Elastix PBX Extensions Enumeration

# Exploit Title: Elastix PBX Extensions Enumeration # Date: 1 Oct 2011 # Author: Bassem Saleh # Contact: Injector[at]live[dot]com # Software Link: [http://www.elastix.org/] # Version: 2.X and may be below versions # Tested on: 2.0.3

[ MDVSA-2011:139 ] firefox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:139 http://www.mandriva.com/security/

[ MDVSA-2011:140 ] mozilla-thunderbird

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:140 http://www.mandriva.com/security/

[ MDVSA-2011:141 ] firefox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:141 http://www.mandriva.com/security/

[ MDVSA-2011:142 ] mozilla-thunderbird

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:142 http://www.mandriva.com/security/

SonicWall Viewpoint v6.0 SP2 - SQL Injection Vulnerability

Title: == SonicWall Viewpoint v6.0 SP2 - SQL Injection Vulnerability Date: = 2011-10-01 References: === http://www.vulnerability-lab.com/get_content.php?id=196 VL-ID: = 196 Introduction: = SonicWALL® ViewPoint™ ist ein benutzerfreundliches webbasiertes

Netvolution referer header SQL injection vulnerability

Netvolution CMS v2.5.8 is vulnerable to a blind SQL injection attack in the HTTP “referer” header. A malicious user may utilize this vulnerability to modify content on the vulnerable website, inject malicious javascript code to a visitor’s browser, collect CMS usernames and plaintext passwords

Vulnerabilities in Cytel Studio 9

### Luigi Auriemma Application: Cytel Studio: StatXact / LogXact / CrossOver http://www.cytel.com/Software/StatXact.aspx http://www.cytel.com/Software/LogXact.aspx

Vulnerabilities in GenStat 14.1.0.5943

### Luigi Auriemma Application: GenStat http://www.vsni.co.uk/software/genstat/ Versions: = 14.1.0.5943 Platforms:Windows Bugs: A] array overflow with write2

DDIVRT-2011-36 Cybele Software, Inc. ThinVNC Product Suite Arbitrary File Retrieval

Title - DDIVRT-2011-36 Cybele Software, Inc. ThinVNC Product Suite Arbitrary File Retrieval Severity High Date Discovered --- September 6th, 2011 Discovered By - Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description

Phorum 5.2.18 Cross-site scripting vulnerability

Advisory: Phorum 5.2.18 Cross-site scripting vulnerability Advisory ID:SSCHADV2011-023 Author: Stefan Schurtz Affected Software: Successfully tested on Phorum 5.2.18 Vendor URL: http://www.phorum.org/ Vendor Status: informed

[SECURITY] [DSA 2314-1] puppet security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2314-1secur...@debian.org http://www.debian.org/security/ Nico Golde Oct 3, 2011

DDIVRT-2011-34 Metropolis Technologies OfficeWatch Directory Traversal

Title - DDIVRT-2011-34 Metropolis Technologies OfficeWatch Directory Traversal Severity High Date Discovered --- August 15, 2011 Discovered By - Digital Defense, Inc. Vulnerability Research Team Credit: Chris Graham and r@b13$ Vulnerability Description