===
Summary
===
Name: Lumension Device Control (formerly Sanctuary) remote memory corruption
Release Date: 24 August 2011
Reference: NGS00054
Discoverer: Andy Davis
Vendor: Lumension
Vendor Reference:
Systems Affected: Lumension Device Control v4.4 SR6
Risk: High
Status: Published
==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco
Intercompany Media Engine
Advisory ID: cisco-sa-20110824-ime
Revision 1.0
For Public Release 2011 August 24 1600 UTC (GMT)
+--
ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-276
August 23, 2011
-- CVE ID:
CVE-2011-2140
-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## LAB GRAPHIC DESIGN (index.php?categoria_id)
##
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## Data Center Foz (product_cat.php?CATEGORIA_ID)
##
#
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## Nativedreams (Fabarth_gallery.php?categoria_id)
##
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## Nafis Group (review.php?ID)
##
--
(PT-2011-23) Positive Technologies Security Advisory
Database information disclosure in GLPI
--
---[ Vulnerable software ]
Software: JagoanStore CMS
Vendor: www.jagoanstore.com
Price: Rp.900.000 (IDR)
Vuln Type: Arbitary file upload
Author: eidelweiss
contact: eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss-advisories.blogspot.com
Gratz: Devilzc0de, YOGYACARDERLINK, and YOU !!!
References:
http://eidelweis
ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-273
August 23, 2011
-- CVE ID:
CVE-2011-2735
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
EMC
-- Affected Products:
EMC AutoStart
-- Tipping
Hi all;
We have been informed that SQL-Ledger 2.8.34 has in fact been released
patching the security hole previously reported in LedgerSMB 1.2.24 and
Lower. This is an SQL injection issue.
I haven't been been able to find a CVE listing for this yet. Secunia
has assigned this the id of SA45649 f
==
Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls
Adam Bixby - Gotham Digital Science (l...@gdssecurity.com)
Public Release Date: 8/9/2011
Confirmed Affected Software: Microsoft Report Viewer Redistributable 2005 SP1
and Microsoft V
Vulnerability title: NetSaro Enterprise Messenger Server Administration Console
Null Byte Request Source Code Disclosure
CVSS Risk Rating: 5 (Medium)
Product: NetSaro Enterprise Messenger Server
Application Vendor: SEM Software
Vendor URL: http://www.netsaro.com/
Public disclosure date: 8/22/
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id)
##
#
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## Simply Media Web (archivio.asp?categoria_id)
##
###
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## Warah Agencia (productos.php?categoria_id)
##
#
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## Alfazeta (list-prodotti.php?idcategoria)
##
###
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## CreatiWeb
##
###
#
IRANIAN THE BEST HACKERS IN THE WORLD
##
##
## Remote SQL injection Vulnerability
##
## ValtNet (photogallery.html?id_categoria)
##
###
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] php (SSA:2011-237-01)
New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, 13.37, and -current to fix security issues.
Here are the details from the Slackware 13.37 ChangeLog:
+-
[ PHP 5.3.6 ZipArchive invalid use glob(3) ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://securityreason.net/
http://cxib.net/
Date:
- Dis.: 01.04.2011
- Pub.: 19.08.2011
CVE: CVE-2011-1657
Affected Software (verified):
PHP 5.3.6 and prior
Fixed:
PHP 5.3.7
Original URL:
ht
PRE-CERT Security Advisory
==
* Advisory: PRE-SA-2011-06
* Released on: 19 August 2011
* Last updated on: 19 August 2011
* Affected product: Linux Kernel 2.4, 2.6, and 3.0
* Impact: denial-of-service
* Origin: Be file system
* Credit: Timo Warns (PRESENSE Technologies GmbH)
ZDI-11-275: EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-275
August 23, 2011
-- CVE ID:
CVE-2011-2735
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
EMC
-- Affected Products:
EMC AutoStart
--
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Wicket 1.4.x
Apache Wicket 1.3.x and 1.5-RCx are not affected
Description:
With multi window support application configuration and special query
parameters it
is possible to execute any kind of JavaScript on a
[ PHP 5.3.6 multiple null pointer dereference ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://securityreason.net/
http://cxib.net/
Date:
- Dis.: 20.07.2011
- Pub.: 19.08.2011
Affected Software (verified):
PHP 5.3.6 and prior
Fixed:
PHP 5.3.7
Original URL:
http://securityrea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20110824-cucm
Revision 1.0
For Public Release 2011 August 24 1600 UTC (GMT)
+---
ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-274
August 23, 2011
-- CVE ID:
CVE-2011-2735
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
EMC
-- Affected Products:
EMC AutoStart
-
Hi all;
The LedgerSMB development team has found an SQL injection issue in
LedgerSMB 1.2.24. Because this issue stems from our common SQL-Ledger
heritage, it affects all versions of LedgerSMB and has been confirmed
in SQL-Ledger 2.8.33. We contacted Dieter when we initially
discovered this and
___
Insomnia Security Vulnerability Advisory: ISVA-110822.1
___
Name: Pidgin IM Insecure URL Handling Remote Code Execution
Reported: 21 July 2011
Vendor Link:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2297-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
August 21, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2011-030: RSA, The Security Division of EMC, announces security fixes for
RSA enVision
Advisories
Updated August 22, 2011
Summary:
RSA, The Security Division of EMC, announces security fixes to address two
security vulnerabilities in RSA e
Concrete CMS 5.4.1.1 <= Cross Site Scripting
1. OVERVIEW
Concrete CMS 5.4.1.1 and lower versions are vulnerable to Cross Site Scripting.
2. BACKGROUND
Concrete5 makes running a website easy. Go to any page in your site,
and a editing toolbar gives you all the controls you need to update
yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Open Query Interface in Cisco Unified
Communications Manager and Cisco Unified Presence Server
Advisory ID: cisco-sa-20110824-cucm-cups
Revision 1.0
For Public Release 2011 August 24 1600 UTC (GMT)
+-
33 matches
Mail list logo