|
|
Prev week |
Colapse all |
Post message
CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure 2010-08-16 VSR Advisories (advisories vsecurity com) [USN-971-1] OpenJDK vulnerabilities 2010-08-16 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-971-1 August 16, 2010 openjdk-6 vulnerabilities CVE-2010-2548, CVE-2010-2783 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu [ more ] [ reply ] XSS vulnerability in CMSimple 2010-08-16 advisory htbridge ch Vulnerability ID: HTB22558 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cmsimple.html Product: CMSimple Vendor: Peter Andreas Harteg ( http://www.cmsimple.org/ ) Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type: XSS (Cros [ more ] [ reply ] Xilisoft Video Converter Wizard 3 ogg file processing DoS 2010-08-16 praveen_recker sify com ModLoad: 5b860000 5b8b4000 C:\WINDOWS\system32\NETAPI32.dll ModLoad: 769c0000 76a73000 C:\WINDOWS\system32\USERENV.dll (26c8.1818): Access violation - code c0000005 (!!! second chance !!!) eax=00000000 ebx=019dc690 ecx=00000000 edx=00000000 esi=0199ffb0 edi=0199fe20 eip=0036a9ba esp=0012d864 [ more ] [ reply ] XSS vulnerability in CMSimple 2010-08-16 advisory htbridge ch Vulnerability ID: HTB22559 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cmsimple_1.html Product: CMSimple Vendor: Peter Andreas Harteg ( http://www.cmsimple.org/ ) Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type: XSS (Cr [ more ] [ reply ] XSS vulnerability in CMSimple 2010-08-16 advisory htbridge ch Vulnerability ID: HTB22560 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cmsimple_2.html Product: CMSimple Vendor: Peter Andreas Harteg ( http://www.cmsimple.org/ ) Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type: XSS (Cr [ more ] [ reply ] XSRF (CSRF) in CMSimple 2010-08-16 advisory htbridge ch Vulnerability ID: HTB22561 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_cmsimple.html Product: CMSimple Vendor: Peter Andreas Harteg ( http://www.cmsimple.org/ ) Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type: CSRF (Cross-Site [ more ] [ reply ] XSS vulnerability in pimcore 2010-08-16 advisory htbridge ch Vulnerability ID: HTB22562 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pimcore.html Product: pimcore Vendor: elements.at New Media Solutions GmbH. ( http://www.pimcore.org/ ) Vulnerable Version: 1.1.0 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability [ more ] [ reply ] Re: Re: Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities 2010-08-16 Salvatore Fresta aka Drosophila (drosophilaxxx gmail com) No, it isn't a good idea. You can use always Jrequest::getVar specifing the type (http://api.joomla.org/Joomla-Framework/Environment/JRequest.html#getVar ). The allowed types are: INT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH. Regards. -- Salvatore Fresta aka Drosophila http: [ more ] [ reply ] Jgrid 1.0 Joomla Component Local File Inclusion Vulnerability 2010-08-16 Salvatore Fresta aka Drosophila (drosophilaxxx gmail com) Insecure secure cookie in Tornado 2010-08-16 Nam Nguyen (namn bluemoon com vn) BLUE MOON SECURITY ADVISORY 2010-01 =================================== :Title: Insecure secure cookie in Tornado :Severity: Low :Reporter: Blue Moon Consulting :Products: Tornado v1.0 :Fixed in: Tornado v1.0.1 Description ----------- Tornado is an open source version of the scalable, non-block [ more ] [ reply ] Re: XSS vulnerability in Eden Platform 2010-08-15 security curmudgeon (jericho attrition org) : Product: Eden Platform : Vendor: Preation ( http://www.preation.com/ ) : Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions : Risk level: Medium The vendor web page has a free trial feature, with no obvious version. Your version of 01.07.2010 appears to be something you des [ more ] [ reply ] Re: XSS vulnerability in Theeta CMS 2010-08-15 security curmudgeon (jericho attrition org) : Vulnerability ID: HTB22489 : Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_theeta_cms_2.html : Vendor: MN Tech Solutions : Vulnerable Version: 0.0 : The vulnerability exists due to failure in the "forum.php" script to : properly sanitize user-supplied input in "forum" variable [ more ] [ reply ] Re: XSS