New User, Welcome!     Login

Next Page >>

From Remote

[ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities

Date         : March, 11 th 2009
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore=127
Critical Lvl : High
Impact       : System Access
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MVSA-10-006 / CVE-2010-0153 - IBM Proventia Network Mail Security System - Cross-Site Request Forgery vulnerabilities

Security Advisory:      MVSA-10-006 / CVE-2010-0153
Vendor:                 IBM     
Products:               Proventia Network Mail Security System  
Vulnerabilities:        Cross-Site Request Forgery (XSRF)       
Risk:                   High    
Attack Vector:          From Remote     
Authentication:         Required        
Reference:              http://www.ventuneac.net/security-advisories/MVSA-10-006        


Description

[ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability

Date           : May, 30 th 2008
Location       : Jakarta, Indonesia
Web            : http://e-rdc.org/v1/news.php?readmore=91
Critical Lvl   : Medium
Impact         : System access
Where          : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ECHO_ADV_99$2008] Relative Real Estate Systems <= 3.0 (listing_id) Sql Injection Vulnerability

Date         : June, 24 th 2008
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore=101
Critical Lvl : Medium
Impact       : System access
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

MVSA-10-002 - Google Message Security SaaS - Multiple XSS vulnerabilities

                                - Security Console (Admin Console)
                                - Message Center Classic
                                - Message Center II
Vulnerabilities:        Multiple Cross-Site Scripting (XSS)
Risk:                   High    
Attack Vector:          From Remote     
Authentication:         Required
Reference:              http://www.ventuneac.net/security-advisories/MVSA-10-002
                        http://secureappdev.blogspot.com/2010/09/testing-google-message-security-saas.html

CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability

CVE Number: CVE-2008-1094
Vulnerability: SQL Injection 
Risk: Medium
Attack vector: From Remote

Vulnerability Discovered: 16th June 2008
Vendor Notified: 16th June 2008
Advisory Released: 15th December 2008

Apache Struts 2 Multiple Reflected XSS in XWork error pages

Vulnerabilities: Multiple Reflected XSS in XWork error pages

Risk: High

Attack Vector: From Remote

Authentication: Not Required

References:     
 - http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html

[ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability

Date : June, 13 th 2008
Location : Jakarta, Indonesia
Web : http://e-rdc.org/v1/news.php?readmore=97
Critical Lvl : Medium
Impact : System access
Where : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ECHO_ADV_100$2008] Comdev Web Blogger <= 4.1.3 (arcmonth) Sql Injection Vulnerability

Date         : July, 14 th 2008
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore=102
Critical Lvl : Medium
Impact       : System access
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability

Network Request

Where: 

From Remote or Local Network

Solution: 

Unpatched

[ECHO_ADV_93$2008] Kmita Tellfriend <= 2.0 (file) Remote File Inclusion Vulnerability

Date           : May, 5 th 2008
Location       : Jakarta, Indonesia
Web            : http://advisories.echo.or.id/adv/adv93-K-159-2008.txt
Critical Lvl   : High
Impact         : System access
Where          : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability

Date         : February, 23 th 2009
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore=126
Critical Lvl : Medium
Impact       : Manipulation of data / Exposure of sensitive information
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

[ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities

Date         : September, 16 th 2008
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore=108
Critical Lvl : High
Impact       : System access
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability

Security Advisory:      MVSA-10-008 / CVE-2010-0154
Vendor:                 IBM     
Products:               Proventia Network Mail Security System
Vulnerabilities:        Insecure Direct Object Reference
Risk:                   Medium  
Attack Vector:          From Remote     
Authentication:         Required
Reference:              http://www.ventuneac.net/security-advisories/MVSA-10-008

MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities

Security Advisory:      MVSA-10-007 / CVE-2010-0152
Vendor:                 IBM     
Products:               Proventia Network Mail Security System
Vulnerabilities:        Multiple Cross-Site Scripting (XSS)
Risk:                   High    
Attack Vector:          From Remote     
Authentication:         Not Required/Required
Reference:              http://www.ventuneac.net/security-advisories/MVSA-10-007

Secunia Research: Oracle BEA WebLogic Server Plug-ins Integer Overflow

====================================================================== 
2) Severity 

