ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-157
May 9, 2011
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Mozilla
-- Affected Products:
Mozilla Firefox
-- TippingPoint(TM) IPS
Civica Spydus Library Management System (LMS) - Cross-site Scripting
Vulnerability
http://www.osisecurity.com.au/advisories/civica-spydus-library-management-system-cross-site-scripting
Release Date:
04-May-2011
Software:
Civica - Spydus
http://www.civicaplc.com/
"Libraries and information servic
On Thu, 20 Jan 2011, advis...@htbridge.ch wrote:
: Vulnerability ID: HTB22785
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_pixie.html
:
: Vulnerability Details:
: The vulnerability exists due to failure in the "/index.php" script to
properly sanitize user-supplied input in "ref
Vulnerability ID: HTB22974
Reference: http://www.htbridge.ch/advisory/multiple_xss_in_calendarix.html
Product: Calendarix
Vendor: http://www.calendarix.com ( http://www.calendarix.com )
Vulnerable Version: 0.8.20080808
Vendor Notification: 26 April 2011
Vulnerability Type: XSS (Cross Site Scripti
Vulnerability ID: HTB22975
Reference: http://www.htbridge.ch/advisory/sql_injection_in_calendarix.html
Product: Calendarix
Vendor: http://www.calendarix.com ( http://www.calendarix.com )
Vulnerable Version: 0.8.20080808
Vendor Notification: 26 April 2011
Vulnerability Type: SQL Injection
Risk lev