-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] ruby (SSA:2012-341-04)
New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix security issues.
Here are the details from the Slackware 14.0 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] libxml2 (SSA:2012-341-03)
New libxml2 packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix a security issue.
Here are the details from the Slackware 14.0 ChangeLog:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2582-1 secur...@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
December 07, 2012
Advisory ID: HTB23120
Product: TVMOBiLi media server
Vendor: TVMOBiLi
Vulnerable Version(s): 2.1.0.3557 and probably prior version
Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits
Vendor Notification: October 15, 2012
Vendor Patch: November 21, 2012
Public Disclosure: December 5, 2012
Advisory ID: HTB23125
Product: ClipBucket
Vendor: clip-bucket.com
Vulnerable Version(s): 2.6 Revision 738 and probably prior
Tested Version: 2.6 Revision 738
Vendor Notification: November 7, 2012
Vendor Patch: November 28, 2012
Public Disclosure: December 5, 2012
Vulnerability Type: SQL
Advisory ID: HTB23126
Product: Achievo
Vendor: www.achievo.org
Vulnerable Version(s): 1.4.5 and probably prior
Tested Version: 1.4.5
Vendor Notification: November 14, 2012
Public Disclosure: December 5, 2012
Vulnerability Type: SQL Injection [CWE-89], Cross-Site Scripting [CWE-79]
CVE
Product: FOOT Gestion
Version: -
Vendor: Winsoft
Vendor site:http://www.footgestion.ch
Status: fixed
Level: High
=
Description
=
FOOT Gestion is a soccer team management CMS. The solution is based on
a software and a CMS website.
The website module is affected by a SQL injection
The CFP is open and a new conference rushes forward. The
shorter version: Package up your PII/contact info that we
need so we can book flights and figure out visas, put
together a summary of who you are and what you want to
talk about that is cool new security research, and email
#
Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities
which affects Wordpress URL
Author: Aditya Balapure
home: http://adityabalapure.blogspot.in/
Date: 24/11/12
version: 0.5
software link: http://wordpress.org/extend/plugins/video-lead-form/
Application- Wordpress Plugin Simple Gmail Login
Exploit - Stack Trace Error
URL- http://wordpress.org/extend/plugins/simple-gmail-login/
Author- Aditya Balapure
Link - http://adityabalapure.blogspot.in/
CVE Assigned- CVE-2012-6313.
Description
Advisory ID: HTB23126
Product: Achievo
Vendor: www.achievo.org
Vulnerable Version(s): 1.4.5 and probably prior
Tested Version: 1.4.5
Vendor Notification: November 14, 2012
Public Disclosure: December 5, 2012
Vulnerability Type: SQL Injection [CWE-89], Cross-Site Scripting [CWE-79]
CVE
Advisory ID: HTB23125
Product: ClipBucket
Vendor: clip-bucket.com
Vulnerable Version(s): 2.6 Revision 738 and probably prior
Tested Version: 2.6 Revision 738
Vendor Notification: November 7, 2012
Vendor Patch: November 28, 2012
Public Disclosure: December 5, 2012
Vulnerability Type: SQL
Advisory ID: HTB23120
Product: TVMOBiLi media server
Vendor: TVMOBiLi
Vulnerable Version(s): 2.1.0.3557 and probably prior version
Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits
Vendor Notification: October 15, 2012
Vendor Patch: November 21, 2012
Public Disclosure: December 5, 2012
13 matches
Mail list logo