[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and
SessionFixation Issues
Details
===
Product: moziloWiki
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: http://www.mozilo.de/
Vendor-Status: informed
Advisory-Status: published
Credits
White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x
Product: ActiveSync 4.x
Platform: NA
Requirements: NA
Credits:
Seth Fogie
White Wolf Security
http://www.whitewolfsecurity.com
August 21, 2008
Risk Level:
Medium - Full TCP/IP access via RNDIS protocol
rPath Security Advisory: 2008-0286-1
Published: 2008-09-29
Products:
rPath Linux 2
Rating: Major
Exposure Level Classification:
Remote User Deterministic Vulnerability
Updated Versions:
[EMAIL PROTECTED]:2/1.2.6-5-0.1
References:
On 28 sept. 08, at 20:27, Aditya K Sood wrote:
Mozilla Firefox User Interface Null Pointer Dereference Dispatcher
Crash
and Remote Denial of Service.
*Version Tested:*
Mozilla 3.0.3 - 1.9.0 Branch /(Specifically for Latest Version)/
*Severity:*
High
This POC also affects Firefox 3.0.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:208
http://www.mandriva.com/security/
!--
Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit
by Nine:Situations:Group::bruiser
site: http://retrogod.altervista.org/
tested against IE6
tested software: Revit Architecture 2009 sp2
Autodesk Design Review 2009 (which also comes with
This DOS works quite nicely on Konqueror / KDE 3.5.9 too.
jv.
On 29 Sep 2008 19:59:55 -, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
!--
MS Internet Explorer 7 Denial Of Service Exploit
Type :
Denial Of Service
Release Date :
{2007-09-29}
Product / Vendor :
Microsoft
Not really - what I am not doing is trying to beat up a firmware
problem that whilst being quite bad can be mitigated by using native
features of Solaris. Too bad if OpenBSD cannot do the same - I am not
really sure about the benefits of OpenBSD on that scale of hardware
anyway considering
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
eFront = 3.5.1 / build 2710: Remote File Inclusion Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$ Program: eFront
$ File affected: studentpage.php / professorpage
$ Version: 3.5.1 / build 2710
$
MYSQL COMMAND-LINE CLIENT HTML INJECTION VULNERABILITY
Thomas Henlich [EMAIL PROTECTED]
DESCRIPTION
The mysql command-line client does not quote HTML special characters
like in its output. This allows an attacker who is able to write data
into a table to hide or modify records in the output,
International Hacking Security Conference POC2008
The 3rd international hacking and security conference POC2008
by hackers will be held in Seoul, Korea on November 13 ~ 14.
'POC' means Power of Community. We believe that the power of
community can make the world safer. POC doesnt pursue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- Security Advisory -
- - WordPress MU 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability -
- ---
Product: Wordpress-MU (multi-user)
Version: Versions prior to 2.6 are affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 28 Sep 2008 01:11:06 -0400 Aditya K Sood
[EMAIL PROTECTED] wrote:
*Severity:*
High
Would you care to explain why this is even REMOTELY high severity?
This is at least the second browser crash you've reported as a
vulnerability with high
This issue, as reported to us by Aditya, is being tracked at
http://code.google.com/p/chromium/issues/detail?id=2877. We would like to note
that we discovered the outlined behavior several weeks ago internally, and
publicly reported it to Webkit: https://bugs.webkit.org/show_bug.cgi?id=20661
===
Ubuntu Security Notice USN-648-1 September 30, 2008
nasm vulnerability
CVE-2008-2719
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This
15 matches
Mail list logo