) Vulnerable Version: 1.2.3.0 and Probably Prior Versions Vendor Notification: 27 September 2010 Vulnerabili [ more ] [ reply ] XSRF (CSRF) in Lara 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22619 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_lara.html Product: Lara Vendor: Geographical Media ( http://getlara.com/ ) Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 27 September 2010 Vulnerability Type: CSRF (Cross [ more ] [ reply ] XSS vulnerability in PluXml 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22634 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pluxml_3.html Product: PluXml Vendor: PluXml Team ( http://pluxml.org/ ) Vulnerable Version: 5.0.1 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: Stored XSS (Cross Sit [ more ] [ reply ] XSS vulnerability in PluXml 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22631 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pluxml.html Product: PluXml Vendor: PluXml Team ( http://pluxml.org/ ) Vulnerable Version: 5.0.1 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: Stored XSS (Cross Site [ more ] [ reply ] Directory Traversal Vulnerability in FreshFTP 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22628 Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_fre shftp.html Product: FreshFTP Vendor: FreshWebMaster ( http://www.freshwebmaster.com ) Vulnerable Version: 5.36 and Probably Prior Versions Vendor Notification: 27 September 2010 Vulnerabil [ more ] [ reply ] XSS vulnerability in PluXml 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22632 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pluxml_1.html Product: PluXml Vendor: PluXml Team ( http://pluxml.org/ ) Vulnerable Version: 5.0.1 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: XSS (Cross Site Scrip [ more ] [ reply ] XSS vulnerability in PluXml 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22633 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pluxml_2.html Product: PluXml Vendor: PluXml Team ( http://pluxml.org/ ) Vulnerable Version: 5.0.1 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: XSS (Cross Site Scrip [ more ] [ reply ] XSS vulnerability in Ronny CMS 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22623 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_ronny_cms_1.html Product: Ronny CMS Vendor: TO4KA Programming Team ( http://ronny-cms.ru/ ) Vulnerable Version: 1.1 r935 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: [ more ] [ reply ] XSS vulnerability in Ronny CMS 2010-10-13 advisory htbridge ch Vulnerability ID: HTB22622 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_ronny_cms.html Product: Ronny CMS Vendor: TO4KA Programming Team ( http://ronny-cms.ru/ ) Vulnerable Version: 1.1 r935 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: S [ more ] [ reply ] Re: ubuntu 10.04 xterm heap overflow,can it be exploit ? 2010-10-13 Dan Rosenberg (dan j rosenberg gmail com) This has already been made public: http://lists.grok.org.uk/pipermail/full-disclosure/2010-September/076294 .html On Ubuntu, xterm is setgid utmp, which might make it an interesting target for local attacks. However, you'll need to check if it's already dropped group utmp privileges by the time thi [ more ] [ reply ] Secunia Research: Microsoft Excel Lotus 1-2-3 File Parsing Vulnerability 2010-10-12 Secunia Research (remove-vuln secunia com) IBWAS'10 CfTraining - Deadline Approaching 2010-10-09 Carlos Serrão (carlos j serrao gmail com) Dear all, the deadline for submitting Training proposals for IBWAS'10 is approaching. Please advertise this. (sorry for the spam and for receiving multiple copies of this) Best regards, ------------------------------------------------------------------------ - 2nd. OWASP Ibero-American Web-Applic [ more ] [ reply ] [SECURITY] [DSA 2120-1] New postgresql-8.3 packages fix privilege escalation 2010-10-12 Florian Weimer (fw deneb enyo de) DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service (CVE-2010-3509) 2010-10-12 ddivulnalert ddifronline com Title ----- DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service (CVE-2010-3509) Severity -------- High Date Discovered --------------- November 3, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Alex Kaszczuk, Alan [ more ] [ reply ] Secunia Research: Microsoft Excel Extra Out of Boundary Record Vulnerability 2010-10-12 Secunia Research (remove-vuln secunia com) Secunia Research: Microsoft Excel Ghost Record Type Parsing Vulnerability 2010-10-12 Secunia Research (remove-vuln secunia com) ubuntu 10.04 xterm heap overflow,can it be exploit ? 2010-10-11 watercloud watercloud (watercloud xfocus org) Hi,all ! I find xterm on ubuntu 10.04 have a local heap overflow, I don't known that can it be exploit on glibc 2.11 . detail : watercloud@ubuntu:~/Downloads$ ls -l `which xterm` -rwxr-sr-x 1 root utmp 354444 2010-03-31 17:47 /usr/bin/xterm watercloud@ubuntu:~/Downloads$ xterm -fb `perl -e 'pri [ more ] [ reply ] Collabtive Multiple Vulnerabilities 2010-10-12 Advisory (advisory anatoliasecurity com) ANATOLIA SECURITY ADVISORY ------------------------------------ ### ADVISORY INFO ### + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact: Gaining Administrative Pri [ more ] [ reply ] Secunia Research: Microsoft Excel Record Parsing Integer Overflow Vulnerability 2010-10-12 Secunia Research (remove-vuln secunia com) [SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities 2010-10-12 Moritz Muehlenhoff (jmm debian org) Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331 2010-10-12 Rodrigo Branco (rbranco checkpoint com) Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Internet Explorer Uninitialized Memory Corruption Vulnerability CVE-2 [ more ] [ reply ] |
|
Privacy Statement |
October 13th, 2010
Description:
The SAP BusinessObjects product contains a module (dswsbobje.war) which
deploys Axis2 with an administrator account which is configured with a
static password. As a result, anyone with access to the Axis2 po
[ more ] [ reply ]