Vulnerability ID: HTB22715
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms.html
Product: Zimplit CMS
Vendor: Zimplit ( http://www.zimplit.com/ )
Vulnerable Version: Current at 22.11.2010 and Probably Prior Versions
Vendor Notification: 22 November 2010
Vulnerability
Vulnerability ID: HTB22717
Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms.html
Product: Exponent CMS
Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ )
Vulnerable Version: 2.0.0pr2
Vendor Notification: 22 November 2010
Vulnerability Type: Local File Inclusion
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:248
http://www.mandriva.com/security/
Values placed in the URI of the browser are rendered correctly. Orion NPM
10.1 has just been released, so there is no known fix available as of yet.
Examples:
Most variable= that I've checked are vulnerable:
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel gcc _2.6.37.local.c -o
Vulnerability ID: HTB22718
Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms_1.html
Product: Exponent CMS
Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ )
Vulnerable Version: 2.0.0pr2
Vendor Notification: 22 November 2010
Vulnerability Type: Local File Inclusion
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:249
http://www.mandriva.com/security/
===
Ubuntu Security Notice USN-1026-1 December 07, 2010
paste vulnerability
CVE-2010-2477
===
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This
===
Ubuntu Security Notice USN-1027-1 December 07, 2010
quagga vulnerabilities
CVE-2010-2948, CVE-2010-2949
===
A security issue affects the following Ubuntu releases:
Ubuntu
www.eVuln.com advisory:
HTTP Response Splitting in WWWThreads (php version)
Summary: http://evuln.com/vulns/156/summary.html
Details: http://evuln.com/vulns/156/description.html
---Summary---
eVuln ID: EV0156
Software: n/a
Vendor: WWWThreads
Version: 2006.11.25
===
Ubuntu Security Notice USN-1028-1 December 07, 2010
imagemagick vulnerability
CVE-2010-4167
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Dan
--snip--
/*
* Linux Kernel = 2.6.37 local privilege escalation
* by
==
Secunia Research 08/12/2010
- QuickTime Track Dimensions Buffer Overflow Vulnerability -
==
Table of Contents
Affected
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
2.6.35-22-generic). Works as expected.
Great job Dan. You're full of win!
Regards,
Ryan Sears
- Original Message -
From: Cal Leeming [Simplicity Media Ltd]
cal.leem...@simplicitymedialtd.co.uk
To: Dan Rosenberg
Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel gcc _2.6.37.local.c -o test
00:37 linups:../expl/kernel ./test
[*] Failed to open file
iDefense Security Advisory 12.07.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 07, 2010
I. BACKGROUND
QuickTime is Apple's media player product used to render video and other
media. The PICT file format was developed by Apple Inc. in 1984. PICT
files can contain both
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02586517
Version: 1
HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial
of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as
===
Ubuntu Security Notice USN-1029-1 December 08, 2010
openssl vulnerabilities
CVE-2008-7270, CVE-2010-4180
===
A security issue affects the following Ubuntu releases:
Ubuntu
19 matches
Mail list logo