|
|
Prev week |
Colapse all |
Post message
XSRF (CSRF) in Webmatic 2010-08-26 advisory htbridge ch Vulnerability ID: HTB22570 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_webmatic.html Product: Webmatic Vendor: Valarsoft ( http://www.valarsoft.com/ ) Vulnerable Version: 3.0.5 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Type: CSRF (Cross-Site Request [ more ] [ reply ] XSS vulnerability in Webmatic 2010-08-26 advisory htbridge ch Vulnerability ID: HTB22568 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webmatic.html Product: Webmatic Vendor: Valarsoft ( http://www.valarsoft.com/ ) Vulnerable Version: 3.0.5 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Type: Stored XSS (Cross [ more ] [ reply ] XSS vulnerability in CompuCMS 2010-08-26 advisory htbridge ch Vulnerability ID: HTB22584 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_compucms.html Product: CompuCMS Vendor: CompuSoft A/S ( http://www.compusoft.dk/ ) Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Ty [ more ] [ reply ] SQL injection vulnerability in CompuCMS 2010-08-26 advisory htbridge ch Vulnerability ID: HTB22586 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_compucms_ 3.html Product: CompuCMS Vendor: CompuSoft A/S ( http://www.compusoft.dk/ ) Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulner [ more ] [ reply ] Apple CoreGraphics (Preview) Memory Corruption Vulnerability - CVE-2010-1801 2010-08-26 Rodrigo Branco (rbranco checkpoint com) Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Apple CoreGraphics (Preview) Memory Corruption when parsing PDF file [ more ] [ reply ] Details of cisco-sa-20081022-asa security advisory? 2010-08-25 Fernando Gont (fernando gont gmail com) Re: Web Tool Announcement: ismymailsecure.com 2010-08-25 Brian Behlendorf (brian behlendorf com) On Wed, 25 Aug 2010, Tim wrote: > It's unfortunate that STARTTLS is currently a disaster to configure > securely, particularly because it is just a point-to-point encryption > mechanism and all of this complexity has to be addressed at every hop. > I think as a security community we'd be a lot bette [ more ] [ reply ] Skype <= 4.2.0.169 DLL Hijacking Exploit (wab32.dll) 2010-08-25 glafkos astalavista com /* Exploit Title: Skype <= 4.2.0.169 DLL Hijacking Exploit (wab32.dll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: Latest Skype v4.2.0.169 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: .skype Greetz: Astalavista, OffSEC, Exploit-DB Notes: C [ more ] [ reply ] Re: DLL hijacking on Linux 2010-08-25 Pavel Kankovsky (peak argo troja mff cuni cz) On Wed, 25 Aug 2010, Tim Brown wrote: > the key point is that an empty directory specification statement in > LD_LIBRARY_PATH, PATH (and probably others) is equivalent to $CWD. And there is also the infamous DT_RPATH (and DT_RUNPATH) that makes it possible to hardwire unsafe paths into executable [ more ] [ reply ] Re: Web Tool Announcement: ismymailsecure.com 2010-08-25 Tim (tim-security sentinelchicken org) > > And because mail server name and email address does not need to be any > > connection also checking of signature of certificate agaist CA does not > > help much. It does not protect attack agaist MX records on DNS. > > true - so in an ideal world, we would need DNSSec everywhere and strict > ce [ more ] [ reply ] [Positive Technologies Research] Open Source WebEngine and Web Crawler v.0.2 is out! 2010-08-25 aanisimov ptsecurity com ============================================================== ============= Positive Technologies Research Lab ============= ============================================================== Open Source WebEngine and Web Crawler (Beta) ===================================================== [ more ] [ reply ] Re: WinAppDbg 1.4 is out! 2010-08-25 Mario Vilas (mvilas gmail com) Basically it supports 64 bits Windows, has a few more features, and comes with a crash analyzer. PyDbg on the other hand supports Mac OS and is integrated to PaiMei. So both frameworks have their own advantages. Also the programming API for PyDbg is much simpler (but still powerful), but WinAppDbg' [ more ] [ reply ] Re: WinAppDbg 1.4 is out! 2010-08-24 Aleksandr Yampolskiy (ayampolskiy gilt com) How is it different from pydbg? Sent from my Blackberry handheld. ----- Original Message ----- From: Mario Vilas <mvilas (at) gmail (dot) com [email concealed]> To: bugtraq (at) securityfocus (dot) com [email concealed] <bugtraq (at) securityfocus (dot) com [email concealed]>; full-disclosure (at) lists.grok.org (dot) uk [email concealed] <full-disclosure (at) lists.grok.org (dot) uk [email concealed]>; Python-Win32 List <python-win32@ [ more ] [ reply ] ZDI-10-157: IBM Lotus Notes Autonomy KeyView Office Shape Parsing Remote Code Execution Vulnerability 2010-08-23 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-157: IBM Lotus Notes Autonomy KeyView Office Shape Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-157 August 23, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: IBM Autonomy -- Affected Products: IBM Lotus Notes Autonomy K [ more ] [ reply ] Re: Web Tool Announcement: ismymailsecure.com 2010-08-25 Tim (tim-security sentinelchicken org) > it does not - yet. This is actually what I'm working on at the moment. > However, since most MTAs at the moment don't do this kind of check, it > is not very useful. So the tool currently only checks for encryption > capabilities, it does *not* check for protection against MiTM attacks. > The nex [ more ] [ reply ] Secunia Research: KDE Okular PDB Parsing RLE Decompression Buffer Overflow 2010-08-25 Secunia Research (remove-vuln secunia com) Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll) 2010-08-25 glafkos astalavista com /* Exploit Title: Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: CS4 v6.0 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: .indl .indp .indt .inx Greetz: Astalavista, OffSEC, Exploit-DB [ more ] [ reply ] Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2882 2010-08-25 Rodrigo Branco (rbranco checkpoint com) I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2010-28 [ more ] [ reply ] Deepin TFTP Server Directory Traversal Vulnerability 2010-08-25 »Æ³¬Òã (huang_chaoyi venustech com cn) Software : Deepin TFTP Server Directory Traversal Vulnerability Software Version : v1.25 Vendor: Deepin.org Vulnerability Published : 2010-08-14 Vulnerability Update Time : Status : Impact : Medium Bug Description : Deepin TFTP Server does not properly sanitise filenames containing directory trave [ more ] [ reply ] [USN-976-1] Tomcat vulnerability 2010-08-25 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-976-1 August 25, 2010 tomcat6 vulnerability CVE-2010-2227 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 Ub [ more ] [ reply ] Adobe Premier Pro CS4 DLL Hijacking Exploit (ibfs32.dll) 2010-08-25 glafkos astalavista com /* Exploit Title: Adobe Premier Pro CS4 DLL Hijacking Exploit (ibfs32.dll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: CS4 v4.0.0 (314 (MC: 160820)) Tested on: Windows 7 x64 Ultimate Vulnerable extensions: .pproj .prfpset .prexport .prm .prmp .p [ more ] [ reply ] Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll) 2010-08-25 glafkos astalavista com /* Exploit Title: Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: CS4 v14.0.0 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: .ait .eps Greetz: Astalavista, OffSEC, Exploit-DB Note: [ more ] [ reply ] Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2864 2010-08-25 Rodrigo Branco (rbranco checkpoint com) I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2010-286 [ more ] [ reply ] Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2868 2010-08-25 Rodrigo Branco (rbranco checkpoint com) I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2010-28 [ more ] [ reply ] Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll) 2010-08-25 glafkos astalavista com /* Exploit Title: Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: CS4 Build 315 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: .olproj Greetz: Astalavista, OffSEC, Exploit-DB */ [ more ] [ reply ] Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2880 2010-08-25 Rodrigo Branco (rbranco checkpoint com) Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file [ more ] [ reply ] [USN-977-1] MoinMoin vulnerabilities 2010-08-25 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-977-1 August 25, 2010 moin vulnerabilities CVE-2010-2487, CVE-2010-2969, CVE-2010-2970 =========================================================== A security issue affects the following Ubuntu releases [ more ] [ reply ] Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2869 2010-08-25 Rodrigo Branco (rbranco checkpoint com) I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2010-28 [ more ] [ reply ] Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2881 2010-08-25 Rodrigo Branco (rbranco checkpoint com) I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2010-288 [ more ] [ reply ] |
|
Privacy Statement |
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_auto_cms.html
Product: Auto CMS
Vendor: Roberto Aleman ( http://ventics.com/autocms/ )
Vulnerable Version: 1.6 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: XSS (Cross S
[ more ] [ reply ]