|
|
Prev week |
Colapse all |
Post message
[CORE-2010-0624] MS OpenType CFF Parsing Vulnerability 2010-10-12 Core Security Technologies Advisories (advisories coresecurity com) Re: JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities 2010-10-11 joomextensions gmail com [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities 2010-10-11 Florian Weimer (fw deneb enyo de) Vulnerabilities in AltConstructor 2010-10-10 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about Cross-Site Scripting and Brute Force vulnerabilities in AltConstructor. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are all versions of CMS AltConstructor, before version released at 16.0 [ more ] [ reply ] JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities 2010-10-09 Salvatore Fresta aka Drosophila (drosophilaxxx gmail com) Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability 2010-10-09 YGN Ethical Hacker Group (lists yehg net) 1. OVERVIEW The Joomla! web application was vulnerable to Cross Site Scripting vulnerability. 2. PRODUCT DESCRIPTION Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets. It comprises a modelâ??viewâ??controller (MVC) Web app [ more ] [ reply ] [SECURITY] [DSA 2118-1] New subversion packages fix authentication bypass 2010-10-08 Nico Golde (nion debian org) [WARNING] A fake version of T50!!! 2010-10-08 Nelson Brito (nbrito sekure org) Okay, as many of you know, I am going to present the results of a private research about "Stress Testing" - focusing on Denial-of-Service. Today, while searching for some references to add in my presentation, I found the following message in a "hacker" (?) forum: - "MELHOR FERRAMENTA DE DENIAL OF [ more ] [ reply ] [TOOL RELEASE] Exploit Next Generation SQL Fingerprint v. 2010-10-08 Nelson Brito (nbrito sekure org) The Exploit Next GenerationR SQL FingerprintT (f.k.a. Microsoft SQL Server Fingerprint Tool) is a powerful tool which performs version fingerprinting for: 1. Microsoft SQL Server 2000; 2. Microsoft SQL Server 2005; and 3. Microsoft SQL Server 2008. The Exploit Next GenerationR SQL FingerprintT ( [ more ] [ reply ] Re: Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 2010-10-07 gopherit users sourceforge net XSS vulnerability in Expression CMS 2010-10-08 advisory htbridge ch Vulnerability ID: HTB22617 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_expression_cms.html Product: Expression Vendor: Backbone Technology ( http://www.backbonetechnology.com ) Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 22 Septemb [ more ] [ reply ] XSS vulnerability in Lantern CMS 2010-10-08 advisory htbridge ch Vulnerability ID: HTB22621 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lantern_cms_1.html Product: Lantern CMS Vendor: Lantern ( http://www.lanterncms.com/www/html/7-home-page.asp ) Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 22 Sep [ more ] [ reply ] OverLook Cross-site Scripting Vulnerability 2010-10-08 advisory anatoliasecurity com ANATOLIA SECURITY ADVISORY --------------------------- ### ADVISORY INFO ### + Title: OverLook Cross-site Scripting + Advisory URL: http://anatoliasecurity.com/Blog/Detay.aspx?bId=2 + Advisory ID: 2010-002 + Version: v5.0 + Date: 06/10/2010 + Impact: Execute Malicious Javascript Codes + [ more ] [ reply ] XSS vulnerability in Expression CMS 2010-10-08 advisory htbridge ch Vulnerability ID: HTB22618 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_expression_cms_1.ht ml Product: Expression Vendor: Backbone Technology ( http://www.backbonetechnology.com ) Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 22 Septe [ more ] [ reply ] Directory Traversal Vulnerability in FTP Voyager 2010-10-08 advisory htbridge ch Vulnerability ID: HTB22625 Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_ftp _voyager.html Product: FTP Voyager Vendor: Rhino Software ( http://www.ftpvoyager.com/ ) Vulnerable Version: 15.2.0.11 and Probably Prior Versions Vendor Notification: 22 September 2010 Vu [ more ] [ reply ] XSS vulnerability in Lantern CMS 2010-10-08 advisory htbridge ch Vulnerability ID: HTB22620 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lantern_cms.html Product: Lantern CMS Vendor: Lantern ( http://www.lanterncms.com/www/html/7-home-page.asp ) Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 22 Septe [ more ] [ reply ] LFI / RCE vlunerability in Joomla Community Builder Enhenced (CBE) Component 2010-10-08 Delf Tonder (delf tonder gmx de) Hello full-disclosure! Description: Joomla CBE suffers from a local file inclusion vulnerability. As CBE also offers file uploading functionality that allows to upload files that contain php-code, this can be used to execute arbitary system-commands on the host with the webservers privileges. [ more ] [ reply ] Directory Traversal Vulnerability in FilterFTP 2010-10-08 advisory htbridge ch Vulnerability ID: HTB22626 Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_fil terftp.html Product: FilterFTP Vendor: IN MEDIA KG ( http://www.in-mediakg.com/software/filterftp/filterftp.shtml ) Vulnerable Version: 2.0.3 and Probably Prior Versions Vendor Notification [ more ] [ reply ] XSS in Oracle default fcgi-bin/echo 2010-10-08 paul szabo sydney edu au Many Oracle web server installations have a fcgi-bin/echo script left over from default demo (google for inurl:fcgi-bin/echo). That script seems vulnerable to XSS. (PoC exploit and explanation of impact withheld now.) I asked security (at) oracle (dot) com [email concealed] and they said that "... this issue has been resolve [ more ] [ reply ] [USN-1002-2] PostgreSQL vulnerability 2010-10-07 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1002-2 October 07, 2010 postgresql-8.4 vulnerability CVE-2010-3433 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.10 This [ more ] [ reply ] IBWAS'10 CfP - Deadline Extension 2010-10-07 Carlos Serrão (carlos j serrao gmail com) Dear all, the deadline for submitting papers for IBWAS'10 has been extended. Please advertise this. (sorry for the span and for receiving multiple copies of this) Best regards, 2nd. OWASP Ibero-American Web-Applications Security conference 2010 (IBWAS?10) ISCTE ? Lisbon University Institute 25th [ more ] [ reply ] [USN-1003-1] OpenSSL vulnerabilities 2010-10-07 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1003-1 October 07, 2010 openssl vulnerabilities CVE-2009-3245, CVE-2010-2939 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6 [ more ] [ reply ] [USN-1002-1] PostgreSQL vulnerability 2010-10-07 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1002-1 October 07, 2010 postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability CVE-2010-3433 =========================================================== A security issue affects the following Ubun [ more ] [ reply ] Syhunt Advisory: Visual Synapse HTTP Server Directory TraversalVulnerability 2010-10-07 Felipe M. Aragon (felipe syhunt com) Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability Advisory-ID: 201010071 Discovery Date: 09.07.2010 Release Date: 10.07.2010 Affected Applications: Visual Synapse HTTP Server 1.0 RC3, 1.0 RC2, 1.0 RC1, 0.60 and previous releases; And any applications using the Visual S [ more ] [ reply ] Adobe Reader 9.3.4 Multiple Memory Corruption - Security Advisory - SOS-10-003 2010-10-07 Sense of Security (lists senseofsecurity com au) HP Data Protector Manager v6.11 / NULL Pointer Dereference Remote Denial of Service Vulnerabilities 2010-10-06 Pepelux (pepeluxx gmail com) # =============================== # HP Data Protector Manager v6.11 # =============================== # # Bug: NULL Pointer Dereference Remote Denial of Service Vulnerabilities # # Software: http://www.hp.com # Date: 06/10/2010 # Author: Pepelux - pepelux[AT]enye-sec[DOT]com # http [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:199
http://www.mandriva.com/security/
______________________________________________________________________
[ more ] [ reply ]