Rating: Highly critical
Impact: System access
Where:  From Remote

====================================================================== 
3) Vendor's Description of Software 

"... the world's best application server for building and deploying

[ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability

Date         : September, 11 th 2009
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore=142
Critical Lvl : Moderate
Impact       : Exposure of sensitive information
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter

CVE: CVE-2011-4025      
Vendor: EllisLab        
Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3
Vulnerabilities: xss_clean filter bypass, leading to Cross-Site Scripting (XSS)
Risk: High      
Attack Vector: From Remote      
Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html

        
1. Description

Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass

====================================================================== 
2) Severity 

Rating: Less critical
Impact: Security bypass
Where:  From Remote

====================================================================== 
3) Vendor's Description of Software 

"The Garmin Communicator Plugin lets you connect your Garmin GPS with

[ECHO_ADV_113$2010] BSI Hotel Booking System Admin Login Bypass Vulnerability

Date          : September, 22th 2010
Location      : Jakarta, Indonesia
Web           : http://e-rdc.org/v1/news.php?readmore=165
Critical Lvl  : Moderate
Impact        : Exposure of sensitive information
Where         : From Remote

---------------------------------------------------------------------------

Affected application description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability

Date           : May, 5 th 2008
Location       : Jakarta, Indonesia
Web            : http://advisories.echo.or.id/adv/adv91-K-159-2008.txt
Critical Lvl   : Medium
Impact         : System access
Where          : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ECHO_ADV_88$2008] Prozilla Hosting Index (directory.php cat_id) Blind Sql Injection Vulnerability

Date           : April, 28 th 2007
Location       : Jakarta, Indonesia
Web            : http://advisories.echo.or.id/adv/adv88-K-159-2008.txt
Critical Lvl   : Medium
Impact         : System access
Where          : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services

Date Found      : June, 4th 2009
Location        : Indonesia, Jakarta
web             : http://e-rdc.org/v1/news.php?readmore=137
Critical Lvl    : Moderated
Impact          : Browser will automatically shutdown
Where           : From Remote
Disclosure Policy: Full Disclosure Policy (RFPolicy) v2.0
                  http://www.wiretrip.net/rfp/policy.html
--------------------------------------------------------------------------------

Affected software description:

Secunia Research: Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow

====================================================================== 
2) Severity 

Rating: Highly critical
Impact: System access
Where:  From Remote

====================================================================== 
3) Vendor's Description of Software 

"... the world's best application server for building and deploying

[ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability

Date         : March, 16 th 2009
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore=131
Critical Lvl : Moderate
Impact       : Exposure of sensitive information
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability

Date           : May, 5 th 2008
Location       : Jakarta, Indonesia
Web            : http://advisories.echo.or.id/adv/adv90-K-159-2008.txt
Critical Lvl   : Medium
Impact         : System access
Where          : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ECHO_ADV_84$2007] ProfileCMS <= 1.0 Remote SQL Injection Vulnerability

Date           : November, 17 th 2007
Location       : Australia, Sydney
Web            : http://advisories.echo.or.id/adv/adv84-K-159-2007.txt
Critical Lvl   : Dangerous
Impact         : System access
Where          : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability

Security Advisory:      MVSA-10-009 / CVE-2010-0155
Vendor:                 IBM     
Products:               Proventia Network Mail Security System
Vulnerabilities:        CRLF Injection
Risk:                   Medium  
Attack Vector:          From Remote     
Authentication:         Required
Reference:              http://www.ventuneac.net/security-advisories/MVSA-10-009

MVSA-10-001 - Google Message Security SaaS - SQL Injection vulnerabilities

Vendor:                 Google  
Service:                Google Message Security SaaS (powered by Postini) 
                                - Message Center II
Vulnerabilities:        SQL Injection
Risk:                   High    
Attack Vector:          From Remote     
Authentication:         Required
Reference:              http://www.ventuneac.net/security-advisories/MVSA-10-001
                        http://secureappdev.blogspot.com/2010/09/testing-google-message-security-saas.html

[ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability

Date           : November, 30 th 2007
Location       : Australia, Sydney
Web            : http://advisories.echo.or.id/adv/adv86-K-159-2007.txt
Critical Lvl   : Medium
Impact         : System access
Where          : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!