JVN#72974205 Roundcube Webmail vulnerable to cross-site request forgery

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN75694913. Impact An attacker may be able to alter the user information within Roundcube...

[BONSAI] XSS in Achievo - Customized XSS payload included

Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Achievo 1. Advisory Information Title: Multiple XSS in Achievo Advisory ID: BONSAI-2009-0101 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt Date published:...

Patch Tuesday Heads-Up: 13 Bulletins, 8 Critical

Microsoft is planning a bumper Patch Tuesday next week — 13 bulletins covering 34 security vulnerabilities in a wide range of products. Eight of the 13 bulletins will be rated “critical,” Microsoft’s highest severity rating. According to Microsoft’s advance notice, the patches coming on October 1...

JVN#84396512 SugarCRM vulnerable to cross-site scripting

SugarCRM is a customer relationship management CRM software. SugarCRM contains a cross-site scripting vulnerability. Impact If a user views a malicious page and clicks the print icon while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...

[ONSEC-09-010] Undersky CMS SQL injection

ONSEC-09-010 Undersky CMS SQL injection Цель: Undersky CMS http://www.undersky.ru Тип: SQL инъекция Угроза: Высокая Дата обнаружения: 03.07.2009 Дата оповещения разработчика: 03.07.2009 Дата выхода исправления: 05.07.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описани...

PHP 5.3 - preg_match() Full Path Disclosure

PHP 5.3 - pregmatch Full Path Disclosure MajorSecurity Advisory 57PHP =5.3 - pregmatch full path disclosure Details ======= Product: PHP =5.3 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.php.net/ Vendor-Status: informed Advisory-Status: published Credits ============...

[SECURITY] Fedora 10 Update: kdesdk-4.3.1-1.fc10

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kbugbuster: a tool to manage the KDE bug report system kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays...

[SECURITY] Fedora 11 Update: kdesdk-4.3.1-1.fc11

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kbugbuster: a tool to manage the KDE bug report system kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays...

JVN#68640473 bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery

bingo!CMS core and bingo!CMS are content management systems CMS. bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged into the CMS, an attacker could modify configurations or modify contents managed by CMS...

Feed Sidebar Firefox Extension - Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Feed Sidebar Firefox Extension Code Injection Vulnerability Versions affected: 3.2 +-----------+ |Description| +-----------+ The Feed Sidebar Firefox extension will generate a previ...

JVN#31035930 SugarCRM vulnerable to SQL injection

SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Impact As a result of SQL injection, contents within the database can be compromised. Solution Update the Software Update to the latest version according to the information provided by th...

RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:1043)

java-1.4.2-bea as shipped in Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. Th...

RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:1044)

java-1.5.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit JRE and SDK...

[Backports-security-announce] Security update for znc

Patrick Matthäi uploaded new packages for znc which fixed the following security problems: TEMP-0537977-000291, Debian BTS 537977 It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files. For the etch-backports...

XOOPS Celepar Module Qas - Blind SQL Injection Cross-Site Scripting

XOOPS Celepar Module Qas - Blind SQL Injection Cross-Site Scripting -----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NA...

JVN#29852698 Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)

RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Softwar...

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

High security hole in NullLogic Groupware

Hi, I've identified a couple of security flaws affecting the NullLogic Groupware which may allow compromise of accounts, denial of service or even remote code execution. These issues were reported by email to the developer but no response was forthcoming. Tim -- Tim Brown...

[SECURITY] Fedora 10 Update: rb_libtorrent-0.13.1-5.fc10

rblibtorrent is a C++ library that aims to be a good alternative to all the other BitTorrent implementations around. It is a library and not a full featured client, although it comes with a few working example clients. Its main goals are to be very efficient in terms of CPU and memory usage as we...

JVN#32788272 PHP-I-BOARD from Let's PHP! vulnerable to directory traversal

PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer...