ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability

2011-05-10 Thread ZDI Disclosures
ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-157 May 9, 2011 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox -- TippingPoint(TM) IPS

OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability

2011-05-10 Thread Patrick Webster
Civica Spydus Library Management System (LMS) - Cross-site Scripting Vulnerability http://www.osisecurity.com.au/advisories/civica-spydus-library-management-system-cross-site-scripting Release Date: 04-May-2011 Software: Civica - Spydus http://www.civicaplc.com/ "Libraries and information servic

Re: SQL Injection in Pixie

2011-05-10 Thread security curmudgeon
On Thu, 20 Jan 2011, advis...@htbridge.ch wrote: : Vulnerability ID: HTB22785 : Reference: http://www.htbridge.ch/advisory/sql_injection_in_pixie.html : : Vulnerability Details: : The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "ref

HTB22974: Multiple XSS in Calendarix

2011-05-10 Thread advisory
Vulnerability ID: HTB22974 Reference: http://www.htbridge.ch/advisory/multiple_xss_in_calendarix.html Product: Calendarix Vendor: http://www.calendarix.com ( http://www.calendarix.com ) Vulnerable Version: 0.8.20080808 Vendor Notification: 26 April 2011 Vulnerability Type: XSS (Cross Site Scripti

HTB22975: SQL injection in Calendarix

2011-05-10 Thread advisory
Vulnerability ID: HTB22975 Reference: http://www.htbridge.ch/advisory/sql_injection_in_calendarix.html Product: Calendarix Vendor: http://www.calendarix.com ( http://www.calendarix.com ) Vulnerable Version: 0.8.20080808 Vendor Notification: 26 April 2011 Vulnerability Type: SQL Injection Risk lev