There are lost of xss vul in PHPWind v6.0 !

2010-03-19 Thread lis cker
I found the PHPWind v6.0 just filter the xss code when the visitors login in, but it doesnt do it when login off. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This flaw makes its all the

IBM Lotus 6.x HTTP Response Splitting Vulnerability

2010-03-19 Thread lament
= Yaniv Miron aka Lament Advisory March 12, 2010 IBM Lotus 6.x HTTP Response Splitting Vulnerability = = I. BACKGROUND = IBM Lotus Software delivers robust

[SECURITY] [DSA-2018-1] New php5 packages fix null pointer dereference

2010-03-19 Thread Raphael Geissert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2018-1 secur...@debian.org http://www.debian.org/security/ Raphael Geissert March 18, 2010

[USN-915-1] Thunderbird vulnerabilities

2010-03-19 Thread Marc Deslauriers
=== Ubuntu Security Notice USN-915-1 March 18, 2010 thunderbird vulnerabilities CVE-2009-0689, CVE-2009-2463, CVE-2009-3072, CVE-2009-3075, CVE-2009-3077, CVE-2009-3376, CVE-2009-3983, CVE-2010-0163

Vulnerability Httpdx v1.5.3b

2010-03-19 Thread Mehdi Mahdjoub - Sysdream IT Security Services
Program : Httpdx v1.5.3b PoC : Remote Crash Service (if http.log=1) Homepage : http://sourceforge.net/projects/httpdx/ Found by : Jonathan Salwan This Advisory: Jonathan Salwan Contact : j.sal...@sysdream.com //- Application description

announcing skipfish, an automated web app security scanner

2010-03-19 Thread Michal Zalewski
Hi folks, I am happy to announce the availability of skipfish - our open-source, fully automated, active web application scanner. There are several things that probably make it interesting: 1) High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000