|
|
Colapse all |
Post message
Secunia Research: Employee Timeclock Software Backup Information Disclosure 2010-03-10 Secunia Research (remove-vuln secunia com) [xss] a xss on "threadid" parameter in BBSMAX 2010-03-10 lis cker (liscker hotmail com) i found a xss on "threadid" parameter in "post.aspx" in BBSMAX , it's "post.aspx?action=reply&threadid=" Vulnerable: BBSMAX 4.2 BBSMAX 4.1 BBSMAX 3.0 For example: http://bbs.example.com/forum1/post.aspx?action=reply&threadid="><script> alert(/liscker/);</script> BBSMAX Home Page : h [ more ] [ reply ] [SECURITY] [DSA 2009-1] New tdiary packages fix cross-site scripting 2010-03-09 white debian org (Steffen Joeris) Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability 2010-03-10 lament ilhack org ========================================= Yaniv Miron aka "Lament" Advisory March 7, 2010 Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability ========================================= ===================== I. BACKGROUND ===================== Based on the comp [ more ] [ reply ] CORE-2009-0813: Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow 2010-03-09 CORE Security Technologies Advisories (advisories coresecurity com) ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability 2010-03-09 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-026 March 9, 2010 -- CVE ID: CVE-2010-0447 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Performance Insight -- Tippin [ more ] [ reply ] ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability 2010-03-09 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-025 March 9, 2010 -- CVE ID: CVE-2010-0263 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Excel -- Vulnerability Details: This vulner [ more ] [ reply ] [security bulletin] HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands 2010-03-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02033170 Version: 1 HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands NOTICE: The information in this Security Bulletin should be acted upon as soon [ more ] [ reply ] IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability 2010-03-09 lament ilhack org ========================================= Yaniv Miron aka "Lament" Advisory March 7, 2010 IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability ========================================= ===================== I. BACKGROUND ===================== ENOVIA SmarTeam provides highly flexible product da [ more ] [ reply ] SQL injection vulnerability in wILD CMS 2010-03-09 Maciej Gojny (vuln ariko-security com) # Title: [SQL injection vulnerability in wILD CMS] # Date: [09.03.2010] # Author: [Ariko-Security] # Software Link: [http://www.wildcms.com/] # Version: [ALL] ============ { Ariko-Security - Advisory #4/3/2010 } ============= SQL injection vulnerability in wILD CMS Vendor's Descriptio [ more ] [ reply ] Croogo CMS 1.2 Cross Site Scripting Vulnerabilities 2010-03-09 Paulino Calderon (calderon webvuln com) [SECURITY] [DSA 2008-1] New typo3-src packages fix several vulnerabilities 2010-03-08 Moritz Muehlenhoff (jmm debian org) rPSA-2010-0014-1 mysql mysql-bench mysql-server 2010-03-07 rPath Update Announcements (announce-noreply rpath com) rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server 2010-03-07 rPath Update Announcements (announce-noreply rpath com) [USN-907-1] gnome-screensaver vulnerabilities 2010-03-08 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-907-1 March 08, 2010 gnome-screensaver vulnerabilities CVE-2010-0285, CVE-2010-0422 =========================================================== A security issue affects the following Ubuntu releases: [ more ] [ reply ] rPSA-2010-0011-1 gnome-ssh-askpass openssh openssh-client openssh-server 2010-03-07 rPath Update Announcements (announce-noreply rpath com) "Writing JIT-Spray Shellcode for fun and profit" by DSecRG 2010-03-06 DSecRG (research dsecrg com) "Writing JIT-Spray Shellcode for fun and profit" by Alexey Sintsov from DSecRG (dsecrg.com) Attacks on clients? browsers have always been the real threat for everyone. And here vulnerabilities have been not only in the browser but also in plug-ins. Bank-clients, business software, antivirus softwa [ more ] [ reply ] ZoneAlarm Security Circumvention 2010-03-08 Andrew Barkley (barkley usa net) Hi, During my (in)security research, I've discovered what appears initially to be a design oversight and not necessarily a vulnerability, affecting ZoneAlarm and various other security vendors. I've tested this on various XP platforms successfully, please feel free to notify the vendor as you wish [ more ] [ reply ] [XSS] i found a xss on "page" parameter in "eccredit.php" in Dvbbs < 8.3.0 2010-03-06 lis cker (liscker hotmail com) Home Page : http://www.dvbbs.net/ Dvbbs is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affec [ more ] [ reply ] phpinfo() XSS Vulnerability 2010-03-06 info securitylab ir (1 replies) ################################################################### # Securitylab.ir ################################################################# # Note: The above code in php 5.2.6 and lower test is successful ################################################################# Vulnerability [ more ] [ reply ] Re: phpinfo() XSS Vulnerability 2010-03-08 Salvatore Fresta aka Drosophila (drosophilaxxx gmail com) Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass 2010-03-06 drstrangep0rk hushmail com (1 replies) Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass 2010-03-09 Sabahattin Gucukoglu (mail sabahattin-gucukoglu com) Apache mod_isapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002 2010-03-05 Lists (lists senseofsecurity com au) |
|
Privacy Statement |
Secunia Research 10/03/2010
- Employee Timeclock Software Backup Information Disclosure -
======================================================================
Table of Contents
Affected Software...
[ more ] [ reply ]