21 October
Vulnerability ID: HTB22665
Reference: http://www.htbridge.ch/advisory/shell_create__command_execution_in_jaf_cms.html
Product: JAF CMS
Vendor: JAF CMS ( http://jaf-cms.sourceforge.net/ )
Vulnerable Version: 4.0 RC2
Vendor Notification: 21 October 2010
Vulnerability Type: Shell create & command execution
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
UnprotectedHex.com security advisory [07-02]
Discovered by nnp
Discovered : 1 August 2007
Reported to the vendor : 13 October 2007
Fixed by vendor : 21 October 2007
Vulnerability class : Remote DoS
Affected product : mt-dappd/Firefly Media Server
Version : <= 0.2.4
> UnprotectedHex.com security advisory [07-01]
> Discovered by nnp
>
> Discovered : 1 August 2007
> Reported to the vendor : 13 October 2007
> Fixed by vendor : 21 October 2007
>
> Vulnerability class : Remote DoS
>
> Affected product : mt-dappd/Firefly Media Server
> Version : threadno,first);
Chrome/0.2.149.30
Chrome/0.2.149.29
Disclosure Timeline:
Disclosed: 19 October 2008
Release Date. 21 October ,2008
Vendor Response:
Google acknowledges this vulnerability and "fix" will be released soon.
Credit:
> UnprotectedHex.com security advisory [07-02]
> Discovered by nnp
>
> Discovered : 1 August 2007
> Reported to the vendor : 13 October 2007
> Fixed by vendor : 21 October 2007
>
> Vulnerability class : Remote format string
>
> Affected product : mt-dappd/Firefly Media Server
> Version : request_vars,"HTTP_USER",username);
Vulnerability ID: HTB22673
Reference: http://www.htbridge.ch/advisory/lfi_in_eocms.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: Local File Inclusion
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability ID: HTB22677
Reference: http://www.htbridge.ch/advisory/bbcode_xss_in_eocms.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability ID: HTB22675
Reference: http://www.htbridge.ch/advisory/sql_injection_in_eocms.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability ID: HTB22676
Reference: http://www.htbridge.ch/advisory/lfi_in_eocms_1.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: Local File Inclusion
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability ID: HTB22672
Reference: http://www.htbridge.ch/advisory/xss_in_textpattern_cms.html
Product: Textpattern CMS
Vendor: Team Textpattern ( http://textpattern.com/ )
Vulnerable Version: 4.2.0
Vendor Notification: 21 October 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by Vendor
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability ID: HTB22674
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_eocms.html
Product: eoCMS
Vendor: eocms.com ( http://eocms.com )
Vulnerable Version: 0.9.04
Vendor Notification: 21 October 2010
Vulnerability Type: Path disclosure
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version: 1 (rev.1) - 21 October 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Vulnerability ID: HTB22671
Reference: http://www.htbridge.ch/advisory/sql_injection_in_minibb.html
Product: MiniBB
Vendor: MiniBB.com ( http://www.minibb.com/ )
Vulnerable Version: 2.5
Vendor Notification: 21 October 2010
Vulnerability Type: SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability ID: HTB22670
Reference: http://www.htbridge.ch/advisory/bbcode_xss_in_minibb.html
Product: MiniBB
Vendor: MiniBB.com ( http://www.minibb.com/ )
Vulnerable Version: 2.5
Vendor Notification: 21 October 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability ID: HTB22667
Reference: http://www.htbridge.ch/advisory/sql_injection_in_sweetrice_cms.html
Product: SweetRice CMS
Vendor: basic-cms.org ( http://www.basic-cms.org/ )
Vulnerable Version: 0.6.7
Vendor Notification: 21 October 2010
Vulnerability Type: SQL Injection
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
=======
Summary
=======
Name: SharePoint Team Services source code disclosure through download
facility
Release Date: 21 October 2009
Reference: NGS00532
Discover: Daniel Martin <daniel@ngssoftware.com>
Vendor: Microsoft
Systems Affected: SharePoint 2007 (12.0.0.6219, 12.0.0.4518 and
possibly others)
Vulnerability ID: HTB22669
Reference: http://www.htbridge.ch/advisory/reset_admin_password_in_sweetrice_cms.html
Product: SweetRice CMS
Vendor: basic-cms.org ( http://www.basic-cms.org/ )
Vulnerable Version: 0.6.7
Vendor Notification: 21 October 2010
Vulnerability Type: Logic error
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability ID: HTB22666
Reference: http://www.htbridge.ch/advisory/rfi_in_jaf_cms.html
Product: JAF CMS
Vendor: JAF CMS ( http://jaf-cms.sourceforge.net/ )
Vulnerable Version: 4.0 RC2
Vendor Notification: 21 October 2010
Vulnerability Type: Remote File Inclusion
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
UnprotectedHex.com security advisory [07-01]
Discovered by nnp
Discovered : 1 August 2007
Reported to the vendor : 13 October 2007
Fixed by vendor : 21 October 2007
Vulnerability class : Remote DoS
Affected product : mt-dappd/Firefly Media Server
Version : threadno,first);
action: install revision B.2.0.59.12 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 21 October 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
UnprotectedHex.com security advisory [07-02]
Discovered by nnp
Discovered : 1 August 2007
Reported to the vendor : 13 October 2007
Fixed by vendor : 21 October 2007
Vulnerability class : Remote format string
Affected product : mt-dappd/Firefly Media Server
Version : request_vars,"HTTP_USER",username);
action: install revision B.5.5.27.03 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 21 October 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Vulnerability ID: HTB22668
Reference: http://www.htbridge.ch/advisory/xss_in_sweetrice_cms.html
Product: SweetRice CMS
Vendor: basic-cms.org ( http://www.basic-cms.org/ )
Vulnerable Version: 0.6.7
Vendor Notification: 21 October 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by Vendor
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
|
