Security Advisory
IS-2010-006 - D-Link DAP-1160 formFilter buffer overflow
Advisory Information
Published:
2010-07-14
Updated:
2010-07-14
Manufacturer: D-Link
Model: DAP-1160
Firmware version: 1.20b06
1.30b10
1.31b01
Vulnerability Details
--
Hi,
the German section of the Open Web Application Security Project (OWASP)
announces a for Presentations (CfP) for the third OWASP AppSec Germany
conference on the 20th of October 2010 in Nuremberg. The conference will
be held in parallel with the IT security exhibition. The conference is
primari
:: Call For Paper ::
Mother of all Indian Hacker's Conferences "ClubHack" is now in its
fourth year and we again invite all the geeks & hackers around the
world to be a part of the same.
ClubHack2010 opens its CFP today. See http://clubhack.com/2010/cfp
We are expecting a good deep knowledge tech
Vulnerability ID: HTB22478
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webpress.html
Product: WebPress
Vendor: YWP ( http://www.goywp.com/ )
Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: XSS (Cross S
Vulnerability ID: HTB22476
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_phpwcms.html
Product: phpwcms
Vendor: Oliver Georgi ( http://www.phpwcms.de/ )
Vulnerable Version: 1.4.5 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: CSRF (Cross-Site Request F
#
Application: Novell Groupwise Webaccess Stack Overflow
Platforms: Windows, Linux & Netware (GroupWise 7.0, 7.01, 7.02,
7.03x, 7.04, 8.0, 8.01x)
Exploitation: Remote code execution
CVE Number:
Novell TID
Vulnerability ID: HTB22479
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webpress_1.html
Product: WebPress
Vendor: YWP ( http://www.goywp.com/ )
Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: XSS (Cross
Vulnerability ID: HTB22470
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_pixie.html
Product: Pixie
Vendor: Toggle Labs Ltd ( http://www.getpixie.co.uk/ )
Vulnerable Version: 1.0.4 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: CSRF (Cross-Site Request
Vulnerability ID: HTB22472
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_festos.html
Product: FestOS
Vendor: Skypanther Studios, Inc ( http://festengine.org/ )
Vulnerable Version: 2.3b and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: XSS (Cross S
Vulnerability ID: HTB22471
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_pixie_1.html
Product: Pixie
Vendor: Toggle Labs Ltd ( http://www.getpixie.co.uk/ )
Vulnerable Version: 1.0.4 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: CSRF (Cross-Site Reques
Vulnerability ID: HTB22473
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_festos_1.html
Product: FestOS
Vendor: Skypanther Studios, Inc ( http://festengine.org/ )
Vulnerable Version: 2.3b and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: Stored XSS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02282377
Version: 2
HPSBMA02550 SSRT100170 rev.2 - HP Insight Software Installer for Windows, Local
Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF)
NOTICE: The informatio
Vulnerability ID: HTB22468
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pixie.html
Product: Pixie
Vendor: Toggle Labs Ltd ( http://www.getpixie.co.uk/ )
Vulnerable Version: 1.0.4 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: XSS (Cross Site S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02288473
Version: 1
HPSBUX02556 SSRT100014 rev.1 - HP-UX Running rpc.ttdbserver, Remote Execution
of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as so
Vulnerability ID: HTB22469
Reference:
http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_pixie.html
Product: Pixie
Vendor: Toggle Labs Ltd ( http://www.getpixie.co.uk/ )
Vulnerable Version: 1.0.4 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: Stored XS
Vulnerability ID: HTB22475
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_phpwcms.html
Product: phpwcms
Vendor: Oliver Georgi ( http://www.phpwcms.de/ )
Vulnerable Version: 1.4.5 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: Stored XSS (Cross
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2071-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2010
On Tue, Jul 6, 2010 at 11:04 AM, Ian Maguire wrote:
> pam_captcha is visual text-based CAPTCHA challenge module for PAM that uses
> figlet to generate the CAPTCHAs.
>
> Project site:
> http://www.semicomplete.com/projects/pam_captcha/
>
> A site with a screen shot:
> http://www.michaelboman.org/ho
Vulnerability ID: HTB22480
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webpress_2.html
Product: WebPress
Vendor: YWP ( http://www.goywp.com/ )
Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: XSS (Cross
==
Secunia Research 15/07/2010
- GIGABYTE Dldrv2 ActiveX Control Unsafe Methods -
==
Table of Contents
Affected Software...
