New User, Welcome!     Login

Next Page >>

Computer Emergency Response Team

project announcement - oCERT - Open Source CERT

Hi everyone,

we are pleased to announce a new project called oCERT, the Open Source
Computer Emergency Response Team.

The oCERT project is a public effort providing security handling support to
Open Source projects affected by security incidents or vulnerabilities, just
like national CERTs offer services for their respective countries.

YEKTAWEB CMS XSS Vulnerability

Credit:
---------------------------------------------

Isfahan University of Technology - Computer Emergency Response Team

Thanks to :  N. Fathi, M. R. Faghani

YEKTA WEB Academic Web Tools CMS Multiple XSS

                Input Validation Filter should be patched.


Credit: 
------------------
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : M. R. Faghani, N. Fathi, E. Aerabi, E. Jafari

Aryanic HighCMS and HighPortal multiple Vulnerabilities

                Input validation of Parameter "q" should be corrected.


Credit: 
------------------
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : E. Jafari, N.Fathi, M. R. Faghani

Eshopbuilde CMS SQL Injection Vulnerability

Credit:

------------------

Isfahan University of Technology - Computer Emergency Response Team

Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi, E. Jafari

Pars CMS SQL Injection Vulnerability

Credit:

------------------

Isfahan University of Technology - Computer Emergency Response Team

Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari

Sheedravi CMS SQL Injection Vulnerability

Credit:

------------------

Isfahan University of Technology - Computer Emergency Response Team

Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari

IBSng all version Cross-Site Scripting Vulnerability

PoC : http://[target]/IBSng/util/show_multistr.php?str=[xss]

Original Advisory : http://nsec.ir/

Credit: Isfahan University of Technology - Computer Emergency Response Team

XSS Vulnerabilities in Common Shockwave Flash Files

First and foremost, we thank Stafano Di Paola of Minded Security and
Obscure of EyeonSecurity who thoroughly researched and pioneered every
attack we used.

Thanks to Autodemo, Infosoft, and Techsmith for quickly fixing this
issue. We also thank the Computer Emergency Response Team for
coordinating with the vendors to fix this issue, the Adobe Flash
player development teams for including some fixes in the player (we
hope to see more in the future), the Adobe Software Security
Engineering Team, and the Google Security Team for giving me time to
pursue this research and coauthor a book.

Chavoosh CMS SQL Injection Vulnerability

Credit:

------------------

Isfahan University of Technology - Computer Emergency Response Team

Thanks to : E. Jafari, N. Fathi, M. R. Faghani

Elkapax CMS Cross site scripting vulnerability

Credit:

------------------

Isfahan University of Technology - Computer Emergency Response Team

Thanks to : N. Fathi, E. Jafari, M. R. Faghani

Zigurrat CMS SQL Injection Vulnerability

Credit:

------------------

Isfahan University of Technology - Computer Emergency Response Team

Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari

Re: Elkapax CMS Cross site scripting vulnerability

: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is

[oCERT-2009-013] yTNEF/Evolution TNEF attachment decoder input sanitization errors

Permalink:
http://www.ocert.org/advisories/ocert-2009-013.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2008-003] libpng zero-length chunks incorrect handling

Permalink:
http://www.ocert.org/advisories/ocert-2008-003.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2010-001] multiple http client unexpected download filename vulnerability

Permalink:
http://www.ocert.org/advisories/ocert-2010-001.html

-- 
  Daniele Bianco      oCERT | Open Source Computer Emergency Response Team 
  <danbia@ocert.org>                                  http://www.ocert.org
  
  GPG Key 0x4545E02B
  GPG Key fingerprint = 3706 0361 56B2 61B1 B873  E400 353D 54F4 4545 E02B

[oCERT-2008-013] MPlayer Real demuxer heap overflow

Permalink:
http://www.ocert.org/advisories/ocert-2008-013.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2008-009] libxslt heap overflow

Permalink:
http://www.ocert.org/advisories/ocert-2008-009.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2009-015] KDE multiple issues

Permalink:
http://www.ocert.org/advisories/ocert-2009-015.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2010-003] Free Simple CMS path sanitization errors

Permalink:
http://www.ocert.org/advisories/ocert-2010-003.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities

server is an optional service that is disabled by default in Cisco
products. Only SNMPv3 is impacted by these vulnerabilities.
Workarounds are available for mitigating the impact of the
vulnerabilities described in this document.

The United States Computer Emergency Response Team (US-CERT) has
assigned Vulnerability Note VU#878044 to these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960
has also been assigned to these vulnerabilities.

[oCERT-2009-007] FCKeditor input sanitization errors

Permalink:
http://www.ocert.org/advisories/ocert-2009-007.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2009-011] Android improper camera and audio permission verification

Permalink:
http://www.ocert.org/advisories/ocert-2009-011.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2009-009] CamlImages integer overflows

Permalink:
http://www.ocert.org/advisories/ocert-2009-009.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2009-014] Android denial-of-service issues

Permalink:
http://www.ocert.org/advisories/ocert-2009-014.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2009-004] AjaxTerm session id collision

Permalink:
http://www.ocert.org/advisories/ocert-2009-004.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference

Permalink:
http://www.ocert.org/advisories/ocert-2010-004.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2009-008] Dillo integer overflow

Permalink:
http://www.ocert.org/advisories/ocert-2009-008.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2009-003] LittleCMS integer errors

Permalink:
http://www.ocert.org/advisories/ocert-2009-003.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

[oCERT-2008-004] multiple speex implementations insufficient boundary checks

Permalink:
http://www.ocert.org/advisories/ocert-2008-004.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!