New User, Welcome!     Login

15 December

Path disclousure in OpenCart

Vulnerability ID: HTB22762
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_opencart.html
Product: OpenCart
Vendor: OpenCart ( http://www.opencart.com/ ) 
Vulnerable Version: 1.4.9.1
Vendor Notification: 15 December 2010 
Vulnerability Type: Path disclosure
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI

High Risk Vulnerability in Websense Triton

15 December 2011

Ben Williams of NGS Secure has discovered a High risk vulnerability in Websense

Impact: Authentication bypass 

Versions affected include:
Websense Web Security Gateway Anywhere v7.6

SQL Injection in LightNEasy

Vulnerability ID: HTB22754
Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy_1.html
Product: LightNEasy
Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) 
Vulnerable Version: 3.2.2
Vendor Notification: 15 December 2010 
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Trango Broadband Wireless Rogue SU Authentication Bug

--------------------------------------------------------------------------

Trango Broadband Wireless
M5830 Series Rogue SU Authentication Bug
Date : 15 December, 2009
By: Blair - jediblair@gmail.com

--------------------------------------------------------------------------

Background

[security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access

PRODUCT SPECIFIC INFORMATION
None

HISTORY
Version:1 (rev.1) - 15 December 2010 Initial Release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

CSRF (Cross-Site Request Forgery) in Open blog

Vulnerability ID: HTB22763
Reference: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_open_blog.html
Product: Open blog
Vendor: K5 Storitve ( http://www.open-blog.info/ ) 
Vulnerable Version: 1.2.1
Vendor Notification: 15 December 2010 
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Information disclosure in LightNEasy

Vulnerability ID: HTB22751
Reference: http://www.htbridge.ch/advisory/information_disclosure_in_lightneasy.html
Product: LightNEasy
Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) 
Vulnerable Version: 3.2.2
Vendor Notification: 15 December 2010 
Vulnerability Type: Information disclosure
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

[security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning

Version:3 (rev.3) - 06 August 2008 Updated patch location, revised BIND v9.2.0 depot information,

added BIND v8.1.2
Version:4 (rev.4) - 08 August 2008 Updated manual actions to include named.conf and firewall configuration setings
Version:5 (rev.5) - 12 October 2010 Updated version for BIND v9.2.0 depot for B.11.11
Version:6 (rev.6) - 15 December 2010 Reformat v9.2.0 recommendation for clarity.

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Path disclosure in LightNEasy

Vulnerability ID: HTB22753
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_lightneasy.html
Product: LightNEasy
Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) 
Vulnerable Version: 3.2.2
Vendor Notification: 15 December 2010 
Vulnerability Type: Path disclosure
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Path disclousure in ocPortal

Vulnerability ID: HTB22761
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_ocportal.html
Product: ocPortal
Vendor: ocProducts Ltd ( http://ocportal.com ) 
Vulnerable Version: 5.0.3
Vendor Notification: 15 December 2010 
Vulnerability Type: Path disclosure
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

[security bulletin] HPSBMA02416 SSRT090008 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code

HISTORY
Version:1 (rev.1) - 23 March 2009 Initial release
Version:2 (rev.2) - 31 March 2009 Archive available for NNM v7.53 with Intermediate Patch 22
Version:3 (rev.3) - 6 April 2009 Archive rev.1 available for NNM v7.53 with Intermediate Patch 22
Version:4 (rev.4) - 15 December 2009 Patches available for NNM v7.53, archive files on ftp.usa.hp.com

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI

High risk Vulnerability in Websense Triton 

15 December 2011

Ben Williams of NGS Secure has discovered a High risk vulnerability in Websense

Impact: Stored XSS 

Versions affected include:
Websense Web Security Gateway Anywhere v7.6

[security bulletin] HPSBMA02416 SSRT090008 rev.5 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code

HISTORY
Version:1 (rev.1) - 23 March 2009 Initial release
Version:2 (rev.2) - 31 March 2009 Archive available for NNM v7.53 with Intermediate Patch 22
Version:3 (rev.3) - 6 April 2009 Archive rev.1 available for NNM v7.53 with Intermediate Patch 22
Version:4 (rev.4) - 15 December 2009 Patches available for NNM v7.53, archive files on ftp.usa.hp.com
Version:5 (rev.5) - 4 May 2010 Added NNM v7.01(IA), patches for NNM v7.01(PA)

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

[security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS)

v7.61
 HPED_00480

HISTORY
Version:1 (rev.1) - 15 December 2010 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

SQL Injection in LightNEasy

Vulnerability ID: HTB22750
Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy.html
Product: LightNEasy
Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) 
Vulnerable Version: 3.2.2
Vendor Notification: 15 December 2010 
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

LFI in LightNEasy

Vulnerability ID: HTB22752
Reference: http://www.htbridge.ch/advisory/lfi_in_lightneasy.html
Product: LightNEasy
Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) 
Vulnerable Version: 3.2.2
Vendor Notification: 15 December 2010 
Vulnerability Type: LFI
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM

Critical Vulnerability in Websense Triton 

15 December 2011

Ben Williams of NGS Secure has discovered a Critical vulnerability in Websense

Impact: Unauthenticated remote command execution as SYSTEM 

Versions affected include:
Websense Web Security Gateway Anywhere v7.6

[security bulletin] HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access

PRODUCT SPECIFIC INFORMATION
None

HISTORY
Version:1 (rev.1) - 15 December 2010 Initial Release
Version:2 (rev.2) - 23 December 2010 Corrected syntax in the password change instructions

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

[security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code

HP Power Manager 4.3.2 for Windows is available for download from
http://h18004.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/pm3-dl.html

HISTORY
Version:1 (rev.1) - 15 December 2010 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI

Medium Risk Vulnerability in Websense Triton 

15 December 2011

Ben Williams of NGS Secure has discovered a Medium risk vulnerability in Websense

Impact: Reflected XSS 

Versions affected include:
Websense Web Security Gateway Anywhere v7.6

[security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)

HISTORY
Version:1 (rev.1) - 6 August 2009 Initial release
Version:2 (rev.2) - 16 November 2009 New URLs, new v9.2.0 depots for B.11.11 and B.11.23 only.
Version:3 (rev.3) - 4 June 2010 New v9.2.0 patch for B.11.23, new URLs.
Version:4 (rev.4) - 15 December 2010 Updated v9.2.0 depot version for B.11.11, and source location.

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Path disclousure in Nibbleblog

Vulnerability ID: HTB22760
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_nibbleblog.html
Product: Nibbleblog
Vendor: Diego Ignacio Gabriel Najar Carrascal ( http://www.nibbleblog.com/ ) 
Vulnerable Version: 3.0.1
Vendor Notification: 15 December 2010 
Vulnerability Type: Path disclosure
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!