SecurityFocus

[InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities 2009-06-03
security intern0t net

Geeklog - Pre-Installation Vulnerabilities

Version Affected: 1.5.2sr4 (18th April 2009) (newest)

Info: See website for more details.

Opinion: The system seems to be more secure than most web application systems on the Internet these days.

Credits: InterN0T

External Links:
http://www.geeklog.net

[ more ] [ reply ]

[InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability 2009-06-03
security intern0t net

SiteCore.NET - Cross Site Scripting Vulnerability

Version Affected: 6.0.0 (rev. 090120) (We were unable to find out if this is the newest version or not).

Info: It's an overpriced CMS for companies running IIS.

Credits: InterN0T

External Links:
http://sitecore.net/

-:: The Advisory ::-

Vulner

[ more ] [ reply ]

[InterN0T] LightNEasy 2.2.2 - HTML Injection Vulnerability 2009-06-03
security intern0t net

LightNEasy - HTML Injection Vulnerability

Version Affected: 2.2.2 (15th January 2009) (newest)

Info: LightNEasy, a simple and light Content Management System and Website Builder

Credits: InterN0T

External Links:
http://lightneasy.org/

-:: The Advisory ::-

Vulnerable Input Fields:
1. Comment <

[ more ] [ reply ]

[InterN0T] moziloCMS 1.11.1 - XSS Vulnerability 2009-06-03
security intern0t net

moziloCMS - Cross Site Scripting Vulnerability

Version Affected: 1.11.1 (19th May 2009) (newest)

Info: See website for more information. (It's in german and i don't bother translating)

Credits: InterN0T

External Links:
http://cms.mozilo.de/

-:: The Advisory ::-

Vulnerable Function / ID Calls:

[ more ] [ reply ]

[SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure 2009-06-04
Mark Thomas (markt apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2009-0783: Apache Tomcat information disclosure vulnerability

Severity: low

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 6.0.0 to 6.0.18
Tomcat 5.5.0 to 5.5.27
Tomcat 4.1.0 to 4.1.39

The unsupported Tomcat 3.x, 4.0.x and 5.0.

[ more ] [ reply ]

OCS Inventory NG 1.02 - Directory Traversal 2009-06-02
Nico Leidecker (nico leidecker info)

OCS Inventory NG - Directory Traversal (May 30 2009)
________________________________________________________________________
_______

* Product

Open Computer and Software (OCS) Inventory NG
(http://www.ocsinventory-ng.org)

* Vulnerable Versions

OCS Inventory NG 1.02 (Unix)

* Vendor Sta

[ more ] [ reply ]

[ MDVSA-2009:127 ] gaim 2009-06-03
security mandriva com

[SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication 2009-06-03
Mark Thomas (markt apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2009-0580: Tomcat information disclosure vulnerability

Severity: Low

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 4.1.0 to 4.1.39
Tomcat 5.5.0 to 5.5.27
Tomcat 6.0.0 to 6.0.18

The unsupported Tomcat 3.x, 4.0.x and 5.0.x versi

[ more ] [ reply ]

[SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector 2009-06-03
Mark Thomas (markt apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2009-0033: Apache Tomcat denial of service vulnerability

Severity: important

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 6.0.0 to 6.0.18
Tomcat 5.5.0 to 5.5.27
Tomcat 4.1.0 to 4.1.39

The unsupported Tomcat 3.x, 4.0.x and 5.0

[ more ] [ reply ]

[USN-781-2] Gaim vulnerabilities 2009-06-03
Marc Deslauriers (marc deslauriers canonical com)

===========================================================
Ubuntu Security Notice USN-781-2 June 03, 2009
gaim vulnerabilities
CVE-2009-1373, CVE-2009-1376
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06

[ more ] [ reply ]

[USN-781-1] Pidgin vulnerabilities 2009-06-03
Marc Deslauriers (marc deslauriers canonical com)

===========================================================
Ubuntu Security Notice USN-781-1 June 03, 2009
pidgin vulnerabilities
CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
===========================================================

A security issue affects the followin

[ more ] [ reply ]

[USN-780-1] CUPS vulnerability 2009-06-03
Marc Deslauriers (marc deslauriers canonical com)

===========================================================
Ubuntu Security Notice USN-780-1 June 03, 2009
cups, cupsys vulnerability
CVE-2009-0949
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubunt

[ more ] [ reply ]

Advisory: Apple QuickTime Image Description Atom Sign Extension Memory Corruption 2009-06-02
Roee Hay (roeehay gmail com)

INTRODUCTION
============
According to QuickTime's specification, The sample description atom
(STSD) stores information that allows QuickTime to decode samples in
the media.

