[Bkis-01-2010] Multiple Vulnerabilities in BigAce
1. General Information
BigAce is a free content management software (CMS) written in PHP, and is
available at http://www.bigace.de. In April 2010, Bkis Security discovered an
XSS and CSRF vulnerability in BigAce 2.7.1. Taking advantage of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2049-1 secur...@debian.org
http://www.debian.org/security/ Steffen Joeris
May 23, 2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2048-1 secur...@debian.org
http://www.debian.org/security/ Sébastien Delafond
May 22, 2010
Not working at my environment: Tested on Firefox 3.6.3 (Linux).
OWA version: 8.2.254.0
Exception type: Microsoft.Exchange.Data.Storage.CorruptDataException. OWA uses
System.Convert.FromBase64String(String s) for parsing the address, so even when
you
try to put the representation there, you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2050-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2010
Seriously?
This was reported in Jul 2001 by Hiromitsu Takagi, and assigned
CVE-2001-1161.
http://seclists.org/bugtraq/2001/Jul/22
Would you please:
a) check to see if a vulnerability has been published
b) test current software
c) include the full name of the product you are testing
IBM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:105
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2051-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2010
CompleteFTP Server v 4.x PORT command Remote DOS exploit
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:106
http://www.mandriva.com/security/
==
Secunia Research 24/05/2010
- Ziproxy Two Integer Overflow Vulnerabilities -
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2052-1 secur...@debian.org
http://www.debian.org/security/ Sebastien Delafond
May 24, 2010
Reproducing the Issue:
In configuration file rmserver.cfg located at C:\Program Files\Real\Helix
Server give below string as path
Var PluginDirectory=A * 5000/
Versioning information of Softwares:
Microsoft XP Professional SP2 with Helix Mobile Server (RealNetworks)
(14.0.0.348) (Build
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2052-1 secur...@debian.org
http://www.debian.org/security/ Sebastien Delafond
May 24, 2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-2053-1secur...@debian.org
http://www.debian.org/security/ dann frazier
May 25, 2010
===
Scientific Atlanta DPC2100 Cable Modem
Cross-Site Request Forgery and Insufficient Authentication
May 24, 2010
CVE-2010-2025, CVE-2010-2026
===
==Description==
Scientific
-
Webby Webserver v1.01
- Buffer overflow vulnerability with overwritten structured exception handler
(SEH)
Date: 25.05.2010
-
- Description
Webby is a small webserver for the windows operating
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Sun Solaris 10 libc/*convert (*cvt) buffer overflow ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 15.04.2010
- - Pub.: 21.05.2010
Affected Software:
- - Sun Solaris 10 10/9
Original URL:
Ghostscript_8.64 on openSuSE_11.2 executes all files matching ./Encoding/* on
startup. This search is relative to the current directory so it is easy to
poison Ghostscript and cause it to execute arbitrary PostScript code without
user action or knowledge.
Details:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Sun Solaris 10 filesystem rm(1),find(1),etc, Denial-of-service ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 17.04.2010
- - Pub.: 21.05.2010
Affected Software:
- - Sun Solaris 10 10/09
Original URL:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Sun Solaris 10 ftpd Cross-site request forgery ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 24.02.2010
- - Pub.: 21.05.2010
Affected Software:
- - Sun Solaris 10 10/09
- - OpenSoalris 2009.06
Original URL:
Description
A security issue has been discovered in Hustoj is HUST ACM OnlineJudge, which
can be exploited by malicious people to bypass certain security restrictions.
Access to the enabled FCKeditor component is not properly restricted, which can
be exploited to e.g upload files of certain
Kingsoft WebShield KAVSafe.sys = 2010.4.14.609(2010.5.23) Kernel Mode Local
Privilege Escalation Vulnerability
VULNERABLE PRODUCTS
Kingsoft WebShield = 3.5.1.2 (2010.5.23)
Signature Date: 2010-5-23 2:33:54
And
KAVSafe.sys = 2010.4.14.609
Signature Date#65306;2010-4-14 13:42:26
---
JV2 Folder Gallery 3.1.1 (popup_slideshow.php) Multiple Vulnerability
---
Hello Bugtraq!
I want to warn you about new security vulnerabilities in plugin DS-Syndicate
for Joomla. It's my second advisory for DS-Syndicate.
-
Advisory: New vulnerabilities in DS-Syndicate for Joomla
-
URL:
rPath Security Advisory: 2010-0039-1
Published: 2010-05-23
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Rating: Minor
Exposure Level Classification:
Remote User Deterministic Weakness
Updated Versions:
Not working , Tested on : XpSp2 , IE6
wow, doesn't time fly when planes don't? :P
if, like me, you've been stuck in the UK, admiring the ash cloud and
listening to the chants of the soon to be unemployed trolley dollies,
you'll be glad of the distraction of a couple of pints, a decent pie and
some evil hax0r learning hammered
Kingsoft WebShield KAVSafe.sys = 2010.4.14.609(2010.5.23) Kernel Mode Local
Privilege Escalation Vulnerability
VULNERABLE PRODUCTS
Kingsoft WebShield = 3.5.1.2 (2010.5.23)
Signature Date: 2010-5-23 2:33:54
And
KAVSafe.sys = 2010.4.14.609
Signature Date#65306;2010-4-14 13:42:26
Hi,
We have just released the updated STAR, Attack Surface Metrics
calculation sheets, and the rav formula!
As part of certain requirements towards compliance, more and more Euro
companies (so far in France, Germany, Italy, and Switzerland) have
begun getting their infrastructure's attack
Internet Explorer is vulnerable to a drive-by arbitrary UNC file read,
with the usual consequences (local account password disclosure, etc.) as
in IE6 before SP1. It is in ICMFilter, which is accessible via the CSS
filter property. Sample exploit code:
div
Product: Zabbix
Vendor: Zabbix SIA
References: http://www.securityfocus.com/bid/39752
http://secunia.com/advisories/39119
Software Link: http://www.zabbix.com/
Vulnerable Version: = 1.8.1
Vulnerability Type: SQL Injection
Status: Fixed in version 1.8.2
Risk level: Medium
Author: David skys
32 matches
Mail list logo