Digital Security Research Group [DSecRG] Advisory#DSECRG-09-032
Application:Oracle BPEL Console version 10.1.3.3.0
Versions Affected: Oracle BPEL Console version 10.1.3.3.0
Vendor URL: http://www.oracle.com
Bugs
"Writing JIT-Spray Shellcode for fun and profit"
by Alexey Sintsov from DSecRG (dsecrg.com)
Attacks on clients’ browsers have always been the real threat for everyone.
And here vulnerabilities have been not only in the browser but also in plug-ins.
Bank-clients, business software,
Digital Security Research Group [DSecRG] Advisory
http://dsecrg.com/pages/vul/show.php?id=161
Various XSS and XSRF vulnerabilities were identified in the Alteon OS
Browser-Based
Interface (BBI).
Application: Alteon OS BBI
Versions Affected: <= 21.0.8.3 and may be hig
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110
Application:Oracle Database 10G
Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL: http://oracle.com
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-048
http://dsecrg.ru/pages/vul/show.php?id=148
Application:HP LaserJet printer web interface
Vulnerable: HP LaserJet 2200, 4350, 4600, 5500, and many others
Vendor URL: http
its: YES
Reported: 26.11.2008
Vendor response:27.11.208
Public Advisory:06.10.2009
Originaly found by: Elazar Broad
Author: Alexander Polyakov from Digital Security
Research Group [DSecRG]
Descript
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-031
http://dsecrg.com/pages/vul/show.php?id=131
Application:Oracle BEA Weblogic 10
Versions Affected: Oracle BEA Weblogic 10
Vendor URL: http://oracle.com
Bugs
Digital Security Research Group [DSecRG] Advisory#DSECRG-09-025
http://dsecrg.com/pages/vul/show.php?id=125
Application:Oracle Secure Enterprise Search (SES)
Versions Affected: Oracle Secure Enterprise Search (SES) version
10.1.8.2.0
Vendor URL
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-038
Original advisory: http://dsecrg.com/pages/vul/show.php?id=138
Application:Sun Glassfish Woodstock Project (part of Glassfish
Enterprise Server)
Versions Affected: 4.2
Vendor URL
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-034
Original advisory: http://dsecrg.com/pages/vul/show.php?id=134
Application:Sun Glassfish Enterprise Server
Versions Affected: 2.1
Vendor URL: https://glassfish.dev.java.net/
Bug
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-014
Original advisory: http://dsecrg.com/pages/vul/show.php?id=114
Application:SAP Cfolders (included in: SAP SRM, SAP ECC,
SAP Knowledge Management and SAP NetWeaver cRooms)
Vendor URL
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-021
Original advisory: http://dsecrg.com/pages/vul/show.php?id=121
Application:SAP Cfolders (SAP SRM, SAP ECC, SAP Knowledge
Management and SAP NetWeaver cRooms (collaboration rooms))
Vendor URL
Original Advisory: http://dsecrg.com/pages/vul/show.php?id=120
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-020
Application:Apache Geronimo Application Server
Versions Affected: 2.1 - 2.1.3
Vendor URL: http://geronimo.apache.org
Original advisory http://dsecrg.com/pages/vul/show.php?id=119
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-019
Application:Apache Geronimo Application Server
Versions Affected: 2.1 - 2.1.3
Vendor URL: http://geronimo.apache.org
Original Advisory: http://dsecrg.com/pages/vul/show.php?id=118
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-018
Application:Apache Geronimo Application Server
Versions Affected: 2.1 - 2.1.3
Vendor URL: http://geronimo.apache.org
original advisory: http://dsecrg.com/pages/vul/show.php?id=137
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-037
Application:AbleSpace
Versions Affected: 1.0
Vendor URL: http://abk-soft.com/
Bugs
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-036
original advisory: http://dsecrg.com/pages/vul/DSECRG-09-036.html
Application:Chance-i DiViS DVR System web-server
Versions Affected: 2.0
Vendor URL: http://www.chance-i.com/
Bug
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-035
original advisory: http://dsecrg.com/pages/vul/DSECRG-09-035.html
Application:Chance-i DiViS-Web DVR System ActiveX control
Versions Affected: 3,0,0,7
Vendor URL: http://www.chance
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-030
!!! original advisory!!!
