HTB22956: XSS vulnerabilities in phpList

Vulnerability ID: HTB22956 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphplist.html Product: phpList Vendor: Tincan Ltd http://www.phplist.com/ Vulnerable Version: 2.10.13 and probably prior versions Vendor Notification: 12 April 2011 Vulnerability Type: XSS Risk level: Medium...

AT-TFTP DoS

Crash if no acknowledgment is recevied after file is retrieved...

AT-TFTP Server Remote Denial of Service Vulnerability

AT-TFTP Server v1.8 Remote Denial of Service Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1013 01/04/2011 Issue Discovered 04/04/2011 Vendor Notified No Response from the Vendor 25/04/2011 Advisory Released Class: Denial of Service Severity: High Overview:...

HP Systems Insight Manager multiple security vulnerabilities

Crossite scripting, crossite request forgery, DoS...

FreeBSD mountd protection bypass

Network mask in ACLs is computed incorrectly...

Videcon Viola DVR VIO-4/1000 directory traversal

Directory traversal in Web interface...

CA Output Management Web Viewer ActiveX buffer overflow

Buffer overflows in UOMWVHelperActiveX.ocx and PPSView.ocx...

HP Virtual Server Environment for Windows privilege escalation

No description provided...

libtiff memory corruption

Memory corruption on JPEG files parsing...

PolicyKit privilege escalation

privilege escalation via pkexec...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

HP Insight Control Performance Management security vulnerabilities

Crossite request forgery, privilege escalation...

HTB22945: Multiple XSS in ZENphoto

Vulnerability ID: HTB22945 Reference: http://www.htbridge.ch/advisory/multiplexssinzenphoto.html Product: ZENphoto Vendor: ZENphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit:...

[security bulletin] HPSBMA02660 SSRT100433 rev.1 - HP Performance Insight Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access to Sensitive Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02790298 Version: 1 HPSBMA02660 SSRT100433 rev.1 - HP Performance Insight Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access to Sensitive Information NOTICE: The informatio...

ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability

ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-138 April 19, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPointTM IPS Customer...

language-selector privilege escalation

Privilege escalation via D-Bus messages...

Apple WebKit / Safari multiple security vulnerabilities

Integer overflow, use-after-free...

Многочисленные уязвимости в MyBB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage, Abuse of Functionality, Insufficient Anti-automation и Brute Force уязвимостях в MyBB. Information Leakage WASC-13: Логины есть именами пользователей на форуме и соответственно на страницах форума можно выявить логины. Abuse o...

[security bulletin] HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery (CSRF)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02748970 Version: 1 HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery CSRF NOTICE: The information in th...

[SECURITY] [DSA 2220-1] Request Tracker security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2220-1 [email protected] http://www.debian.org/security/ Florian Weimer April 19, 2011 http://www.debian.org/security/faq -...

ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability

ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-137 April 19, 2011 -- CVE ID: CVE-2011-0807 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Applicati...

HTB22944: Path disclousure in ZENphoto

Vulnerability ID: HTB22944 Reference: http://www.htbridge.ch/advisory/pathdisclousureinzenphoto.html Product: ZENphoto Vendor: Zenphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech...

HTB22950: SQL injection in 4images

Vulnerability ID: HTB22950 Reference: http://www.htbridge.ch/advisory/sqlinjectionin4images.html Product: 4images Vendor: http://www.4homepages.de/ http://www.4homepages.de/ Vulnerable Version: 1.7.9 Vendor Notification: 07 April 2011 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk...

HTB22947: XSS in Ajax Category Dropdown wordpress plugin

Vulnerability ID: HTB22947 Reference: http://www.htbridge.ch/advisory/xssinajaxcategorydropdownwordpressplugin.html Product: Ajax Category Dropdown wordpress plugin Vendor: http://www.dyasonhat.com/ http://www.dyasonhat.com/ Vulnerable Version: 0.1.5 Vendor Notification: 07 April 2011 Vulnerabili...

