Re: Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities

2010-08-13 Thread tibor . fogler
Hi Salvatore Fresta! Thanks the report. It is a real problem. I am working it. Help me please! My conception: Before execute a query filter spaces from paramters...it is e good idea ? Tibor Fogler

XSRF (CSRF) in Mystic

2010-08-13 Thread advisory
Vulnerability ID: HTB22533 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_mystic.html Product: Mystic Vendor: Hulihan Applications ( http://hulihanapplications.com/projects/mystic ) Vulnerable Version: 0.1.4 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability

Cisco Security Advisory: Cisco IOS Software TCP Denial of Service Vulnerability

2010-08-13 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software TCP Denial of Service Vulnerability Advisory ID: cisco-sa-20100812-tcp http://www.cisco.com/warp/public/707/cisco-sa-20100812-tcp.shtml Revision 1.0 For Public Release 2010 August 12 2130 UTC (GMT)

XSS vulnerability in Mystic

2010-08-13 Thread advisory
Vulnerability ID: HTB22534 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_mystic.html Product: Mystic Vendor: Hulihan Applications ( http://hulihanapplications.com/projects/mystic ) Vulnerable Version: 0.1.4 and Probably Prior Versions Vendor Notification: 27 July 2010

XSS vulnerability in Mystic

2010-08-13 Thread advisory
Vulnerability ID: HTB22535 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_mystic_1.html Product: Mystic Vendor: Hulihan Applications ( http://hulihanapplications.com/projects/mystic ) Vulnerable Version: 0.1.4 and Probably Prior Versions Vendor Notification: 27 July 2010

XSS vulnerability in Onyx

2010-08-13 Thread advisory
Vulnerability ID: HTB22537 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_onyx_1.html Product: Onyx Vendor: Hulihan Applications ( http://hulihanapplications.com/projects/onyx ) Vulnerable Version: 0.3.2 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability

SQL injection vulnerability in SyntaxCMS

2010-08-13 Thread advisory
Vulnerability ID: HTB22540 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_syntaxcms.html Product: SyntaxCMS Vendor: Forum One Communications ( http://www.syntaxcms.org/ ) Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 27 July 2010

XSS vulnerability in Edit-X CMS

2010-08-13 Thread advisory
Vulnerability ID: HTB22542 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_edit_x_cms.html Product: Edit-X CMS Vendor: Edit-X, Inc. ( http://www.edit-x.com/ ) Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability

Directory Traversal in SoftX FTP Client

2010-08-13 Thread advisory
Vulnerability ID: HTB22541 Reference: http://www.htbridge.ch/advisory/directory_traversal_in_softx_ftp_client.html Product: SoftX FTP Client Vendor: SoftX.Org ( http://www.softx.org/ftp.html ) Vulnerable Version: 3.3 for windows and Probably Prior Versions Vendor Notification: 27 July 2010

XSS vulnerability in i-Web Suite

2010-08-13 Thread advisory
Vulnerability ID: HTB22544 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_i_web_suite.html Product: i-Web Suite Vendor: immediaC world wide Inc ( http://www.immediac.com/ ) Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions Vendor Notification: 27 July 2010

SQL injection vulnerability in i-Web Suite

2010-08-13 Thread advisory
Vulnerability ID: HTB22543 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_i_web_suite.html Product: i-Web Suite Vendor: immediaC world wide Inc ( http://www.immediac.com/ ) Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions Vendor Notification: 27

SQL injection vulnerability in CMS Source

2010-08-13 Thread advisory
Vulnerability ID: HTB22547 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cms_source_1.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28

XSS vulnerability in CMS Source

2010-08-13 Thread advisory
Vulnerability ID: HTB22548 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cms_source.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010

XSS vulnerability in eazyCMS

2010-08-13 Thread advisory
Vulnerability ID: HTB22554 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_eazycms_1.html Product: eazyCMS Vendor: eazycms.com ( http://eazycms.com/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010 Vulnerability Type: XSS

XSS vulnerability in eazyCMS

2010-08-13 Thread advisory
Vulnerability ID: HTB22556 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_eazycms_3.html Product: eazyCMS Vendor: eazycms.com ( http://eazycms.com/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010 Vulnerability Type: XSS

[MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue

2010-08-13 Thread david . kurz
[MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue Details = Product: WordPress 3.0.1 Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.wordpress.org/ Advisory-Status: published Credits = Discovered by: David Vieira-Kurz of

Secunia Research: SWFTools Two Integer Overflow Vulnerabilities

2010-08-13 Thread Secunia Research
== Secunia Research 13/08/2010 - SWFTools Two Integer Overflow Vulnerabilities - == Table of Contents Affected

Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability

2010-08-13 Thread Steve Shockley
On 8/11/2010 12:12 PM, ZDI Disclosures wrote: The specific flaw exists within the ebus-3-3-2-6.dll module responsible for parsing GIOP requests for multiple processes. Does this affect only version 3.3.2.6? -- Vendor Response: SAP has issued an update to correct this vulnerability. More

XSS vulnerability in eazyCMS

2010-08-13 Thread advisory
Vulnerability ID: HTB22557 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_eazycms_4.html Product: eazyCMS Vendor: eazycms.com ( http://eazycms.com/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010 Vulnerability Type: XSS

Local File Inclusion in CMS Source

2010-08-13 Thread advisory
Vulnerability ID: HTB22552 Reference: http://www.htbridge.ch/advisory/local_file_inclusion_in_cms_source_1.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July

SQL injection vulnerability in CMS Source

2010-08-13 Thread advisory
Vulnerability ID: HTB22550 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cms_source_2.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28

XSS vulnerability in CMS Source

2010-08-13 Thread advisory
Vulnerability ID: HTB22549 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cms_source_1.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010

Local File Inclusion in CMS Source

2010-08-13 Thread advisory
Vulnerability ID: HTB22545 Reference: http://www.htbridge.ch/advisory/local_file_inclusion_in_cms_source.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010

SQL injection vulnerability in CMS Source

2010-08-13 Thread advisory
Vulnerability ID: HTB22546 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cms_source.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28

XSS vulnerability in CMS Source

2010-08-13 Thread advisory
Vulnerability ID: HTB22551 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_cms_source_2.html Product: CMS Source Vendor: Proud Daddy Web Design ( http://www.prouddaddy.net/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010

XSS vulnerability in eazyCMS

2010-08-13 Thread advisory
Vulnerability ID: HTB22553 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_eazycms.html Product: eazyCMS Vendor: eazycms.com ( http://eazycms.com/ ) Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010 Vulnerability Type: XSS