Vulnerability ID: HTB22481
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webpress_3.html
Product: WebPress
Vendor: YWP ( http://www.goywp.com/ )
Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: XSS (Cross
Vulnerability ID: HTB22477
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_taggon_cms.html
Product: Taggon CMS
Vendor: Onison ( http://www.onison.com/articles/3 )
Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2070-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2010
Vulnerability ID: HTB22467
Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_pligg_search_module.html
Product: Pligg
Vendor: Pligg, LLC ( http://www.pligg.com/demo/ )
Vulnerable Version: 1.0.4 and Probably Prior Versions
Vendor Notification: 01 July 2010
Vulnerability Type: XSS (Cr
Outlook PR_ATTACH_METHOD file execution vulnerability
Yorick Koster, October 2009
--
Vulnerability ID: HTB22474
Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_gekko_web_builder.html
Product: Gekko Web Builder
Vendor: Baby Gekko IT Consulting ( http://www.babygekko.com/ )
Vulnerable Version: v0.90 ALPHA and Probably Prior Versions
Vendor Notification: 01 July 2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02286083
Version: 1
HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution
of Arbitrary Code, Remote Denial of Service (DoS), Remote Unauthorized Access
NOTICE: The info
===
Ubuntu Security Notice USN-962-1 July 15, 2010
vte vulnerability
CVE-2010-2713
===
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
Ubuntu 9.10
Ubunt
On 7/14/2010 10:04 PM, Jordan Sissel wrote:
> On Tue, Jul 6, 2010 at 11:04 AM, Ian Maguire wrote:
>
>> pam_captcha is visual text-based CAPTCHA challenge module for PAM that uses
>> figlet to generate the CAPTCHAs.
>>
>> Project site:
>> http://www.semicomplete.com/projects/pam_captcha/
>>
>> A si
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:132
http://www.mandriva.com/security/
ZDI-10-125: IBM SolidDB solid.exe Handshake Request Username Field Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-125
July 13, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
IBM
-- Affected Products:
IBM solidDB
-- TippingPoint(TM) I
cPanel 11.25 is vulnerable to an XSS exploit as it fails to clean user-supplied
input.
All versions prior to 47010 are affected. Please note that whilst this
vulnerability is patched in version 47010, 47010 is currently on the
bleeding-edge and isn't recommended for the stable environment.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
VSR Security Advisory
http://www.vsecurity.com/
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs
Relea
ZDI-10-124: Oracle Secure Backup Web Interface Various Post-Auth Command
Injection Remote Code Execution Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-10-124
July 13, 2010
-- CVSS:
9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Who
-
SAP
http://www.sap.com
What
-
SAPGui BI component
File: %PROGRAMFILES%\sap\business explorer\bi\wadmxhtml.dll
Version: 7100.1.400.8
ClassID: 30DD068D-5AD9-434C-AAAC-46ABE37194EB
RegKey Safe for Script: False
RegKey Safe for I
ZDI-10-123: Oracle Secure Backup Administration Authentication Bypass
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-123
July 13, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure Backup
-- Vulnerability Details:
Th
ZDI-10-122: Oracle Secure Backup Administration Command Injection Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-122
July 13, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure Backup
-- Vulnera
ZDI-10-121: Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-121
July 13, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure Backup
-- Vulnerability Details:
This vulnerability al
PR09-16: Juniper Secure Access series (Juniper IVE) XSS
Vulnerability found: 12th October 2009
Severity: Medium (Script injection)
Description:
There is a Cross-site Scripting vulnerability on Juniper, IVE web interface.
Procheckup has found by making a malformed request to the IVE Web
interfa
ZDI-10-120: Oracle Secure Backup Administration objectname Command Injection
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-120
July 13, 2010
-- CVSS:
9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure Backup
The Pwnie Awards ceremony will return for the fourth consecutive year to the
BlackHat USA conference in Las Vegas. The award ceremony will take place
during the BlackHat reception on Thr, July 29, 2010.
The Pwnie Awards is an annual awards ceremony celebrating the achievements and
failures of secu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01757418
Version: 3
HPSBMA02439 SSRT080082 rev.3 - HP OpenView SNMP Emanate Master Agent Running on
HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
NOTICE: The information in th
ZDI-10-119: Oracle Secure Backup Administration $other Variable Command
Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-119
July 13, 2010
-- CVSS:
9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure Bac
==
Secunia Research 15/07/2010
- GIGABYTE Dldrv2 ActiveX Control Array Indexing Vulnerability -
==
Table of Contents
Affected Softwar
ZDI-10-118: Oracle Secure Backup Administration uname Authentication Bypass
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-118
July 13, 2010
-- CVSS:
9.7, (AV:N/AC:L/Au:N/C:C/I:C/A:P)
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure Backup
-- Vulnerability Deta
TPTI-10-04: Oracle Secure Backup Scheduler Service Remote Code Execution
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-04
-- CVE ID:
CVE-2010-0898
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Secure Backup
-- TippingPoint(T
46 matches
Mail list logo