ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-034
January 31, 2011
-- CVE ID:
CVE-2011-0276
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Hewlett-Packard
-- Affected
ZDI-11-035: IBM DB2 db2dasrrm validateUser Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-035
January 31, 2011
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
IBM
-- Affected Products:
IBM DB2 Universal Database
-- Vulnerability Details:
===
Ubuntu Security Notice USN-1053-1 February 01, 2011
subversion vulnerabilities
CVE-2007-2448, CVE-2010-3315, CVE-2010-4539, CVE-2010-4644
===
A security issue affects the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02695453
Version: 1
HPSBMA02627 SSRT090246 rev.1 - HP OpenView Performance Insight Server, Remote
Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted
ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp
Eval Code Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-037
January 31, 2011
-- CVE ID:
CVE-2010-3719
-- CVSS:
8.5, (AV:N/AC:M/Au:S/C:C/I:C/A:C)
-- Affected
Zikula CMS 1.2.4 = Cross Site Request Forgery (CSRF) Vulnerability
1. OVERVIEW
The Zikula 1.2.4 and lower versions were vulnerable to Cross Site
Request Forgery (CSRF).
2. BACKGROUND
Vulnerability ID: HTB22804
Reference: http://www.htbridge.ch/advisory/sql_injection_in_redaxscript.html
Product: Redaxscript
Vendor: http://redaxscript.com/ ( http://redaxscript.com/ )
Vulnerable Version: 0.3.2
Vendor Notification: 18 January 2011
Vulnerability Type: SQL Injection
Status: Fixed
Vulnerability ID: HTB22799
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_pluck_cms_1.html
Product: Pluck
Vendor: Pluck CMS ( http://www.pluck-cms.org )
Vulnerable Version: 4.6.4
Vendor Notification: 18 January 2011
Vulnerability Type: Path disclosure
Risk level: Low
Credit:
Vulnerability ID: HTB22803
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_razor_cms.html
Product: Razor CMS
Vendor: http://www.razorcms.co.uk ( http://www.razorcms.co.uk )
Vulnerable Version: 1.1
Vendor Notification: 18 January 2011
Vulnerability Type: Path disclosure
Status:
Vulnerability ID: HTB22805
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_redaxscript.html
Product: Redaxscript
Vendor: http://redaxscript.com/ ( http://redaxscript.com/ )
Vulnerable Version: 0.3.2
Vendor Notification: 18 January 2011
Vulnerability Type: Path disclosure
Status:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ADVISORY NUMBER 013111
Advisory # 1:
TITLE
Malformed 802.11 Probe Request frame causes Denial of Service condition
on an Access Point.
SUMMARY
A Denial of Service (DoS) vulnerability was discovered during standard
bug reporting procedures. A
Date: 01/02/2011 (dd/MM/)
Script: TinyWebGallery
Version: 1.8.3 (No fixes yet, might work on other versions too).
Home: http://www.tinywebgallery.com
--
Vulnerability: Non-persistent XSS
Where:
~ File: /admin/index.php
~ Parameters: sview, tview, dir, item.
Examples:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - Corelabs Advisory
http://corelabs.coresecurity.com/
Cisco WebEx .atp and .wrf Overflow Vulnerabilities
1. *Advisory Information*
Title: Cisco WebEx .atp and .wrf Overflow Vulnerabilities
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities
Advisory ID: cisco-sa-20110201-webex
Revision 1.0
For Public Release 2011 February 1 1600 UTC (GMT
14 matches
Mail list logo