#
Simple PHP Newsletter Remote Admin Password Change With
install path
#
Simple PHP Newsletter Remote Admin Password Change With
install path
#
# #
# Author: alieye #
# #
#
Vulnerability ID: HTB22905
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_wordpress.html
Product: Wordpress
Vendor: http://wordpress.org/ ( http://wordpress.org/ )
Vulnerable Version: 3.1
Vendor Notification: 15 March 2011
Vulnerability Type: Path disclosure
Status: Not Fixed
Risk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2205-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
March 28, 2011
#
WESPA PHP Newsletter v3.0 Remote Admin Password Change With
install path
#
# #
# Author: alieye #
# #
Vulnerability ID: HTB22904
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_bbpress.html
Product: bbPress
Vendor: http://bbpress.org ( http://bbpress.org )
Vulnerable Version: 1.0.3
Vendor Notification: 15 March 2011
Vulnerability Type: Path disclosure
Risk level: Low
Credit:
Information
Name : XSS vulnerability in Tracks
Software : Tracks 1.7.2.
Vendor Hompeage : http://getontracks.org/
Vulnerability Type : Cross-Site Scripting
Severity : High
Researcher : Mesut Timur mesut [at] mavitunasecurity [dot] com
Advisory Reference : NS-11-003
#
WESPA PHP Newsletter v3.0 Remote Admin Password Change With
install path
I reported this to Oracle, but I have been told that this is part of the
BSD standard and a desire feature (!).
In a nutshell, as an ordinary user, I can bind to a port using a
specific address even if another process is already bound to it with a
wildcard address. This makes it very easy for an
Vulnerability ID: HTB22903
Reference: http://www.htbridge.ch/advisory/xss_in_spitfire_cms.html
Product: Spitfire CMS
Vendor: Spitfire ( http://spitfire.clausmuus.de/ )
Vulnerable Version: 1.0.436
Vendor Notification: 15 March 2011
Vulnerability Type: XSS
Risk level: Medium
Credit: High-Tech
10 matches
Mail list logo
