FreeWebshop = 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability
author...: Egidio Romano aka EgiX
mail.: n0b0d13s[at]gmail[dot]com
software link: http://www.freewebshop.org/
affected versions: from 0.9.12 to 2.2.3
[-] vulnerable code in
#
#
#
#Islamic Republic Of Iran Security Team
a bug in wordpress Flexible Custom Post Type plugin that allows to us to occur
a Cross-Site Scripting on a Remote machin.
#
#
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01915145
Version: 2
HPSBOV02470 SSRT080123 rev.2 - HP TCP/IP Services for OpenVMS Running SMTP
Server, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-329
November 16, 2011
- -- CVE ID:
CVE-2011-4052
- -- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
- -- Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-330
November 16, 2011
- -- CVE ID:
CVE-2011-4051
- -- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2346-2 secur...@debian.org
http://www.debian.org/security/Florian Weimer
November 16, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2347-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
November 16, 2011
-BEGIN PGP SIGNED MESSAGE-
CA2016-01: Security Notice for CA Directory
Issued: November 16, 2011
CA Technologies Support is alerting customers to a potential risk
with CA Directory. A vulnerability exists that can allow a remote
attacker to cause a denial of service condition.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:176
http://www.mandriva.com/security/
==
Secunia Research 17/11/2011
- DVR Remote ActiveX Control DVRobot Library Loading Vulnerability -
==
Table of Contents
Affected
Advisory:Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
Advisory ID: INFOSERVE-ADV2011-01
Author: Stefan Schurtz
Contact: secur...@infoserve.de
Affected Software: Successfully tested on Tiki 7.2 8.0 RC1
Vendor URL:
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
Security vulnerability was founded in sap EPS_DELETE_FILE RFC function allows
attacker to delete files remotely or steal hashes of SAP server account in
windows environment using SMBRelay attack.
Digital Security
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
com.sap.ipc.webapp.ipcpricing application has information disclose
vulnerability
Digital Security Research Group [DSecRG] Advisory DSECRG-11-032 (Internal
DSecRG-00197)
Application: SAP NetWeaver
Versions Affected:
[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose
Attacker can get information about mobile engine version and sometimes the name
of the technical user.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver MI 2
Vendor URL: http://www.SAP.com
Bugs:
[DSECRG-11-037] SAP BW Doc - Multiple XSS
BW DOC metadata application in SAP NetWeaver is vulnerable to XSS attack.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Bugs:XSS
Reported:14.03.2011
Vendor response:
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability
SAP RSTXSCRP Report has path traversal vulnerability which can lead to SMB
relay attack and full control on system.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL:
[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability
(NEW)
TH_GREP report is vulnerable for command execution vulnerability which is
working with previous patch (note 1433101). Remote OS command execution is
possible
Application: SAP NetWeaver
[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation
Attacker can create a new user in J2EE Engine using CSRF attack on SPML
service.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Bugs:CSRF
Reported:
[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering)
Authentication bypass vulnerability in SAP NetWeaver CTC service can be
exploited for unauthorized user management and OS command execution.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability
XSS vulnerability found in pubDBLogon.jsp page of SAP Crystal Report Server
2008.
Application: SAP Crystal Report Server 2008
Versions Affected: SAP Crystal Report Server 2008
Vendor URL: http://www.sap.com
Vulnerability ID: HTB23055
Reference:
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_weberp.html
Product: webERP
Vendor: www.weberp.org ( http://www.weberp.org )
Vulnerable Version: 4.05 and probably prior
Tested Version: 4.05
Vendor Notification: 26 October 2011
Vulnerability
22 matches
Mail list logo