http://dsecrg.com/pages/vul/DSECRG-09-030.html
Application:PrecisionID activeX controls
Versions Affected:
Vendor URL
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-013
!!! official advisory: !!!
http://dsecrg.com/pages/vul/DSECRG-09-013.html
Application:IBM WebSphere Application Server
Versions Affected: 7.0 and 6.1
Vendor URL
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-041
Application:XOOPS
Versions Affected: 2.3.1, 2.3.2a
Vendor URL: http://www.xoops.org/
Bug:Stored XSS
Exploits: YES
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-040
Application:XOOPS
Versions Affected: 2.3.1
Vendor URL: http://www.xoops.org/
Bug:Multiple Local File Include
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-037
Application:Pluck CMS
Versions Affected: 4.5.2
Vendor URL: http://www.pluck-cms.org/
Bug:Multiple Local File Include
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-038
Application:ezContents CMS
Versions Affected: 2.0.3
Application URL:http://www.ezcontents.org/
Vendor URL: http://www.visualshapers.com/
Bug
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-036
Application:Freeway eCommerce
Versions Affected: 1.4.1.171
Vendor URL: http://www.openfreeway.org/
Bugs: RFI, Multiple LFI, XSS
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-035
Application:Gallery
Versions Affected: 1.5.7, 1.6-alpha3
Vendor URL: http://gallery.menalto.com/
Bug:Local File Include
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-034
Application:Minishowcase Image Gallery
Versions Affected: v09b136
Vendor URL: http://minishowcase.frwrd.net
Bug:Local File Include
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-033
Application:Pixelpost photoblog
Versions Affected: 1.7.1
Vendor URL: http://www.pixelpost.org/
Bug:Local File Include
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-032
Application:Claroline eLearning and eWorking platform
Versions Affected: 1.8.10
Vendor URL: http://www.claroline.net/
Bug:Multiple Linked XSS
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-31
Application:Interact E-Learning System
Versions Affected: 2.4.1
Vendor URL: http://sourceforge.net/projects/cce-interact
Bug:Local File
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-030
Application:Claroline eLearning and eWorking platform
Versions Affected: 1.8.9
Vendor URL: http://www.claroline.net/
Bug:Multiple XSS, Phishing
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-027
Application:1024 CMS
Versions Affected: 1.4.3, 1.4.4 RFC
Vendor URL: http://www.1024cms.com/
Bug:Multiple Remote/Local File Include
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-011 | FIX
INFORMATION
Application:Astrosoft HelpDesk
Versions Affected: < 1.95.228
Vendor URL: http://astrosoft.ru/
Bugs: Multiple XSS Injecti
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-014
Application:PowerNews (Newsscript)
Versions Affected: 2.5.6
Vendor URL: http://www.powerscripts.org/
Bug:Multiple Local File Include
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-013
Application:MODx CMS
Versions Affected: 0.9.6.1, 0.9.6.1p1
Vendor URL: http://modxcms.com/
Bugs: XSS, SiXSS, stored XSS, Change User Password
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-012
Application:Azucar CMS
Versions Affected: 1.3
Vendor URL: http://azucarcms.sourceforge.net/en_home.htm
Bug:Multiple Local File Include
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-002
Application:aria-0.99-6 (Web based ERP)
Versions Affected: aria-0.99-6
Vendor URL: http://www.tucows.net/
Bug:Local File Include
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-003
Application:Blogcms
Versions Affected: Blogcms 4.2.1b
Vendor URL: http://blogcms.com/
Bugs: SQL Injestions, SiXSS, XSS
Exploits
Digital Security Research Group [DSecRG] Advisory #DSECRG08-001
Application:Tuned Studios Templates
Versions Affected: All
Vendor URL: http:/www.tunedstudios.com
Bug:Local File Include
Exploit
Digital Security Research Group [DSecRG] Advisory
Name:2z project
Systems Affected:2z project 0.9.6.1
Vendor URL: http://2z-project.ru
Authors: Alexandr Polyakov, Stas Svistunovich
Digital Security Reasearch Group
40 matches
Mail list logo