SecurityFocus

Vulnerabilities in IB Promotion Advanced Business Web Suite 2010-09-20
MustLive (mustlive websecurity com ua)

Hello Bugtraq!

I want to warn you about Cross-Site Scripting and Insufficient
Anti-automation vulnerabilities in IB Promotion Advanced Business Web Suite.
It's Ukrainian commercial CMS.

XSS (WASC-08):

http://site/search/?qs=?;alert(document.cookie);//

It's DOM Based XSS.

Insufficient Anti-autom

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-10:08.bzip2 2010-09-20
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA-2112-1] New bzip2 packages fix integer overflow 2010-09-20
Stefan Fritsch (sf debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2112-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Stefan Fritsch
September 20, 2010

[ more ] [ reply ]

[SECURITY] [DSA-2106-2] New xulrunner packages fix regression 2010-09-19
Stefan Fritsch (sf debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2106-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Stefan Fritsch
September 19, 2010

[ more ] [ reply ]

[SECURITY] [DSA 2113-1] New drupal6 packages fix several vulnerabilities 2010-09-20
white debian org (Steffen Joeris)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2113-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steffen Joeris
September 20, 2010

[ more ] [ reply ]

SQL injection vulnerability in e107 2010-09-20
advisory htbridge ch

Vulnerability ID: HTB22603
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_e107_1.ht
ml
Product: e107 Website System
Vendor: e107 ( http://www.e107.org/ )
Vulnerable Version: 0.7.23 and Probably Prior Versions
Vendor Notification: 03 September 2010
Vulnerability Type: SQL

[ more ] [ reply ]

[USN-986-1] bzip2 vulnerability 2010-09-20
Jamie Strandboge (jamie canonical com)

===========================================================
Ubuntu Security Notice USN-986-1 September 20, 2010
bzip2 vulnerability
CVE-2010-0405
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04

[ more ] [ reply ]

[USN-986-2] ClamAV vulnerability 2010-09-20
Jamie Strandboge (jamie canonical com)

===========================================================
Ubuntu Security Notice USN-986-2 September 20, 2010
clamav vulnerability
CVE-2010-0405
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubu

[ more ] [ reply ]

SQL injection vulnerability in e107 2010-09-20
advisory htbridge ch

Vulnerability ID: HTB22602
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_e107.html

Product: e107 Website System
Vendor: e107 ( http://www.e107.org/ )
Vulnerable Version: 0.7.23 and Probably Prior Versions
Vendor Notification: 03 September 2010
Vulnerability Type: SQL In

[ more ] [ reply ]

[SECURITY] [DSA 2111-1] New squid3 packages fix denial of service 2010-09-19
white debian org (Steffen Joeris)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2111-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steffen Joeris
September 19, 2010

[ more ] [ reply ]

Searching for DropBox security contact 2010-09-19
Rebecca Menessec (rebecca menessec gmail com)

I'm looking for a product security contact for DropBox.com. I've been
blown off by several email channels and a developer in the support
forums. Is anyone in contact with people at DropBox.com who have some
interest in product security?

[ more ] [ reply ]

[security bulletin] HPSBMA02568 SSRT100219 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities 2010-09-17
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02512995
Version: 2

HPSBMA02568 SSRT100219 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities

[ more ] [ reply ]

[ MDVSA-2010:184 ] samba 2010-09-16
security mandriva com

[oCERT-2010-003] Free Simple CMS path sanitization errors 2010-09-17
Andrea Barisani (lcars ocert org)

#2010-003 Free Simple CMS path sanitization errors

Description:

Free Simple CMS, an open source content management system, suffers from
remote file inclusion vulnerabilities.

Insufficient path sanitization on several query string parameters leads to
inclusion of arbitrary files from remote sourc

[ more ] [ reply ]

[USN-978-2] Thunderbird regression 2010-09-17
Jamie Strandboge (jamie canonical com)

===========================================================
Ubuntu Security Notice USN-978-2 September 16, 2010
thunderbird regression
https://launchpad.net/bugs/640839
===========================================================

A security issue affects the following Ubuntu releases:

Ubunt

[ more ] [ reply ]

[SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues 2010-09-17
dann frazier (dannf debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2110-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ dann frazier
September 17, 2010 ht

[ more ] [ reply ]

