Vulnerability ID: HTB22716
Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms_1.html
Product: Zimplit CMS
Vendor: Zimplit ( http://www.zimplit.com/ )
Vulnerable Version: Current at 22.11.2010 and Probably Prior Versions
Vendor Notification: 22 November 2010
Vulnerabilit
Vulnerability ID: HTB22715
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms.html
Product: Zimplit CMS
Vendor: Zimplit ( http://www.zimplit.com/ )
Vulnerable Version: Current at 22.11.2010 and Probably Prior Versions
Vendor Notification: 22 November 2010
Vulnerability T
Vulnerability ID: HTB22717
Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms.html
Product: Exponent CMS
Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ )
Vulnerable Version: 2.0.0pr2
Vendor Notification: 22 November 2010
Vulnerability Type: Local File Inclusion
Stat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:248
http://www.mandriva.com/security/
_
Values placed in the URI of the browser are rendered correctly. Orion NPM
10.1 has just been released, so there is no known fix available as of yet.
Examples:
Most "variable=" that I've checked are vulnerable:
http:///Orion/NetPerfMon/MapView.aspx?Map=4f89095c-35fa-4b1b-813f-231270=0225b7.OrionM
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
>
> > Anyone tested this in sandbox yet?
>
> 00:37 linups:../expl/kernel > cat /etc/*release*
> openSUSE 11.3 (i586)
> VERSION = 11.3
> 00:37 linups:../expl/kernel > uname -r
> 2.6.34.4-0.1-desktop
> 00:37 linups:../expl/kernel > gcc _2.6.37.l
Vulnerability ID: HTB22718
Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms_1.html
Product: Exponent CMS
Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ )
Vulnerable Version: 2.0.0pr2
Vendor Notification: 22 November 2010
Vulnerability Type: Local File Inclusion
St
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:249
http://www.mandriva.com/security/
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02639302Version: 1
HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution
of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soo
===
Ubuntu Security Notice USN-1026-1 December 07, 2010
paste vulnerability
CVE-2010-2477
===
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This adv
===
Ubuntu Security Notice USN-1027-1 December 07, 2010
quagga vulnerabilities
CVE-2010-2948, CVE-2010-2949
===
A security issue affects the following Ubuntu releases:
Ubuntu 6
www.eVuln.com advisory:
HTTP Response Splitting in WWWThreads (php version)
Summary: http://evuln.com/vulns/156/summary.html
Details: http://evuln.com/vulns/156/description.html
---Summary---
eVuln ID: EV0156
Software: n/a
Vendor: WWWThreads
Version: 2006.11.25
Critical
===
Ubuntu Security Notice USN-1028-1 December 07, 2010
imagemagick vulnerability
CVE-2010-4167
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubun
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Dan
--snip--
/*
* Linux Kernel <= 2.6.37 local privilege escalation
* by Da
==
Secunia Research 08/12/2010
- QuickTime Track Dimensions Buffer Overflow Vulnerability -
==
Table of Contents
Affected Software..
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
2.6.35-22-generic). Works as expected.
Great job Dan. You're full of win!
Regards,
Ryan Sears
- Original Message -
From: "Cal Leeming [Simplicity Media Ltd]"
To: "Dan Rosenberg"
Cc: full-disclos...@lists.grok.org.u
> Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel > cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel > uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel > gcc _2.6.37.local.c -o test
00:37 linups:../expl/kernel > ./test
[*] Failed to open
iDefense Security Advisory 12.07.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 07, 2010
I. BACKGROUND
QuickTime is Apple's media player product used to render video and other
media. The PICT file format was developed by Apple Inc. in 1984. PICT
files can contain both object-orient
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02586517
Version: 1
HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial
of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as so
===
Ubuntu Security Notice USN-1029-1 December 08, 2010
openssl vulnerabilities
CVE-2008-7270, CVE-2010-4180
===
A security issue affects the following Ubuntu releases:
Ubuntu 6
21 matches
Mail list logo
