[SECURITY] [DSA 2531-1] xen security update

2012-08-20 Thread Luciano Bello
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2531-1 secur...@debian.org http://www.debian.org/security/ Luciano Bello August 18, 2012

[ MDVSA-2012:139 ] postgresql

2012-08-20 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:139 http://www.mandriva.com/security/

[ MDVSA-2012:140 ] mono

2012-08-20 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:140 http://www.mandriva.com/security/

ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability

2012-08-20 Thread YGN Ethical Hacker Group
1. OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Cross-site Request Forgery (CSRF / XSRF). 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System (a CMS) for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a

ocPoral CMS 8.x | Session Hijacking Vulnerability

2012-08-20 Thread YGN Ethical Hacker Group
1. OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Session Hijacking flaw which could allow attackers to compromise administrator session. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System (a CMS) for building and maintaining a dynamic website. ocPortal's

NGS00330 Patch Notification: Squiz CMS Directory Traversal

2012-08-20 Thread Research@NGSSecure
High risk vulnerability in Squiz CMS 20 August 2012 Robert Ray of NCC Group has discovered a High risk vulnerability in Squiz CMS Impact: Directory Traversal Versions affected: Squiz CMS V11654 An updated version of the software has been released to address these vulnerabilities:

NGS00208 Patch Notification: Moodle CMS stored XSS

2012-08-20 Thread Research@NGSSecure
High risk vulnerability in Moodle CMS 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Moodle CMS Impact: Stored XSS Versions affected: Moodle v2.2.1 An updated version of the software has been released to address these vulnerabilities:

NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection

2012-08-20 Thread Research@NGSSecure
High risk vulnerability in SysAid Helpdesk 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in SysAid Helpdesk Impact: Blind SQL injection Versions affected: SysAid Helpdesk Pro v8.5.04 An updated version of the software has been released to address these

NGS00242 Patch Notification: SysAid Helpdesk stored XSS

2012-08-20 Thread Research@NGSSecure
High risk vulnerability in SysAid Helpdesk 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in SysAid Helpdesk Impact: Stored XSS Versions affected: SysAid Helpdesk Pro v8.5.04 An updated version of the software has been released to address these

APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1

2012-08-20 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1 Apple Remote Desktop 3.6.1 is now available and addresses the following: Apple Remote Desktop Available for: Apple Remote Desktop 3.0 or later Impact: Connecting to a third-party VNC server with