phpcollab 2.5 - Multiple Vulnerabilities

phpcollab 2.5 - Multiple Vulnerabilities Vulnerability ID: HTB22916 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011...

Symantec LiveUpdate Administrator < 2.3 CSRF (SYM11-005)

The version of LiveUpdate Administrator running on the remote host is earlier than 2.3. Such versions have a cross-site request forgery CSRF vulnerability. Failed login attempts are logged and viewable from the web console. Usernames from these failed attempts are not sanitized before they are...

e107 vulnerable to cross-site scripting

Overview e107 contains a cross-site scripting vulnerability. e107 provided by e107.org is a Content Management System CMS software. e107 contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Securi...

Firefox 4 With Content Security Policy Due Tuesday

Firefox 4, the newest version of Mozilla’s flagship browser slated for release today, includes a variety of security and privacy protections, but perhaps the most important of them is the addition of the Content Security Policy. The mechanism, which is enabled by default in Firefox 4, is designed...

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:030)

Multiple vulnerabilities has been found and corrected in tomcat5 : When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the...

pam security update

1.1.1-4.1 - fix insecure dropping of priviledges in pamxauth, pamenv, and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...

SourceBans 1.4.7 XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: SourceBans Version 1.4.7 XSS Google Dork: inurl:"sourcebans/index.php?p=submit" Date: Feb. 9th 2011 Author: Sw1tCh Software Link: http://www.sourcebans.net/ Version: 1.4.7 Info: SourceBans is an application for managing publicly...

Design/Logic Flaw

The client in HP Data Protector does not verify the contents of files associated with the EXECCMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omnichkds.sh...

SourceBans 1.4.7 Cross Site Scripting

Exploit Title: SourceBans Version 1.4.7 XSS Google Dork: inurl:"sourcebans/index.php?p=submit" Date: Feb. 9th 2011 Author: Sw1tCh Software Link: http://www.sourcebans.net/ Version: 1.4.7 Info: SourceBans is an application for managing publicly the banned users for a Steam Server. -= The Advisory ...

[SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0013 Apache Tomcat Manager XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.5 - - Tomcat 6.0.0 to 6.0.29 - - Tomcat 5.5.0 to 5.5.31 - - Earlier, unsupported versions may also be...

Fixed in Apache Tomcat 5.5.32

Low: Cross-site scripting CVE-2011-0013 The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages. This was fixed in revision...

Microsoft Windows MHTML script injection vulnerability

Overview Microsoft Windows contains an script injection vulnerability in the MHTML protocol handler, which may allow an attacker to execute arbitrary script within the context of another website domain. Description Microsoft Windows contains a script injection vulnerability caused by the way MHTM...

Sahana Agasti Multiple Input Validation Vulnerabilities

Sahana Agasti is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

AneCMS 1.3 - Persistent Cross-Site Scripting

Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that does not get filtered for HTML-Code. Simply add ...

AneCMS 1.3 - Persistent Cross-Site Scripting

AneCMS 1.3 - Persistent Cross-Site Scripting Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that doe...

Fixed in Apache Tomcat 7.0.6

Low: Cross-site scripting CVE-2011-0013 The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages. This was fixed in revision...

SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting

Overview SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA...

Ignition 'comment.php' Local File Include Vulnerability

Ignition is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2010-4606

Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management HSM component in IBM Tivoli Storage Manager TSM 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary...

CVE-2010-4606

Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management HSM component in IBM Tivoli Storage Manager TSM 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary...