=======
Summary
=======
Name: Websense XSS Vulnerability
Release Date: 10 December 2007
Reference: LSD002-2007
Discover: Dave Lewis
CVE:Pending
Vendor: Websense
Product: Websense Enterprise and Websense Web Security Suite
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 4 May 2009 Initial release
Version:2 (rev.2) - 10 December 2009 NNM v7.01 files are on ftp.usa.hp.com
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 20 January 2009 Initial release
Version:2 (rev.2) - 29 April 2009 Added NNM v7.01 hotfix
Version:3 (rev.3) - 10 December 2009 NNM v7.01 hotfix moved to ftp.usa.hp.com
Version:4 (rev.4) - 4 May 2010 Added NNM v7.01(IA), patches for NNM v7.01(PA)
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%
%%
%% Discovered by: GTADarkDude
%% Disconvered on: 10 December 2008
%% Name: Max's Guestbook
%% Version: 1.0
%% URL: http://www.phpf1.com/product/php-guestbook-script.html
%% URL2: http://www.hotscripts.com/Detailed/78571.html
%% Google Search: intitle:"Max's Guestbook" powered-by-PHP-F1
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 4 May 2009 Initial release
Version:2 (rev.2) - 10 December 2009 NNM v7.01 files are on ftp.usa.hp.com
Version:3 (rev.3) - 19 July 2010 NNM v7.01 patches are available
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
> From: Stefan Kanthak [mailto:stefan.kanthak@nexgo.de]
> Sent: Friday, 10 December, 2010 17:12
>
> "George Carlson" <gcarlson@vccs.edu> wrote:
>
> > Your objections are mostly true in a normal sense.
> > However, it is not true when Group Policy is taken into account.
>
> Group Policies need an AD. Cached credentials are only used locally,
> for domain accounts, when the computer can't connect to the AD.
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 20 January 2009 Initial release
Version:2 (rev.2) - 29 April 2009 Added NNM v7.01 hotfix
Version:3 (rev.3) - 10 December 2009 NNM v7.01 hotfix moved to ftp.usa.hp.com
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
URL: http://itrc.hp.com
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 10 December 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 27 April 2009 Initial release
Version:2 (rev.2) - 10 December 2009 NNM v7.01 files are on ftp.usa.hp.com
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 18 November 2009 Initial release
Version:2 (rev.2) - 10 December 2009 Corrected product versions in SUPPORTED SOFTWARE VERSIONS section
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Disclosure Timeline
-------------------------
04 December 2007 -- Vendor Contacted
04 December 2007 -- Vendor Replied
05 December 2007 -- Fix Released
10 December 2007 -- Pulic Disclosure
What is Falt4Extreme
------------------------
Falt4 CMS is a business approved Content Management System (CMS) under the LGPL. The CMS is feature-rich and has a clean administration area. The ultimate CMS with functions for the professional, usable by everyone.CMS modules are available.
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 27 April 2009 Initial release
Version:2 (rev.2) - 10 December 2009 NNM v7.01 files are on ftp.usa.hp.com
Version:3 (rev.3) - 18 August 2010 NNM v7.01 patches are available
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
