New User, Welcome!     Login

25 November

XSS vulnerability in Diferior

Vulnerability ID: HTB22720
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_diferior.html
Product: Diferior
Vendor: Povilas Musteikis ( http://www.diferior.com/ ) 
Vulnerable Version: 8.03 and probably prior versions
Vendor Notification: 25 November 2010 
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

[security bulletin] HPSBTU02382 SSRT080132 rev.1 - HP Secure Web Server for Tru64 UNIX or Internet Express for Tru64 UNIX running PHP, Remote Denial of Service (DoS) or Arbitrary Code Execution

PRODUCT SPECIFIC INFORMATION 

HISTORY 

Version:1 (rev.1) - 25 November 2008 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. 

Support: For further information, contact normal HP Services support channel.

[security bulletin] HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of

action: install revision A.00.09.08l.003 or subsequent

END AFFECTED VERSIONS

HISTORY
Version:1 (rev.1) 25 November 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Cross Site Scripting vulnerability in Diferior

Vulnerability ID: HTB22722
Reference: http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_diferior.html
Product: Diferior
Vendor: Povilas Musteikis ( http://www.diferior.com/ ) 
Vulnerable Version: 8.03 and probably prior versions
Vendor Notification: 25 November 2010 
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

[security bulletin] HPSBUX02482 SSRT090249 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)

action: install revision A.00.09.08l.003 or subsequent

END AFFECTED VERSIONS

HISTORY
Version:1 (rev.1) 25 November 2009 Initial release
Version:2 (rev.2) 14 December 2009 Revised location from which to download upgrades, fileset content.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

XSRF (CSRF) in CMScout

Vulnerability ID: HTB22719
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_cmscout.html
Product: CMScout
Vendor: CMScout Team ( http://www.cmscout.co.za/ ) 
Vulnerable Version: 2.09 and probably prior versions
Vendor Notification: 25 November 2010 
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!