HTB22949: Multiple Path disclousure in 4images

Vulnerability ID: HTB22949 Reference: http://www.htbridge.ch/advisory/multiplepathdisclousurein4images.html Product: 4images Vendor: http://www.4homepages.de/ http://www.4homepages.de/ Vulnerable Version: 1.7.9 Vendor Notification: 07 April 2011 Vulnerability Type: Path disclosure Status: Fixed b...

[USN-1120-1] tiff vulnerability

========================================================================== Ubuntu Security Notice USN-1120-1 April 21, 2011 tiff vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

ZDI-11-140: Webkit Detached Body Element Remote Code Execution Vulnerability

ZDI-11-140 formerly ZDI-CAN-1026: Webkit Detached Body Element Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-140 April 19, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPointTM IPS...

FreeBSD Security Advisory FreeBSD-SA-11:01.mountd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:01.mountd Security Advisory The FreeBSD Project Topic: Network ACL mishandling in mountd8 Category: core Module: mountd Announced: 2011-04-20 Credits: Ruslan...

CA20110420-01: Security Notice for CA SiteMinder

CA20110420-01: Security Notice for CA SiteMinder Issued: April 20, 2011 CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address...

[USN-1115-1] language-selector vulnerability

========================================================================== Ubuntu Security Notice USN-1115-1 April 19, 2011 language-selector vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

[security bulletin] HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02749050 Version: 1 HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation NOTICE: The information in this Security Bulletin should be acted upon as...

[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Se

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02738731 Version: 1 HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager SIM for HP-UX, Linux, and Windows, Remote Cross Site Scripting XSS, Cross Site Request Forgery CSRF, Execution of...

[USN-1117-1] PolicyKit vulnerability

========================================================================== Ubuntu Security Notice USN-1117-1 April 19, 2011 policykit-1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

HTB22946: Multiple SQL Injection in Ajax Category Dropdown wordpress plugin

Vulnerability ID: HTB22946 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectioninajaxcategorydropdownwordpressplugin.html Product: Ajax Category Dropdown wordpress plugin Vendor: http://www.dyasonhat.com/ http://www.dyasonhat.com/ Vulnerable Version: 0.1.5 Vendor Notification: 07 April...

ZDI-11-139: Webkit Anonymous Frame Remote Code Execution Vulnerability

ZDI-11-139 formerly ZDI-CAN-1035: Webkit Anonymous Frame Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-139 April 19, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPointTM IPS Customer...

Directory Traversal Vulnerability in Viola DVR VIO-4/1000

============================================================== Viola DVR VIO-4/1000 - Directory Traversal Vulnerability ============================================================== Software: Viola DVR VIO-4/1000 other products may be affected Vendor: http://www.videcon.co.uk/ Vuln Type: Directo...

[SECURITY] [DSA 2223-1] doctrine security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2223-1 [email protected] http://www.debian.org/security/ Florian Weimer April 20, 2011 http://www.debian.org/security/faq -...

CA20110420-02: Security Notice for CA Output Management Web Viewer

CA20110420-02: Security Notice for CA Output Management Web Viewer Issued: April 20, 2011 CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA...

[SECURITY] [DSA 2221-1] Mojolicious security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2221-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 19, 2011 http://www.debian.org/security/faq -...

HP Performance Insight information leakage

No description provided...

EMC Networker weak permissions

Weak permissions for executable file...

KDE KGet directory traversal

Directory traversal via filename...

IBM Tivoli Directory Server buffer overflow

Buffer overflow in LDAP TCP/389 CRAM-MD5 authentication...

CA TotalDefence multiple security vulnerabilities

SQL injection, directory traversal, information leakage, unauthorized access...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

EMC RSA Adaptive Authenticatio crossite scripting

Flash file crossite scripting...

HTB22943: XSS in Dalbum

Vulnerability ID: HTB22943 Reference: http://www.htbridge.ch/advisory/xssindalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ http://www.dalbum.org/ Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tec...

ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability

ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-131 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...

KDE KHTML crossite scripting

Crossite scripting via error pages...

VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)

VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability CVE-2011-1344 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser,...