|
|
Prev week |
Colapse all |
Post message
XSS vulnerability in AContent 2010-09-15 advisory htbridge ch Vulnerability ID: HTB22597 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_acontent.html Product: AContent Vendor: Inclusive Design Institute ( http://www.atutor.ca/ ) Vulnerable Version: 1.0 Vendor Notification: 01 September 2010 Vulnerability Type: Stored XSS (Cross Site Scriptin [ more ] [ reply ] XSS vulnerability in Atutor edit content folder 2010-09-15 advisory htbridge ch Vulnerability ID: HTB22599 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_atutor_edit_content _folder.html Product: ATutor Vendor: Inclusive Design Institute ( http://www.atutor.ca/ ) Vulnerable Version: 1.0 Vendor Notification: 01 September 2010 Vulnerability Type: XSS (Cross Site [ more ] [ reply ] XSS vulnerability in AContent search 2010-09-15 advisory htbridge ch Vulnerability ID: HTB22596 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_acontent_search.htm l Product: AContent Vendor: Inclusive Design Institute ( http://www.atutor.ca/ ) Vulnerable Version: 1.0 Vendor Notification: 01 September 2010 Vulnerability Type: XSS (Cross Site Scriptin [ more ] [ reply ] [Suspected Spam]Directory Traversal in Axigen v7.4.1 running on Windows 2010-09-15 Bogdan Calin (bogdan acunetix com) We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 . In this blog post, we will look into the details of a very serious web vulnerability discovered by Acunetix WVS in Axigen. "Axigen is an integrated [ more ] [ reply ] Secunia Research: Microsoft Outlook Content Parsing Integer Underflow Vulnerability 2010-09-14 Secunia Research (remove-vuln secunia com) ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability 2010-09-14 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-177 September 14, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: IBM -- Affected Products: IBM Lotus Domino -- TippingPoint(TM) IPS Customer Protecti [ more ] [ reply ] [FLOCK-SA-2010-04] Flock Browser: window.open() Method Javascript Same-Origin Policy Violation (XSS) 2010-09-14 Lyndon Nerenberg (lyndon flock com) [FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS) 2010-09-14 Lyndon Nerenberg (lyndon flock com) [FLOCK-SA-2010-02] Flock Browser: A malicious RSS feed can bypass cross origin protection (XSS) 2010-09-14 Lyndon Nerenberg (lyndon flock com) [FLOCK-SA-2010-01] Flock Browser: A malformed favourite can bypass cross origin protection (XSS) 2010-09-14 Lyndon Nerenberg (lyndon flock com) New writeup by Amit Klein (Trusteer): "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1" 2010-09-14 Amit Klein (amit klein trusteer com) Hi list I would like to announce a new writeup, titled "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1". The writeup is available in the following URL: http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_lea kage_in_FF_3.6.4- [ more ] [ reply ] [USN-987-1] Samba vulnerability 2010-09-14 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-987-1 September 14, 2010 samba vulnerability CVE-2010-3069 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 [ more ] [ reply ] [security bulletin] HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information 2010-09-14 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02475053 Version: 1 HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information NOTICE: The information in this Security Bulletin sho [ more ] [ reply ] ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability 2010-09-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-176 September 13, 2010 -- CVE ID: CVE-2010-2766 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefo [ more ] [ reply ] [SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution 2010-09-14 Sébastien Delafond (seb debian org) CVE-2010-3200 : Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability 2010-09-14 Aditya K Sood (adi_ks secniche org) Advisory Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability CVE: 2010-3200 Version Word 2003 (SP3) 11.8326.11.8324 tested on windows XP SP2/SP3 Details : A null pointer dereference vulnerability has been noticed in MS Word.The exception results in the MSO.dll library which fails to [ more ] [ reply ] ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability 2010-09-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-174 September 13, 2010 -- CVE ID: CVE-2010-3007 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Product [ more ] [ reply ] [DCA-00016 - Nokia E72 Keyboard Password bypass] 2010-09-13 Ewerson Guimarães (Crash) - Dclabs (crash dclabs com br) [DCA-00016 - Nokia E72 Keyboard Password bypass] [Software/Hardware] - Nokia E72 [Vendor Product Description] - Nokia E72 is a high-performance device tailor-made for seamless business and personal communication. [Bug Description] - The Nokia E72 keyboard lock have a delay to validate the passwor [ more ] [ reply ] Web challenges from RootedCON'2010 CTF - Contest 2010-09-13 Roman Medina-Heigl Hernandez (roman rs-labs com) Hello, Next Friday I will be running a web-based challenges contest. Winner will be awarded with the new iPod touch from Apple. Thanks to Hispasec Sistemas (you probably know them as the makers of VirusTotal service) from sponsoring the prize. Full info (registration currently open): http://www.rs [ more ] [ reply ] ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability 2010-09-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-173 September 13, 2010 -- CVE ID: CVE-2010-2760 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Mozilla Firefox -- Affected Products: [ more ] [ reply ] ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability 2010-09-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-171 September 13, 2010 -- CVE ID: CVE-2010-3167 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Mozilla Firefox -- Affected Products [ more ] [ reply ] ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability 2010-09-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-172 September 13, 2010 -- CVE ID: CVE-2010-3168 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firef [ more ] [ reply ] ZDI-10-170: Apple Safari Webkit Runin Remote Code Execution Vulnerability 2010-09-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-170: Apple Safari Webkit Runin Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-170 September 13, 2010 -- CVE ID: CVE-2010-1806 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint(TM) [ more ] [ reply ] ZDI-10-169: Novell Netware SSHD.NLM Remote Code Execution Vulnerability 2010-09-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-169: Novell Netware SSHD.NLM Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-169 September 1, 2010 -- CVSS: 9, (AV:N/AC:L/Au:S/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell Netware -- Vulnerability Details: This vulnerability [ more ] [ reply ] Adobe LiveCycle ES DLL Hijacking Exploit (.dll) 2010-09-13 admin bugreport ir ##########################www.BugReport.ir############################## ########## # # AmnPardaz Security Research Team # # Title: Adobe LiveCycle ES DLL Hijacking Exploit (.dll) # Vendor: http://www.adobe.com/products/livecycle/ # Vulnerable Version: 8.2.1.3144.1.471865 # Exploitation: Re [ more ] [ reply ] |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_acontent_course.htm
l
Product: AContent
Vendor: Inclusive Design Institute ( http://www.atutor.ca/ )
Vulnerable Version: 1.0
Vendor Notification: 01 September 2010
Vulnerability Type: XSS (Cross Site Scriptin
[ more ] [ reply ]