JVN#68640473 bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery

bingo!CMS core and bingo!CMS are content management systems CMS. bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged into the CMS, an attacker could modify configurations or modify contents managed by CMS...

Feed Sidebar Firefox Extension - Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Feed Sidebar Firefox Extension Code Injection Vulnerability Versions affected: 3.2 +-----------+ |Description| +-----------+ The Feed Sidebar Firefox extension will generate a previ...

JVN#31035930 SugarCRM vulnerable to SQL injection

SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Impact As a result of SQL injection, contents within the database can be compromised. Solution Update the Software Update to the latest version according to the information provided by th...

RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:1043)

java-1.4.2-bea as shipped in Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. Th...

RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:1044)

java-1.5.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit JRE and SDK...

[Backports-security-announce] Security update for znc

Patrick Matthäi uploaded new packages for znc which fixed the following security problems: TEMP-0537977-000291, Debian BTS 537977 It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files. For the etch-backports...

XOOPS Celepar Module Qas - Blind SQL Injection Cross-Site Scripting

XOOPS Celepar Module Qas - Blind SQL Injection Cross-Site Scripting -----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NA...

JVN#29852698 Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)

RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Softwar...

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

High security hole in NullLogic Groupware

Hi, I've identified a couple of security flaws affecting the NullLogic Groupware which may allow compromise of accounts, denial of service or even remote code execution. These issues were reported by email to the developer but no response was forthcoming. Tim -- Tim Brown...

[SECURITY] Fedora 10 Update: rb_libtorrent-0.13.1-5.fc10

rblibtorrent is a C++ library that aims to be a good alternative to all the other BitTorrent implementations around. It is a library and not a full featured client, although it comes with a few working example clients. Its main goals are to be very efficient in terms of CPU and memory usage as we...

JVN#32788272 PHP-I-BOARD from Let's PHP! vulnerable to directory traversal

PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer...

JVN#86472161 Movable Type cross-site scripting vulnerability

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...

Design/Logic Flaw

The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted...

[oCERT-2009-006] Android improper package verification when using shared uids

2009-006 Android improper package verification when using shared uids Description: Android, an open source mobile phone platform, improperly checks developer certificates when installing packages that request the shared user identifier uid permission. Normally, Android applications will be allowe...

HP-UX Update for Java JRE and JDK HPSBUX02284

Check for the Version of Java JRE and JDK OpenVAS Vulnerability Test HP-UX Update for Java JRE and JDK HPSBUX02284 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

HP-UX Update for HP-UX Pkg HPSBUX02196

Check for the Version of HP-UX Pkg OpenVAS Vulnerability Test HP-UX Update for HP-UX Pkg HPSBUX02196 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

HP-UX Update for HP-UX Pkg HPSBUX02196

Check for the Version of HP-UX Pkg OpenVAS Vulnerability Test HP-UX Update for HP-UX Pkg HPSBUX02196 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

What every programmer needs to know about security

Software security expert Neil Daswani of Google discusses the key things that every Web developer, and developers in general, should know about security, including how SQL injection attacks work...

FlexCMS Calendar Blind SQL Injection

FlexCMS CalendarItemId Blind SQL Injection Vulnerability AUTHOR: MisterRichard Developer site: http://www.flexcms.dk/ Admin login site: http://target.com/flexadmin/ = Vulnerability author : Lanti-Net = Contact: lanti-netathotmaildotcom = Site : www.khg-crew.ws = Greetz: SpYrO , boom3rang, KHG,...