[DSECRG-09-032] Oracle Application Server - Linked XSS vulnerability

Digital Security Research Group [DSecRG] Advisory#DSECRG-09-032 Application:Oracle BPEL Console version 10.1.3.3.0 Versions Affected: Oracle BPEL Console version 10.1.3.3.0 Vendor URL: http://www.oracle.com Bugs

"Writing JIT-Spray Shellcode for fun and profit" by DSecRG

"Writing JIT-Spray Shellcode for fun and profit" by Alexey Sintsov from DSecRG (dsecrg.com) Attacks on clients’ browsers have always been the real threat for everyone. And here vulnerabilities have been not only in the browser but also in plug-ins. Bank-clients, business software,

[DSECRG-09-062] Alteon OS BBI (Nortell) - Multiple Vulnerabilities

Digital Security Research Group [DSecRG] Advisory http://dsecrg.com/pages/vul/show.php?id=161 Various XSS and XSRF vulnerabilities were identified in the Alteon OS Browser-Based Interface (BBI). Application: Alteon OS BBI Versions Affected: <= 21.0.8.3 and may be hig

[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-010 http://dsecrg.com/pages/vul/show.php?id=110 Application:Oracle Database 10G Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL: http://oracle.com

[DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-048 http://dsecrg.ru/pages/vul/show.php?id=148 Application:HP LaserJet printer web interface Vulnerable: HP LaserJet 2200, 4350, 4600, 5500, and many others Vendor URL: http

[DSECRG-09-017] SAP GUI vsflexGrid ActiveX - Buffer Overflow vulnerability

its: YES Reported: 26.11.2008 Vendor response:27.11.208 Public Advisory:06.10.2009 Originaly found by: Elazar Broad Author: Alexander Polyakov from Digital Security Research Group [DSecRG] Descript

[DSECRG-09-031] Oracle BEA Weblogic 10.3 Linked ХSS vulnerability

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-031 http://dsecrg.com/pages/vul/show.php?id=131 Application:Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs

[DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability

Digital Security Research Group [DSecRG] Advisory#DSECRG-09-025 http://dsecrg.com/pages/vul/show.php?id=125 Application:Oracle Secure Enterprise Search (SES) Versions Affected: Oracle Secure Enterprise Search (SES) version 10.1.8.2.0 Vendor URL

[DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-038 Original advisory: http://dsecrg.com/pages/vul/show.php?id=138 Application:Sun Glassfish Woodstock Project (part of Glassfish Enterprise Server) Versions Affected: 4.2 Vendor URL

[DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-034 Original advisory: http://dsecrg.com/pages/vul/show.php?id=134 Application:Sun Glassfish Enterprise Server Versions Affected: 2.1 Vendor URL: https://glassfish.dev.java.net/ Bug

SAP Cfolders Multiple Stored XSS Vulnerabilies

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-014 Original advisory: http://dsecrg.com/pages/vul/show.php?id=114 Application:SAP Cfolders (included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms) Vendor URL

SAP Cfolders Multiple Linked XSS Vulnerabilities

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-021 Original advisory: http://dsecrg.com/pages/vul/show.php?id=121 Application:SAP Cfolders (SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms (collaboration rooms)) Vendor URL

[DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities

Original Advisory: http://dsecrg.com/pages/vul/show.php?id=120 Digital Security Research Group [DSecRG] Advisory #DSECRG-09-020 Application:Apache Geronimo Application Server Versions Affected: 2.1 - 2.1.3 Vendor URL: http://geronimo.apache.org

[DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt

Original advisory http://dsecrg.com/pages/vul/show.php?id=119 Digital Security Research Group [DSecRG] Advisory #DSECRG-09-019 Application:Apache Geronimo Application Server Versions Affected: 2.1 - 2.1.3 Vendor URL: http://geronimo.apache.org

[DSECRG-09-018] Apache Geronimo - Directory Traversal vulnerabilities

Original Advisory: http://dsecrg.com/pages/vul/show.php?id=118 Digital Security Research Group [DSecRG] Advisory #DSECRG-09-018 Application:Apache Geronimo Application Server Versions Affected: 2.1 - 2.1.3 Vendor URL: http://geronimo.apache.org

[DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities

original advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group [DSecRG] Advisory #DSECRG-09-037 Application:AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs

[DSECRG-09-036] Chance-i Techno Vision Security System - Directory Traversal File Download

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-036 original advisory: http://dsecrg.com/pages/vul/DSECRG-09-036.html Application:Chance-i DiViS DVR System web-server Versions Affected: 2.0 Vendor URL: http://www.chance-i.com/ Bug

[DSECRG-09-035] Chance-i DiViS DVR ActiveX - Heap Overflow

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-035 original advisory: http://dsecrg.com/pages/vul/DSECRG-09-035.html Application:Chance-i DiViS-Web DVR System ActiveX control Versions Affected: 3,0,0,7 Vendor URL: http://www.chance

