[SECURITY] Fedora 12 Update: glpi-0.72.4-2.svn11035.fc12

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 13 Update: glpi-0.72.4-2.svn11035.fc13

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

Debian DSA-1966-1 : horde3 - insufficient input sanitising

Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3237 It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences o...

[DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS

Digital Security Research Group DSecRG Advisory DSECRG-09-011 Application: HP StorageWorks 1/8 G2 Tape Autoloader Versions Affected: firmware v 2.30 and earlier Vendor URL: http://hp.com/ Bug: Privilege escalation Exploits: YES Reported: 30.09.2008 Vendor Response: 30.09.2008 Date of Public...

HP StorageWork 1/8 G2 Tape Autoloader Privilege Escalation

DSECRG-09-011 HP StorageWorks 1/8 G2 Tape Autoloader - privilege escalation, DOS A vulnerability was found in Web Administration Interface of device HP StorageWorks 1/8 G2 Tape Autoloader. Default unprivileged user can escalate privileges to the administrator and execute DOS attack. Digital...

DSA-1966-1 horde3 - cross-site scripting

Bulletin has no description...

Multiple Vendor CUPS Administration Interface CGI Heap Overflow (CVE-2008-0047)

The Common Unix Printing System CUPS is a modular printing system for Unix-like operating systems that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer. A heap...

CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

CVE-2009-3701

CVE-2009-3701 affects Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5. It enables remote XSS via PATH_INFO to admin/phpshell.php, admin/cmdshell.php, or admin/sqlshell.php, related to PHP_SELF. Impact is arbitrary script/HTM...

Serv-U < 9.1.0.0

According to its banner, the installed version of Serv-U is earlier than 9.1.0.0, and therefore affected by the following issues : - A boundary error in the web administration interface when parsing session cookies can result in a stack-based buffer overflow. CVE-2009-4873 - A boundary error in t...

Cross site scripting

Cross-site scripting XSS vulnerability in the Administration interface in Cisco Customer Response Solutions CRS before 7.01 SR2 in Cisco Unified Contact Center Express aka CCX server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified...

Directory traversal

Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions CRS before 7.01 SR2 in Cisco Unified Contact Center Express aka CCX server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors...

CVE-2009-2047

Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions CRS before 7.01 SR2 in Cisco Unified Contact Center Express aka CCX server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors...

CVE-2009-2048

Cross-site scripting XSS vulnerability in the Administration interface in Cisco Customer Response Solutions CRS before 7.01 SR2 in Cisco Unified Contact Center Express aka CCX server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified...

CVE-2009-2047

Cisco CVE-2009-2047 pertains to a directory traversal vulnerability in the Administration interface of Cisco Customer Response Solutions (CRS) and Cisco Unified CCX, affecting CRS before 7.0(1) SR2. The flaw allows remote authenticated users to read, modify, or delete arbitrary files on the serve...

CVE-2009-2048

CVE-2009-2048 affects Cisco Unified CCX/CRS Admin pages. The stored cross-site scripting vulnerability allows authenticated users to inject JavaScript into the CCX database via the Administration interface, enabling script execution in the browser of the next authenticated user. Impact details in...

Proxy bypass vulnerability &amp; plain text passwords in LevelOne AMG-2000

SEC Consult Security Advisory 20090429-0 ======================================================================= title: Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000 product: LevelOne AMG-2000 Wireless AP Management Gateway vulnerable version: Firmware =2.00.00build00600...