Multiple vulnerabilities within 3Com* iMC (Intelligent Management Center)

FYI PR10-01: Unauthenticated File Retrieval (traversal) within 3Com* iMC (Intelligent Management Center) * On the 12th April 2010 Hewlett Packard completed its acquisition of 3Com Vulnerability found: 30th January 2010 Vendor informed: 1st February 2010 Vulnerability fixed: 13th May 2010

Vulnerability in widget Flash Tag Cloud for Blogsa and other ASP.NET engines

Hello Bugtraq! I want to warn you about security vulnerability in Flash Tag Cloud control for ASP.NET. - Advisory: Vulnerability in widget Flash Tag Cloud for Blogsa and other ASP.NET engines - URL: http://websecurity.com.ua/4213/

XSRF (CSRF) in ocPortal

Vulnerability ID: HTB22369 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_ocportal.html Product: ocPortal Vendor: ocProducts Ltd Vulnerable Version: 4.3.2 and Probably Prior Versions Vendor Notification: 05 May 2010 Vulnerability Type: CSRF (Cross-Site Request Forgery) Status: Not Fixed,

Re: The New ISO Hacking Standard

Hi, Should they choose to accept the OSSTMM, ISO will take the OSSTMM 3, rewrite it into ISO language, place the pieces in their other security standards as needed, or as a whole into 1 security testing standard (whichever they choose). What they charge for ISO documents is out of our

SQL injection vulnerability in LiSK CMS

Vulnerability ID: HTB22371 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms.html Product: LiSK CMS Vendor: Createch-group Vulnerable Version: 4.4 Vendor Notification: 06 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting

XSRF (CSRF) in NPDS REvolution

Vulnerability ID: HTB22367 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_npds_revolution.html Product: NPDS REvolution Vendor: NPDS Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor Notification: 06 May 2010 Vulnerability Type: CSRF (Cross-Site Request Forgery)

[ MDVSA-2010:104 ] dovecot

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:104 http://www.mandriva.com/security/

PHP-Calendar description and lastaction Cross Site Scripting Vulnerabilities

PHP-Calendar description and lastaction Cross Site Scripting Vulnerabilities I. BACKGROUND - PHP-Calendar is a simple web calendar. It is targeted towards groups that need to collaboratively create and track events. In that same collaborative spirit, the source for

[USN-942-1] PostgreSQL vulnerabilities

=== Ubuntu Security Notice USN-942-1 May 21, 2010 postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities CVE-2010-1169, CVE-2010-1170 === A security issue affects

Mastering Trust in Security Assessments

Hi, ISECOM has been working on improving and replacing risk analysis, assessments and management with trust. Our research has shown dramatic improvements from using a trust model based on fact over risk models. OSSTMM 3 (www.osstmm.org) outlines much of this already and I am beginning to

XSS vulnerability in LiSK CMS

Vulnerability ID: HTB22374 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lisk_cms.html Product: LiSK CMS Vendor: Createch-group Vulnerable Version: 4.4 Vendor Notification: 06 May 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Not Fixed, Vendor Alerted, Awaiting

[ MDVSA-2010:103 ] postgresql

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:103 http://www.mandriva.com/security/

Month of PHP Security - Summary - 11st May - 21th

Hello Everyone, it is 21th of May. The Month of PHP Security (http://www.php-security.org) is still running and we have reached a vulnerability count of 40 vulnerabilities, which is nearly as much as we disclosed during the whole Month of PHP Bugs in 2007. However there are 11 more days until the

Microsoft Outlook Web Access (OWA) v8.2.254.0 id parameter Information Disclosure Vulnerability

$$ Microsoft Outlook Web Access (OWA) version 8.2.254.0 OS: Windows Server 2003 Internet Explorer 7 $$ There is an information disclosure vulnerability in Microsoft Outlook Web Access (OWA) version

OSSTMM 3 based Home Security Vacation Guide v.2!

Summer vacation's coming so don't forget to check out the Home Security Methodology Vacation Guide at http://www.isecom.org/hsm/ Version 1.2 is available! It's based on OSSTMM 3. I'm sure a more thorough or accurate checklist exists! Enjoy! Sincerely, -pete. -- Pete Herzog - Managing

PR10-03: Authenticated Cross-Site Scripting (XSS) within the Apache Axis2 administration console

PR10-03: Authenticated XSS within the Apache Axis2 administration console Vulnerability found: 30th January 2010 Vendor informed: 1st February 2010 Vulnerability fixed: Severity: Medium Description: Axis2 is a web services/SOAP/WDSL engine, widely used within many commercial products

XSS vulnerability in gpEasy CMS

Vulnerability ID: HTB22370 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_gpeasy_cms.html Product: gpEasy CMS Vendor: gpeasy Vulnerable Version: 1.6.2 and Probably Prior Versions Vendor Notification: 05 May 2010 Vulnerability Type: XSS (Cross Site Scripting) Status: Fixed by

SQL injection vulnerability in LiSK CMS

Vulnerability ID: HTB22373 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms_1.html Product: LiSK CMS Vendor: Createch-group Vulnerable Version: 4.4 Vendor Notification: 06 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting

HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ rpc.pcnfsd syslog format string vulnerability CVE-2010-1039