Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability

= Yaniv Miron aka "Lament" Advisory March 7, 2010 Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability = = I. BACKGROUND = Based on the co

CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio

I. BACKGROUND GNU Tar and GNU Cpio are popular programs for managing archive files. Both programs are included in many linux distributions. GNU Tar is commonly used for exchanging source code archives. Both programs include a client implementation for the remote mag tape protocol (rmt). This pro

[SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2010 secur...@debian.org http://www.debian.org/security/ Dann Frazier March 10, 2010 http

[SECURITY] [DSA 2009-1] New tdiary packages fix cross-site scripting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2009-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris March 09, 2010

[USN-908-1] Apache vulnerabilities

=== Ubuntu Security Notice USN-908-1 March 10, 2010 apache2 vulnerabilities CVE-2010-0408, CVE-2010-0434 === A security issue affects the following Ubuntu releases: Ubuntu 6

Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability

== Secunia Research 10/03/2010 - XnView DICOM Parsing Integer Overflow Vulnerability - == Table of Contents Affected Software

[ MDVSA-2010:059 ] virtualbox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:059 http://www.mandriva.com/security/

iDefense Security Advisory 03.09.10: Microsoft Excel MDXSET Record Heap Overflow Vulnerability

iDefense Security Advisory 03.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 09, 2010 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website: http://office.mic

Secunia Research: Employee Timeclock Software Backup Information Disclosure

== Secunia Research 10/03/2010 - Employee Timeclock Software Backup Information Disclosure - == Table of Contents Affected Software..

iDefense Security Advisory 03.09.10: Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability

iDefense Security Advisory 03.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 09, 2010 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website: http://office.mic

iDefense Security Advisory 03.09.10: Microsoft Excel Sheet Object Type Confusion Vulnerability

iDefense Security Advisory 03.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 09, 2010 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website: http://office.mic

Vulnerabilities in Hydra Engine

Hello Bugtraq! I want to warn you about vulnerabilities in Hydra Engine. It's commercial Ukrainian CMS. - Advisory: Vulnerabilities in Hydra Engine - URL: http://websecurity.com.ua/3453/ - Timeline: 26.08.2009 -

VUPEN Security Research - Microsoft Office Excel Record Processing Code Execution Vulnerability

VUPEN Security Research - Microsoft Office Excel Record Processing Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - "Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share informa

Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure

== Secunia Research 10/03/2010 - Employee Timeclock Software "mysqldump" Password Disclosure - == Table of Contents Affected Software

Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities

== Secunia Research 10/03/2010 - Employee Timeclock Software SQL Injection Vulnerabilities - == Table of Contents Affected Software.

CORE-2009-1103: Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability 1. *Advisory Information* Title: Microsoft Office Excel DbOrParamQry Record Pars

ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability

ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-026 March 9, 2010 -- CVE ID: CVE-2010-0447 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Performance Insight -- Tipp

iDefense Security Advisory 03.09.10: Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability

iDefense Security Advisory 03.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 09, 2010 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website: http://office.mic

[xss] a xss on "threadid" parameter in BBSMAX

i found a xss on "threadid" parameter in "post.aspx" in BBSMAX , it's "post.aspx?action=reply&threadid=" Vulnerable: BBSMAX 4.2 BBSMAX 4.1 BBSMAX 3.0 For example: http://bbs.example.com/forum1/post.aspx?action=reply&threadid=";>alert(/liscker/); BBSMAX Home Page : http://www.bbs

CORE-2009-0813: Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow 1. *Advisory Information* Title: Windows Movie Maker and Microsof