It has the following structure:

0 DWORD Size
4 DWORD Type
8 BYTE Version
9 BYTE[3] FLAGS
12 DWORD Number

[ more ] [ reply ]

[SECURITY] [DSA 1810-1] New cups/cupsys packages fix denial of service 2009-06-02
Nico Golde (nion debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA-1810-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Nico Golde
June 2nd, 2009

[ more ] [ reply ]

CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability 2009-06-02
CORE Security Technologies Advisories (advisories coresecurity com)

TPTI-09-04: Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability 2009-06-02
dvlabs (dvlabs tippingpoint com)

TPTI-09-04: Apple Terminal xterm Resize Escape Sequence Memory Corruption
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-04
June 2, 2009

-- CVE ID:
CVE-2009-1717

-- Affected Vendors:
Apple

-- Affected Products:
Apple OS X

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint I

[ more ] [ reply ]

TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities 2009-06-02
dvlabs (dvlabs tippingpoint com) (1 replies)

TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow
Vulnerabilities
http://dvlabs.tippingpoint.com/advisory/TPTI-09-03
June 2, 2009

-- CVE ID:
CVE-2009-0950

-- Affected Vendors:
Apple

-- Affected Products:
Apple iTunes

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS

[ more ] [ reply ]

Re: TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities 2009-06-02
Will Drewry (redpig dataspill org)

[SECURITY] [DSA 1810-1] New libapache-mod-jk packages fix informationdisclosure 2009-06-02
Stefan Fritsch (sf debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1810-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Stefan Fritsch
June 02, 2009

[ more ] [ reply ]

ZDI-09-030: Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability 2009-06-02
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-09-030: Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-030
June 2, 2009

-- CVE ID:
CVE-2009-0010

-- Affected Vendors:
Apple

-- Affected Products:
Apple Quicktime

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS cus

[ more ] [ reply ]

ZDI-09-029: Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability 2009-06-02
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-09-029: Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-029
June 2, 2009

-- CVE ID:
CVE-2009-0957

-- Affected Vendors:
Apple

-- Affected Products:
Apple Quicktime

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS

[ more ] [ reply ]

ZDI-09-028: Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow Vulnerability 2009-06-02
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-09-028: Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-028
June 2, 2009

-- CVE ID:
CVE-2009-0954

-- Affected Vendors:
Apple

-- Affected Products:
Apple Quicktime

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint

[ more ] [ reply ]

ZDI-09-027: Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability 2009-06-02
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-09-027: Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-027
June 2, 2009

-- CVE ID:
CVE-2009-0953

-- Affected Vendors:
Apple

-- Affected Products:
Apple Quicktime

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS c

[ more ] [ reply ]

ZDI-09-026: Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability 2009-06-02
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-09-026: Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-026
June 2, 2009

-- CVE ID:
CVE-2009-0952

-- Affected Vendors:
Apple

-- Affected Products:
Apple Quicktime

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS

[ more ] [ reply ]

ZDI-09-025: Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability 2009-06-02
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-09-025: Apple Quicktime Picture Viewer FLC Delta-Encoded Frame
Decompression Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-025
June 2, 2009

-- CVE ID:
CVE-2009-0951

-- Affected Vendors:
Apple

-- Affected Products:
Apple Quicktime

-- TippingPoint(TM) IPS Customer Protection

[ more ] [ reply ]

MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES -- Online Grades & Attendance <= v-3.2.6 --> 2009-06-02
y3nh4ck3r gmail com

------------------------------------------------------------------------
-----------------
MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -->
------------------------------------------------------------------------
-----------------

CMS INFORMATION:

-->WEB: http:

[ more ] [ reply ]

[security bulletin] HPSBUX02429 SSRT090058 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities 2009-06-02
security-alert hp com

ACDSee Products TIFF and Font Parsing Buffer Overflow Vulnerabilities 2009-06-02
VUPEN Security Research (advisories vupen com)

VUPEN Security Research Advisory - VUPEN-SR-2009-03

Advisory URL: http://www.vupen.com/english/advisories/2009/1471

June 02, 2009

I. BACKGROUND
----------------------

ACDSee Photo Manager 2009 lets you quickly view and find photos,
fix flaws, and share your favorites through e-mail, prints

[ more ] [ reply ]

(Post Form --> 'cc') Blind (SQLi) EXPLOIT --Online Grades & Attendance <= v-3.2.6--> 2009-06-02
y3nh4ck3r gmail com

#!/usr/bin/perl

#

#-----------------------------------------------------------------------
------------

#(Post Form --> 'cc') Blind (SQLi) EXPLOIT --Online Grades & Attendance v-3.2.6-->

#-----------------------------------------------------------------------
------------

#

#CMS INFORMATION:

#

[ more ] [ reply ]

Secunia Research: QuickTime Sorenson Video 3 Content Parsing Vulnerability 2009-06-02
Secunia Research (remove-vuln secunia com)

======================================================================

Secunia Research 02/06/2009

- QuickTime Sorenson Video 3 Content Parsing Vulnerability -

======================================================================
Table of Contents

Affected Software..

[ more ] [ reply ]