[USN-1108-1] DHCP vulnerability

=== Ubuntu Security Notice USN-1108-1April 11, 2011 dhcp3 vulnerability CVE-2011-0997 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu

Medium severity flaw in Konqueror

I was recently taking a look at Konquerer and spotted an example of universal XSS. Essentially, the error page displayed when a requested URL is not available includes said URL. If said URL includes HTML fragments these will be rendered. CVE-2010-2952 has been assigned to this issue. Tim --

HTB22930: Multiple XSS in WebCalendar

Vulnerability ID: HTB22930 Reference: http://www.htbridge.ch/advisory/xss_in_webcalendar.html Product: WebCalendar Vendor: k5n.us ( http://www.k5n.us/ ) Vulnerable Version: 1.2.3 Vendor Notification: 29 March 2011 Vulnerability Type: XSS (Cross Site Scripting) Risk level: Medium Credit:

Re: [Full-disclosure] Medium severity flaw in Konqueror

* [2011-04-11 22:07:24 +0100] Tim Brown wrote: I was recently taking a look at Konquerer and spotted an example of universal XSS. Essentially, the error page displayed when a requested URL is not available includes said URL. If said URL includes HTML fragments these will be rendered.

CFP for BugCON 2011 @ Mexico City

o BugCON Security Conferences 2011 Safety is just a myth…! October 5 - 7 @ Mexico City CALL FOR PAPERS www.bugcon.org o BugCON is a purely technical convention where all security researchers can show their research, projects and ideas. The main topics for BugCON 2011 are: * Software

HTB22925: Path disclosure in Plogger

Vulnerability ID: HTB22925 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_plogger.html Product: Plogger Vendor: Plogger Team ( http://www.plogger.org/ ) Vulnerable Version: 1.0 RC1 Vendor Notification: 29 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit:

[SECURITY] [DSA 2218-1] vlc security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2218-1 secur...@debian.org http://www.debian.org/security/Nico Golde April 12, 2011

[IMF 2011] Call for Participation

Dear all, please find enclosed the call for participation for IMF 2011. See the program at: http://www.imf-conference.org/imf2011/program.html The conference will take place from Tuesday, May 10th through Thursday, May 12th in Stuttgart, Germany. Registration Details can be found at:

Stack overflow in Microsoft HTML Help 6.1 (CHM files)

### Luigi Auriemma Application: Microsoft HTML Help http://www.microsoft.com Versions: = 6.1 Platforms:Windows (any version included the latest Windows 7) Bug: stack

HTB22929: Multiple Path disclosure in WebsiteBaker

Vulnerability ID: HTB22929 Reference: http://www.htbridge.ch/advisory/multiple_path_disclosure_in_websitebaker.html Product: WebsiteBaker Vendor: Website Baker Org ( http://www.websitebaker2.org/ ) Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: Path disclosure

HTB22928: Multiple SQL Injections in WebsiteBaker

Vulnerability ID: HTB22928 Reference: http://www.htbridge.ch/advisory/multiple_sql_injections_in_websitebaker.html Product: WebsiteBaker Vendor: Website Baker Org ( http://www.websitebaker2.org/ ) Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: SQL Injection

[security bulletin] HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02267197 Version: 1 HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin

Re: [Full-disclosure] Medium severity flaw in Konqueror

On Tuesday 12 April 2011 03:36:24 Vincent Danen wrote: * [2011-04-11 22:07:24 +0100] Tim Brown wrote: I was recently taking a look at Konquerer and spotted an example of universal XSS. Essentially, the error page displayed when a requested URL is not available includes said URL. If said URL