SAP Cfolders Multiple Linked XSS Vulnerabilities

2009-04-22 Thread Digital Security Research Group [DSecRG]
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-021 Original advisory: http://dsecrg.com/pages/vul/show.php?id=121 Application:SAP Cfolders (SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms (collaboration rooms)) Vendor URL:

SAP Cfolders Multiple Stored XSS Vulnerabilies

2009-04-22 Thread Digital Security Research Group [DSecRG]
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-014 Original advisory: http://dsecrg.com/pages/vul/show.php?id=114 Application:SAP Cfolders (included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms) Vendor URL:

[TZO-12-2009] SUN / Oracle JVM Remote code execution

2009-04-22 Thread Thierry Zoller
__ SUN/ORACLE JAVA VM Remote code execution __ Release mode: Coordinated. Ref : TZO-122009- SUN Java remote code execution WWW :

[Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities

2009-04-22 Thread Bkis
010 Editor Multiple Buffer Overflow Vulnerabilities 1. General Information 010 Editor is a text editor and hex editor, with a lot of functions as view and edit binary files, analyze and edit binary data, import and export binary data in many different formats. Bkis has just found many

[Tool] sqlmap 0.7rc1 released

2009-04-22 Thread Bernardo Damele A. G.
Hi, I am glad to release sqlmap version 0.7rc1. WARNING: This release is a candidate, it only works on Linux so please do not complain that it does not work on your Windows or Mac OS X systems. Introduction sqlmap is an open source command-line automatic SQL injection tool. Its

FreeBSD Security Advisory FreeBSD-SA-09:07.libc

2009-04-22 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-09:07.libc Security Advisory The FreeBSD Project Topic:

[ MDVSA-2009:093 ] mpg123

2009-04-22 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:093 http://www.mandriva.com/security/

Re: [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities

2009-04-22 Thread Tavis Ormandy
Bkis s...@bkav.com.vn wrote: Bkis has just found many vulnerabilities in the software, related to the processing of 010 Editor Binary Template files (“.bt”) and 010 Editor Script Files (“.1sc”). These vulnerabilities are very dangerous due to the fact that they allow hackers to execute

FreeBSD Security Advisory FreeBSD-SA-09:08.openssl

2009-04-22 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-09:08.opensslSecurity Advisory The FreeBSD Project Topic:

[SECURITY] [DSA 1778-1] New mahara packages fix cross-site scripting

2009-04-22 Thread Nico Golde
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1778-1secur...@debian.org http://www.debian.org/security/ Nico Golde April 22nd, 2009

[ MDVSA-2009:094 ] mysql

2009-04-22 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:094 http://www.mandriva.com/security/

Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP

2009-04-22 Thread Vladimir '3APA3A' Dubrovin
Dear Stefan Kanthak, As far as I can see, Internet Explorer actually uses flash10b.ocx. Adobe Flash Player 10.0 r22 --Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com: SK Windows Update (as well as Microsoft Update and the Automatic Update) SK installs an outdated (and