[HSC] Smart-Shop Shopping Cart Cross-Site Scripting Vulrnability
SMART-SHOP shopping cart software is a all-in-one hosted e-commerce solution
that creates and helps you maintain your online store fast, easy, and
cost-effective.
Many people using this software must be warned that there are
# teatro 1.6 Remote File Include Vulnerability
Download script :
http://telemat.die.unifi.it/book/2003/Telematica-II/teatro-1.6.tgz
Dicovered by: Alkomandoz Hacker
Contact : [EMAIL PROTECTED]
[waraxe-2007-SA#059] - XSS in WordPress 2.3
Author: Janek Vind waraxe
Date: 27. October 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-59.html
Target software description:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: TikiWiki Remote PHP Code Evaluation Vulnerability
Release Date: 2007/10/29
Last Modified:
==
Secunia Research 29/10/2007
- IBM Tivoli Storage Manager Client CAD Service Script Insertion -
==
Table of Contents
Affected
Webroot Desktop Firewall 5.5.10.20
ITDEFENCE.ru Advisory
Author: Komarov Andrej ([EMAIL PROTECTED]
I. BACKGROUND
The Webroot Desktop Firewall secures your computer from Internet threats and
reduces the risks of being a victim of online crimes. Unlike the Windows XP and
Vista Firewall,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0062-1
Published: 2007-10-28
Rating: Major
Updated Versions:
firefox=/[EMAIL PROTECTED]:1-devel//1/2.0.0.8-2-1[
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.1-11
References:
!--
- Product : AGTC-Membership system
- Version : 1.1a
- Website : http://www.agtc.co.uk
- Author : 0x90
- HomePage : WwW.0x90.CoM.Ar
- Contact : Guns[at]0x90[dot]com[dot]ar
- Problem : Admin Added Access.
--
form name=form1 method=post action=http://[target]/adduser.php;
h3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Alert
Oracle Database Buffer overflow vulnerability in function
MDSYS.SDO_CS.TRANSFORM
October 29, 2007
Risk Level:
High
Affected versions:
Oracle Database Server versions 8iR3, 9iR1, 9iR2 (9.2.0.6 and previous
patchsets) and
netVigilance Security Advisory #54
SAXON version 5.4 XSS Attack Vulnerability
Description:
SAXON is a simple accessible online news publishing system for personal and
small corporate site owners. Publish news, using configurable templates, on any
.php page on your site. Publish news
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Alert
Oracle Database Buffer overflow vulnerability in procedure
DBMS_AQADM_SYS.DBLINK_INFO
October 29, 2007
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous
patchsets)
*** The CFP deadline has been extended until 2 November 2007 ***
The Apache Software Foundation (ASF) invites submissions for the
Security track of ApacheCon Europe 2008. To be held 7 April through
11 April, 2008 at the new Mövenpick Hotel Amsterdam City Centre.
ApacheCon serves as a forum for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0061-1
Published: 2007-10-26
Rating: Moderate
Updated Versions:
sun-jre=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/6u3-1.2-1
sun-jdk=/[EMAIL PROTECTED]:devel//[EMAIL
Hi all,
I just released in my website the last presentations and artcles I introduced
in some security conferences and workshops.
http://www.rosiello.org/
International Conferences:
Symposium on Security for Asia Networks. (Syscan '06). Writing behind a
buffer. Singapore July 20-21st
Hi,
I write a presentation for a friend about how to bypass Oracle
Database Vault. It may be interesting for someone else...
You can download the presentation Oracle Database Vault: The world is not
pink and I'm root at:
http://inguma.sourceforge.net/docs/oracle_database_vault_en.pdf
Joxean
[HSC] Omnistar Live Software Cross-Site Scripting Vulrnability
Omnistar Live is web based PHP help desk software used by webmasters that
combines
live chat and helpdesk software in one easy to use solution. Our customer
service software
combines ticketed support (web and email based),
netVigilance Security Advisory #53
SAXON version 5.4 Multiple Path Disclosure Vulnerabilities
Description:
SAXON is a simple accessible online news publishing system for personal and
small corporate site owners. Publish news, using configurable templates, on any
.php page on your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1388-3[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
October 29, 2007
rPath Security Advisory: 2007-0225-2
Published: 2007-10-26
Updated:
2007-10-29 added thunderbird update
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
[EMAIL PROTECTED]:1/2.0.0.8-0.1-1
[EMAIL
The binary of the (presumably not widely used) Windows software
Virtual Floppy Drive 2.1
http://chitchat.at.infoseek.co.jp/vmware/vfd.html
ships with a vfd.dll that is statically linked against zlib 1.2.2
http://www.zlib.net/ which is vulnerable to CAN-2005-2096.
A scan with ClamAV against the
Note: This advisory should have been published several months ago;
apologies for the delay -- John Heasman
===
Summary
===
Name: Untrusted Java applet can connect to localhost
Release Date: 29 October 2007
Reference: NGS00443
Discover: John Heasman [EMAIL PROTECTED]
Vendor: Sun
===
Summary
===
Name: Heap overflow in RealPlayer ID3 tag parsing code
Release Date: 29 October 2007
Reference: NGS00432
Discover: John Heasman [EMAIL PROTECTED]
Vendor: RealNetworks
Systems Affected: Several builds of RealPlayer 10.5,
All builds of RealPlayer 10.
For additional
BugTraq
I found this ISC announcement quite amusing:
http://www.isc.org/index.pl?/sw/bind/docs/response_transaction_id_issues.php
It's a text published by ISC as a follow up to the bind9 predictable id saga.
Particularly the following statement is funny, and shows complete lack
of understanding
I wrote Sunday, October 21, 2007 2:18 PM:
Anonymous [EMAIL PROTECTED] wrote Saturday, October 20, 2007 11:55 AM:
As a workaround, one could try to manually replace zlib32.dll in a Windows
GSView 4.8 installation with the current zlib1.dll version 1.2.3.
[...]
Unfortunately the maintainer
Note: This advisory should have been published several months ago;
apologies for the delay -- John Heasman
===
Summary
===
Name: Memory overwrites in JVM via malformed TrueType font
Release Date: 29 October 2007
Reference: NGS00419
Discover: John Heasman [EMAIL PROTECTED]
Vendor: Sun
Hello,
we did some functional testing on the firewall of Mac OS X Leopard.
Short summary:
- the firewall is not activated by default but there are services running
even if you don't activate any sharing (as shown by netstat or lsof)
- if you set it to Block all incoming connections it still
On Oct 29, 2007, at 17:49 , Juergen Schmidt wrote:
- if you set it to Block all incoming connections it still allows
access
to certain system services. We could access the ntp daemon that is
running
per default over the internet. In a LAN based scenario, we were
able to
query the Netbios
27 matches
Mail list logo