Vulnerability ID: HTB22641
Reference: http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html
Product: DeluxeBB
Vendor: DeluxeBB ( http://www.deluxebb.com/ )
Vulnerable Version: 1.3 and Probably Prior Versions
Vendor Notification: 05 October 2010
Vulnerability Type: SQL Injection
Vulnerability ID: HTB22640
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_tribiq_cms.html
Product: Tribiq CMS
Vendor: Tribiq ( http://tribiq.com/ )
Vulnerable Version: 5.2.5 and probably prior versions
Vendor Notification: 05 October 2010
Vulnerability Type: Path disclosure
Vulnerability ID: HTB22639
Reference: http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html
Product: 4site CMS
Vendor: Method Lab ( http://www.4site.ru/ )
Vulnerable Version: 2.6 and probably prior versions
Vendor Notification: 05 October 2010
Vulnerability Type: XSS (Cross Site
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2121-1 secur...@debian.org
http://www.debian.org/security/ Florian Weimer
October 19, 2010
Vulnerability ID: HTB22638
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_snews_1.html
Product: sNews
Vendor: sNews Team ( tp://www.snewscms.com/ )
Vulnerable Version: 1.7 and probably prior versions
Vendor Notification: 05 October 2010
Vulnerability Type: XSS (Cross Site
Vulnerability ID: HTB22637
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_snews.html
Product: sNews
Vendor: sNews Team ( http://www.snewscms.com/ )
Vulnerable Version: 1.7 and probably prior versions
Vendor Notification: 05 October 2010
Vulnerability Type: Stored XSS (Cross Site
The advisory for this vulnerability has been updated to include a
suggested workaround:
Preventing the RDS kernel module from loading is an effective
workaround. This can be accomplished by executing the following
command as root:
echo alias net-pf-21 off /etc/modprobe.d/disable-rds
In
Sent from my iPhone
On Oct 20, 2010, at 8:58 AM, Michal Zalewski lcam...@coredump.cx wrote:
Security-Assessment.com follows responsible disclosure
and promptly contacted Oracle after discovering
the issue. Oracle was contacted on August 1,
2010.
My understanding is that Stefano Di Paola
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form
1. *Advisory Information*
Title: LibSMI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Comments are inline below...
On 10/19/2010 07:18 AM, Roberto Suggi Liverani wrote:
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ /
Eh, you can see where it came from though. Design bugs like this are
absolutely miserable to fix (see how we'll never get rebinding out of the
browser) and letting identical IP's script against eachother lets an awful
lot of legitimate traffic through while blocking almost all attacks.
Security-Assessment.com follows responsible disclosure
and promptly contacted Oracle after discovering
the issue. Oracle was contacted on August 1,
2010.
My understanding is that Stefano Di Paola of Minded Security reported
this back in April; and further, the feature was a part of reasonably
12 matches
Mail list logo