vulnerability in WebPress 2010-08-14 security curmudgeon (jericho attrition org) : Product: WebPress : Vendor: YWP ( http://www.goywp.com/ ) : Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions The vendor web page has a demo feature, that is powered by "YWP 13.00.04". Creating a demo via their site, the changelog shows "05.05.2010 - Released version 13.00 [ more ] [ reply ] Re: XSS vulnerability in CruxCMS 2010-08-14 security curmudgeon (jericho attrition org) : Vulnerability ID: HTB22445 : Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxcms.html : Product: CruxCMS : Vendor: CruxSoftware : Vulnerable Version: 3.00 and Probably Prior Versions : Risk level: Medium : Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (h [ more ] [ reply ] Easy FTP Server v1.7.0.11 DELE, STOR, RNFR, RMD, XRMD Command Buffer Overflow 2010-08-14 Glafkos Charalambous (glafkos astalavista com) # Exploit Title: Easy FTP Server v1.7.0.11 Multiple Command Buffer Overflow # Date: August 12, 2010 # Author: Glafkos Charalambous # Software Link: http://easyftpsvr.googlecode.com/files/easyftp-server-1.7.0.11-en.zip # Version: 1.7.0.11 # Tested on: Windows XP SP3 En # Vulnerable Commands: DELE, ST [ more ] [ reply ] ACollab Multiple Vulnerabilities 2010-08-14 admin bugreport ir ##########################www.BugReport.ir############################## ########## # # AmnPardaz Security Research Team # # Title: ACollab Multiple Vulnerabilities # Vendor: http://www.atutor.ca/acollab # Vulnerable Version: 1.2 (Latest version till now) # Exploitation: Remote with browser [ more ] [ reply ] iDefense Security Advisory 08.10.10: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability 2010-08-13 iDefense Labs (labs-no-reply idefense com) iDefense Security Advisory 08.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 10, 2010 I. BACKGROUND Microsoft Word is a word processing application from Microsoft Office. For more information about Microsoft Word, see the following website: http://office.microsoft.com/en-us/word/ [ more ] [ reply ] Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability 2010-08-13 Steve Shockley (steve shockley shockley net) On 8/11/2010 12:12 PM, ZDI Disclosures wrote: > The specific flaw exists within the ebus-3-3-2-6.dll module responsible for parsing GIOP requests for multiple processes. Does this affect only version 3.3.2.6? > -- Vendor Response: > SAP has issued an update to correct this vulnerability. More deta [ more ] [ reply ] Secunia Research: SWFTools Two Integer Overflow Vulnerabilities 2010-08-13 Secunia Research (remove-vuln secunia com) [MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue 2010-08-13 david kurz majorsecurity net [MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue Details ============= Product: WordPress 3.0.1 Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.wordpress.org/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecur [ more ] [ reply ] XSS vulnerability in eazyCMS 2010-08-13 advisory htbridge ch Vulnerability ID: HTB22553 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_eazycms.html Product: eazyCMS Vendor: eazycms.com ( http://eazycms.com/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010 Vulnerability Type: XSS (Cros [ more ] [ reply ] XSS vulnerability in CMS Source 2010-08-13 advisory htbridge ch Vulnerability ID: HTB22551 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cms_source_2.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010 Vul [ more ] [ reply ] SQL injection vulnerability in CMS Source 2010-08-13 advisory htbridge ch Vulnerability ID: HTB22546 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cms_sourc e.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2 [ more ] [ reply ] Local File Inclusion in CMS Source 2010-08-13 advisory htbridge ch Vulnerability ID: HTB22545 Reference: http://www.htbridge.ch/advisory/local_file_inclusion_in_cms_source.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010 Vu [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
VSR Security Advisory
http://www.vsecurity.com/
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-
Advisory Name: Coda Filesystem Kernel Memory Disclosure
Release Date: 20
[ more ] [ reply ]