[DSECRG-09-030] PrecisionID Datamatrix ActiveX control - Arbitrary File overwriting

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-030 !!! original advisory!!! http://dsecrg.com/pages/vul/DSECRG-09-030.html Application:PrecisionID activeX controls Versions Affected: Vendor URL

[DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-013 !!! official advisory: !!! http://dsecrg.com/pages/vul/DSECRG-09-013.html Application:IBM WebSphere Application Server Versions Affected: 7.0 and 6.1 Vendor URL

[DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-041 Application:XOOPS Versions Affected: 2.3.1, 2.3.2a Vendor URL: http://www.xoops.org/ Bug:Stored XSS Exploits: YES

[DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-040 Application:XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug:Multiple Local File Include Exploits

[DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-037 Application:Pluck CMS Versions Affected: 4.5.2 Vendor URL: http://www.pluck-cms.org/ Bug:Multiple Local File Include Exploits

[DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-038 Application:ezContents CMS Versions Affected: 2.0.3 Application URL:http://www.ezcontents.org/ Vendor URL: http://www.visualshapers.com/ Bug

[DSECRG-08-036] Multiple Security Vulnerabilities in Freeway eCommerce 1.4.1.171

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-036 Application:Freeway eCommerce Versions Affected: 1.4.1.171 Vendor URL: http://www.openfreeway.org/ Bugs: RFI, Multiple LFI, XSS Exploits

[DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-035 Application:Gallery Versions Affected: 1.5.7, 1.6-alpha3 Vendor URL: http://gallery.menalto.com/ Bug:Local File Include Exploits

[DSECRG-08-034] Local File Include Vulnerability in Minishowcase v09b136

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-034 Application:Minishowcase Image Gallery Versions Affected: v09b136 Vendor URL: http://minishowcase.frwrd.net Bug:Local File Include

[DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-033 Application:Pixelpost photoblog Versions Affected: 1.7.1 Vendor URL: http://www.pixelpost.org/ Bug:Local File Include Exploits

[DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-032 Application:Claroline eLearning and eWorking platform Versions Affected: 1.8.10 Vendor URL: http://www.claroline.net/ Bug:Multiple Linked XSS

[DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-31 Application:Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug:Local File

[DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-030 Application:Claroline eLearning and eWorking platform Versions Affected: 1.8.9 Vendor URL: http://www.claroline.net/ Bug:Multiple XSS, Phishing

[DSECRG-08-027] Multiple RFI-LFI in 1024 CMS 1.4.3, 1.4.4 RFC

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-027 Application:1024 CMS Versions Affected: 1.4.3, 1.4.4 RFC Vendor URL: http://www.1024cms.com/ Bug:Multiple Remote/Local File Include Exploits

[DSECRG-08-011 | FIX INFORMATION] Astrosoft HelpDesk Multiple XSS

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-011 | FIX INFORMATION Application:Astrosoft HelpDesk Versions Affected: < 1.95.228 Vendor URL: http://astrosoft.ru/ Bugs: Multiple XSS Injecti

[DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-014 Application:PowerNews (Newsscript) Versions Affected: 2.5.6 Vendor URL: http://www.powerscripts.org/ Bug:Multiple Local File Include Exploits

[DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-013 Application:MODx CMS Versions Affected: 0.9.6.1, 0.9.6.1p1 Vendor URL: http://modxcms.com/ Bugs: XSS, SiXSS, stored XSS, Change User Password

[DSECRG-08-012] Multiple LFI in Azucar CMS 1.3

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-012 Application:Azucar CMS Versions Affected: 1.3 Vendor URL: http://azucarcms.sourceforge.net/en_home.htm Bug:Multiple Local File Include Exploits

[DSECRG-08-002] Local File Include in arias 0.99-6

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-002 Application:aria-0.99-6 (Web based ERP) Versions Affected: aria-0.99-6 Vendor URL: http://www.tucows.net/ Bug:Local File Include Exploits

[DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-003 Application:Blogcms Versions Affected: Blogcms 4.2.1b Vendor URL: http://blogcms.com/ Bugs: SQL Injestions, SiXSS, XSS Exploits

LFI in Tuned Studios Templates

Digital Security Research Group [DSecRG] Advisory #DSECRG08-001 Application:Tuned Studios Templates Versions Affected: All Vendor URL: http:/www.tunedstudios.com Bug:Local File Include Exploit

2z-project 0.9.6.1 Multiple Security Vulnerabilities

Digital Security Research Group [DSecRG] Advisory Name:2z project Systems Affected:2z project 0.9.6.1 Vendor URL: http://2z-project.ru Authors: Alexandr Polyakov, Stas Svistunovich Digital Security Reasearch Group