New User, Welcome!     Login

<< Previous

Media Coverage

[BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below

===================================


:Title: Authentication bypass in Interspire Shopping Cart
:Severity: Critical
:Reporter: Truong Van Tri and Blue Moon Consulting
:Products: Interspire Shopping Cart v4.0.1 Ultimate edition
:Fixed in: v4.0.2


Description

[BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0

===================================


:Title: Two buffer overflows in Maxum Rumpus
:Severity: Critical
:Reporter: Blue Moon Consulting
:Products: Maxum Rumpus v6.0
:Fixed in: 6.0.1


Description

[BMSA-2009-07] Backdoor in PyForum

===================================


:Title: Backdoor in PyForum
:Severity: Critical
:Reporter: Blue Moon Consulting
:Products: PyForum v1.0.3
:Fixed in: --


Description

Re: iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008)

>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>

[BMSA-2009-06] Remote code execution in BKAV eOffice

BLUE MOON SECURITY ADVISORY 2009-06
===================================

:Title: Remote code execution in BKAV eOffice
:Severity: Critical
:Reporter: Blue Moon Consulting
:Products: eOffice v5.1.5
:Fixed in: --

Description
-----------

[BMSA 2009-04] Remote DoS in Internet Explorer

===================================


:Title: Remote Denial of Service in Internet Explorer
:Severity: Moderate
:Reporter: Blue Moon Consulting
:Products: Internet Explorer 7 and 8
:Fixed in: --


Description

[SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability

The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected

Note: Although this vulnerability affects relatively old versions of
Apache Tomcat, it was only discovered and reported to the Apache Tomcat
Security team in October 2008. Publication of this issue was then
postponed until now at the request of the reporter.

Description:
Bug 40771 (https://issues.apache.org/bugzilla/show_bug.cgi?id=40771) may
result in the disclosure of POSTed content from a previous request. For
a vulnerability to exist the content read from the input stream must be

[oCERT-2008-009] libxslt heap overflow

Timeline:
2008-07-03: vulnerability report received
2008-07-08: contacted libxslt maintainer
2008-07-10: maintainer provides patch
2008-07-17: patch fixes finalized per reporter feedback
2008-07-18: contacted affected vendors
2008-07-31: advisory release

References:
http://www.scary.beasts.org/security/CESA-2008-003.html

Nokia 6131 NFC URI/URL Spoofing and DoS Advisory

 Crash of the parser for various parts of NDEF records, reboots 
 graphical user interface (GUI) of phone.

-----------------------------

Reporter: Collin Mulliner <collin.mulliner[AT]sit.fraunhofer.de>

-----------------------------

Affiliation: Fraunhofer SIT / MUlliNER.ORG / the trifinite group

[BMSA-2009-08] Multiple Vulnerabilities in PyForum

===================================


:Title: Multiple Vulnerabilities in PyForum
:Severity: Critical
:Reporter: Hoang Quoc Thinh and Blue Moon Consulting
:Products: PyForum v1.0.3
:Fixed in: --


Description

iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008)

   U.S.). Denial-of-service against arbitrary phone numbers through
   mass-calling. User cannot prevent attack.

-----------------------------

Reporter: Collin Mulliner <collin[AT]mulliner.org>

-----------------------------

Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
<<Previous

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!