===
Ubuntu Security Notice USN-1014-1 November 04, 2010
pidgin vulnerabilities
CVE-2010-1624, CVE-2010-3711
===
A security issue affects the following Ubuntu releases:
Ubuntu 8
===
Ubuntu Security Notice USN-1013-1 November 04, 2010
freetype vulnerabilities
CVE-2010-3311, CVE-2010-3814, CVE-2010-3855
===
A security issue affects the following Ubuntu re
===
Ubuntu Security Notice USN-1012-1 November 04, 2010
cups, cupsys vulnerability
CVE-2010-2941
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Directory Traversal is not only a web-server vulnerability, neza0x. Webapps can
be vulnerable as
well. Or 3rd party [nginx|apache|etc] modules, for that matter.
On 11/03/2010 05:49 PM, nez...@gmail.com wrote:
> Directory Traversal still alive? I me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:220
http://www.mandriva.com/security/
_
Vulnerability ID: HTB22677
Reference: http://www.htbridge.ch/advisory/bbcode_xss_in_eocms.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, A
Vulnerability ID: HTB22676
Reference: http://www.htbridge.ch/advisory/lfi_in_eocms_1.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: Local File Inclusion
Status: Not Fixed, Vendor Alerted, Awaiting Vend
Vulnerability ID: HTB22675
Reference: http://www.htbridge.ch/advisory/sql_injection_in_eocms.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Ven
Vulnerability ID: HTB22674
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_eocms.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: Path disclosure
Status: Not Fixed, Vendor Alerted, Awaiting
Vulnerability ID: HTB22673
Reference: http://www.htbridge.ch/advisory/lfi_in_eocms.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: Local File Inclusion
Status: Not Fixed, Vendor Alerted, Awaiting Vendor
Vulnerability ID: HTB22672
Reference: http://www.htbridge.ch/advisory/xss_in_textpattern_cms.html
Product: Textpattern CMS
Vendor: Team Textpattern ( http://textpattern.com/ )
Vulnerable Version: 4.2.0
Vendor Notification: 21 October 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: F
Vulnerability ID: HTB22671
Reference: http://www.htbridge.ch/advisory/sql_injection_in_minibb.html
Product: MiniBB
Vendor: MiniBB.com ( http://www.minibb.com/ )
Vulnerable Version: 2.5
Vendor Notification: 21 October 2010
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiti
Vulnerability ID: HTB22669
Reference:
http://www.htbridge.ch/advisory/reset_admin_password_in_sweetrice_cms.html
Product: SweetRice CMS
Vendor: basic-cms.org ( http://www.basic-cms.org/ )
Vulnerable Version: 0.6.7
Vendor Notification: 21 October 2010
Vulnerability Type: Logic error
Status: Not F
Vulnerability ID: HTB22668
Reference: http://www.htbridge.ch/advisory/xss_in_sweetrice_cms.html
Product: SweetRice CMS
Vendor: basic-cms.org ( http://www.basic-cms.org/ )
Vulnerable Version: 0.6.7
Vendor Notification: 21 October 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by
Vulnerability ID: HTB22665
Reference:
http://www.htbridge.ch/advisory/shell_create__command_execution_in_jaf_cms.html
Product: JAF CMS
Vendor: JAF CMS ( http://jaf-cms.sourceforge.net/ )
Vulnerable Version: 4.0 RC2
Vendor Notification: 21 October 2010
Vulnerability Type: Shell create & command e
Vulnerability ID: HTB22666
Reference: http://www.htbridge.ch/advisory/rfi_in_jaf_cms.html
Product: JAF CMS
Vendor: JAF CMS ( http://jaf-cms.sourceforge.net/ )
Vulnerable Version: 4.0 RC2
Vendor Notification: 21 October 2010
Vulnerability Type: Remote File Inclusion
Status: Not Fixed, Vendor Alert
Vulnerability ID: HTB22667
Reference: http://www.htbridge.ch/advisory/sql_injection_in_sweetrice_cms.html
Product: SweetRice CMS
Vendor: basic-cms.org ( http://www.basic-cms.org/ )
Vulnerable Version: 0.6.7
Vendor Notification: 21 October 2010
Vulnerability Type: SQL Injection
Status: Fixed by Ve
Vulnerability ID: HTB22670
Reference: http://www.htbridge.ch/advisory/bbcode_xss_in_minibb.html
Product: MiniBB
Vendor: MiniBB.com ( http://www.minibb.com/ )
Vulnerable Version: 2.5
Vendor Notification: 21 October 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alert
#In The Name Of God
# Adsoft Remote Sql Injection Vulnerability
###
#AUTHOR: md.r00t
#Mail: md.r00t.defa...@gmail.com
#Forum: http://ajaxtm.com/forum
###
#Google D0rk:
# "Powered by AdSOFT"
#
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Summary
===
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* There is a way to inject both headers and content to users, causing
a serious
Zen Cart 1.3.9h Local File Inclusion Vulnerability
Name Zen Cart
Vendorhttp://www.zen-cart.com
Versions Affected 1.3.9h
AuthorSalvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [
Directory Traversal still alive? I mean, does your tool bypass Apache, IIS
latest versions? Or it is applicable to IIS 4?
It would be nice to have new techniques, improve multi-byte encoders and so on.
Sent via BlackBerry from Danux Network
-Original Message-
From: "chr1x"
Date: Fri, 2
22 matches
Mail list logo