[USN-975-2] Firefox and Xulrunner regression 2010-09-17
Jamie Strandboge (jamie canonical com)

===========================================================
Ubuntu Security Notice USN-975-2 September 16, 2010
firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 regression
https://launchpad.net/bugs/640839
===========================================================

A secu

[ more ] [ reply ]

[security bulletin] HPSBUX02546 SSRT100159 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information 2010-09-16
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02263226
Version: 1

HPSBUX02546 SSRT100159 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin sh

[ more ] [ reply ]

[SECURITY] [DSA-2109-1] New samba packages fix buffer overflow 2010-09-16
Stefan Fritsch (sf debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2109-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Stefan Fritsch
September 16, 2010

[ more ] [ reply ]

[security bulletin] HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS) 2010-09-16
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02507909
Version: 2

HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS)

NOTICE: The information in this Security Bulletin sho

[ more ] [ reply ]

[security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities 2010-09-16
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02512995
Version: 1

HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities

[ more ] [ reply ]

MVSA-10-002 - Google Message Security SaaS - Multiple XSS vulnerabilities 2010-09-15
marian ventuneac gmail com

Security Advisory: MVSA-10-002

Vendor: Google

Service: Google Message Security SaaS (powered by Postini)

- Security Console (Admin Console)

- Message Center Classic

- Message Center II

Vulnerabilities: Multiple Cross-Site Scripting (XSS)

Risk:

[ more ] [ reply ]

MVSA-10-001 - Google Message Security SaaS - SQL Injection vulnerabilities 2010-09-15
marian ventuneac gmail com

Security Advisory: MVSA-10-001

Vendor: Google

Service: Google Message Security SaaS (powered by Postini)

- Message Center II

Vulnerabilities: SQL Injection

Risk: High

Attack Vector: From Remote

Authentication: Required

Reference: http://www.ventuneac.net/secur

[ more ] [ reply ]

[ MDVSA-2010:183 ] socat 2010-09-15
security mandriva com

ZDI-10-178: Novell PlateSpin Orchestrate Graph Rendering Remote Code Execution Vulnerability 2010-09-15
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-10-178: Novell PlateSpin Orchestrate Graph Rendering Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-178
September 15, 2010

-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

-- Affected Vendors:
Novell

-- Affected Products:
Novell eDirectory

-- Vulnerability De

[ more ] [ reply ]

XSRF (CSRF) in SantaFox 2010-09-15
advisory htbridge ch

Vulnerability ID: HTB22594
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html
Product: SantaFox
Vendor: artprom ( http://www.santafox.ru/ )
Vulnerable Version: 2.02 and Probably Prior Versions
Vendor Notification: 23 August 2010
Vulnerability Type: CSRF (Cross-Site Request Forge

[ more ] [ reply ]

XSS vulnerability in SantaFox search module 2010-09-15
advisory htbridge ch

Vulnerability ID: HTB22593
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_santafox_search_mod
ule.html
Product: SantaFox
Vendor: artprom ( http://www.santafox.ru/ )
Vulnerable Version: 2.02 and Probably Prior Versions
Vendor Notification: 23 August 2010
Vulnerability Type: XSS (Cro

[ more ] [ reply ]

XSS (cross site scripting) vulnerability in Serendipity 2010-09-15
advisory htbridge ch

Vulnerability ID: HTB22595
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html
Product: Serendipity
Vendor: Serendipity Team ( http://www.s9y.org/ )
Vulnerable Version: 1.5.3 and probably prior versions
Vendor Notification: 26 August 2010
Vulnerability Type: Stored XSS

[ more ] [ reply ]

XSS vulnerability in AChecker 2010-09-15
advisory htbridge ch

Vulnerability ID: HTB22601
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_achecker.html
Product: AChecker
Vendor: Inclusive Design Institute ( http://www.atutor.ca/ )
Vulnerable Version: 1.0
Vendor Notification: 01 September 2010
Vulnerability Type: XSS (Cross Site Scripting)
Stat

[ more ] [ reply ]

XSS vulnerability in ATutor 2010-09-15
advisory htbridge ch

Vulnerability ID: HTB22600
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_atutor_1.html
Product: ATutor
Vendor: Inclusive Design Institute ( http://www.atutor.ca/ )
Vulnerable Version: 1.0
Vendor Notification: 01 September 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status

[ more ] [ reply ]