Low: Red Hat Security Advisory: Red Hat Network Satellite Server Sun Java Runtime security update

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Network Satellite Server 5.1. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Sun Java...

CVE-2009-4052

Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...

CVE-2009-4052

Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...

CVE-2009-4052

IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 contain multiple XSS vulnerabilities in the JSF Widget Library Runtime. The issues allow remote attackers to inject arbitrary web script or HTML via vectors involving the JSF ...

JVN#01245481 Redmine vulnerable to cross-site scripting

Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation. Solution Update the...

RedHat Security Advisory RHSA-2009:1571

The remote host is missing updates announced in advisory RHSA-2009:1571. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

RedHat Security Advisory RHSA-2009:1571

The remote host is missing updates announced in advisory RHSA-2009:1571. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5...

Critical: Red Hat Security Advisory: java-1.5.0-sun security update

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5...

Facebook, MySpace Fix Subdomain Errors

Facebook and MySpace have fixed errors that could have allowed data to be given out from its subdomains. A Dutch developer, Yvo Schaap, discovered the flaw and wrote on his blog: “A “more invasive and hidden exploit could harvest all the user’s personal photos, data and messages to a central serv...

JVN#72974205 Roundcube Webmail vulnerable to cross-site request forgery

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN75694913. Impact An attacker may be able to alter the user information within Roundcube...

JVN#75694913 Roundcube Webmail vulnerable to cross-site request forgery

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN72974205. Impact An attacker may be able to send arbitrary emails. Solution Update the...

[BONSAI] XSS in Achievo - Customized XSS payload included

Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Achievo 1. Advisory Information Title: Multiple XSS in Achievo Advisory ID: BONSAI-2009-0101 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt Date published:...

Patch Tuesday Heads-Up: 13 Bulletins, 8 Critical

Microsoft is planning a bumper Patch Tuesday next week — 13 bulletins covering 34 security vulnerabilities in a wide range of products. Eight of the 13 bulletins will be rated “critical,” Microsoft’s highest severity rating. According to Microsoft’s advance notice, the patches coming on October 1...

JVN#84396512 SugarCRM vulnerable to cross-site scripting

SugarCRM is a customer relationship management CRM software. SugarCRM contains a cross-site scripting vulnerability. Impact If a user views a malicious page and clicks the print icon while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...

[ONSEC-09-010] Undersky CMS SQL injection

ONSEC-09-010 Undersky CMS SQL injection Цель: Undersky CMS http://www.undersky.ru Тип: SQL инъекция Угроза: Высокая Дата обнаружения: 03.07.2009 Дата оповещения разработчика: 03.07.2009 Дата выхода исправления: 05.07.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описани...

PHP 5.3 - preg_match() Full Path Disclosure

PHP 5.3 - pregmatch Full Path Disclosure MajorSecurity Advisory 57PHP =5.3 - pregmatch full path disclosure Details ======= Product: PHP =5.3 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.php.net/ Vendor-Status: informed Advisory-Status: published Credits ============...

[SECURITY] Fedora 10 Update: kdesdk-4.3.1-1.fc10

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kbugbuster: a tool to manage the KDE bug report system kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays...

[SECURITY] Fedora 11 Update: kdesdk-4.3.1-1.fc11

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kbugbuster: a tool to manage the KDE bug report system kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays...