FYI
PR10-01: Unauthenticated File Retrieval (traversal) within 3Com* iMC
(Intelligent Management Center)
* On the 12th April 2010 Hewlett Packard completed its acquisition of 3Com
Vulnerability found: 30th January 2010
Vendor informed: 1st February 2010
Vulnerability fixed: 13th May 2010
Hello Bugtraq!
I want to warn you about security vulnerability in Flash Tag Cloud control
for ASP.NET.
-
Advisory: Vulnerability in widget Flash Tag Cloud for Blogsa and other
ASP.NET engines
-
URL: http://websecurity.com.ua/4213/
Vulnerability ID: HTB22369
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_ocportal.html
Product: ocPortal
Vendor: ocProducts Ltd
Vulnerable Version: 4.3.2 and Probably Prior Versions
Vendor Notification: 05 May 2010
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed,
Hi,
Should they choose to accept the OSSTMM, ISO will take the OSSTMM 3,
rewrite it into ISO language, place the pieces in their other security
standards as needed, or as a whole into 1 security testing standard
(whichever they choose). What they charge for ISO documents is out of
our
Vulnerability ID: HTB22371
Reference:
http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms.html
Product: LiSK CMS
Vendor: Createch-group
Vulnerable Version: 4.4
Vendor Notification: 06 May 2010
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting
Vulnerability ID: HTB22367
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_npds_revolution.html
Product: NPDS REvolution
Vendor: NPDS
Vulnerable Version: REvolution 10.02 and Probably Prior Versions
Vendor Notification: 06 May 2010
Vulnerability Type: CSRF (Cross-Site Request Forgery)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:104
http://www.mandriva.com/security/
PHP-Calendar description and lastaction Cross Site Scripting
Vulnerabilities
I. BACKGROUND
-
PHP-Calendar is a simple web calendar. It is targeted towards groups that
need to collaboratively create and track events. In that same collaborative
spirit, the source for
===
Ubuntu Security Notice USN-942-1 May 21, 2010
postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities
CVE-2010-1169, CVE-2010-1170
===
A security issue affects
Hi,
ISECOM has been working on improving and replacing risk analysis,
assessments and management with trust. Our research has shown dramatic
improvements from using a trust model based on fact over risk models.
OSSTMM 3 (www.osstmm.org) outlines much of this already and I am
beginning to
Vulnerability ID: HTB22374
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lisk_cms.html
Product: LiSK CMS
Vendor: Createch-group
Vulnerable Version: 4.4
Vendor Notification: 06 May 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:103
http://www.mandriva.com/security/
Hello Everyone,
it is 21th of May. The Month of PHP Security
(http://www.php-security.org) is still running and we have reached a
vulnerability count of 40 vulnerabilities, which is nearly as much as we
disclosed during the whole Month of PHP Bugs in 2007. However there are
11 more days until the
$$
Microsoft Outlook Web Access (OWA) version 8.2.254.0
OS: Windows Server 2003
Internet Explorer 7
$$
There is an information disclosure vulnerability in Microsoft Outlook Web
Access (OWA) version
Summer vacation's coming so don't forget to check out the Home
Security Methodology Vacation Guide at
http://www.isecom.org/hsm/
Version 1.2 is available! It's based on OSSTMM 3. I'm sure a more
thorough or accurate checklist exists!
Enjoy!
Sincerely,
-pete.
--
Pete Herzog - Managing
PR10-03: Authenticated XSS within the Apache Axis2 administration console
Vulnerability found: 30th January 2010
Vendor informed: 1st February 2010
Vulnerability fixed:
Severity: Medium
Description:
Axis2 is a web services/SOAP/WDSL engine, widely used within many
commercial products
Vulnerability ID: HTB22370
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_gpeasy_cms.html
Product: gpEasy CMS
Vendor: gpeasy
Vulnerable Version: 1.6.2 and Probably Prior Versions
Vendor Notification: 05 May 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by
Vulnerability ID: HTB22373
Reference:
http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms_1.html
Product: LiSK CMS
Vendor: Createch-group
Vulnerable Version: 4.4
Vendor Notification: 06 May 2010
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting
Dear List,
I'm writing on behalf of the Check Point Vulnerability Discovery Team to
publish the following vulnerability.
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
rpc.pcnfsd syslog format string vulnerability
CVE-2010-1039
19 matches
Mail list logo