Next Page >>
Multiple
Application: IBM WebSphere Application Server
Versions Affected: 7.0 and 6.1
Vendor URL: http://www.ibm.com/websphere/
Bug: Multiple XSS Vulnerabilities
Exploits: YES
Reported: 01.11.2008
Vendor response: 02.11.2008
Solution: FP 6.1.0.23 and 7.0.0.3
Date of Public Advisory: 27.03.2009
iScripts SocialWare 2.2.x Multiple Remote Vulnerability
Name iScripts SocialWare
Vendor http://www.iscripts.com
Versions Affected 2.2.x
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-03-07
Vtiger CRM 5.0.4 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Vtiger CRM
Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 6/10, vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Vendor http://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
MyCart 2.0 Multiple Remote Vulnerabilities
Name MyCart
Vendor http://open.appideas.com
Versions Affected 2.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-10-27
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall
Services Module
Advisory ID: cisco-sa-20100804-fwsm
Revision 1.0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Sun JDK/JRE: Multiple vulnerabilities
Date: April 17, 2008
Bugs: #178851, #178962, #183580, #185256, #194711, #212425
ID: 200804-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Application: Dokeos E-Learning System
Versions Affected: 1.8.4
Vendor URL: http://dokeos.com
Bugs: Multiple SQL Injections,Multiple Blind SQL Injections,Multiple XSS, etc.
Exploits: YES
Reported: 25.01.2008
Vendor response: 28.01.2008
Patch released: 12.02.2008
Date of Public Advisory: 19.02.2008
- -----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0016
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
Issue date: 2009-11-20
Updated on: 2009-11-20 (initial release of advisory)
CVE numbers: --- JRE ---
CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
Family Connections <= 2.1.3 Multiple Remote Vulnerabilities
Name Family Connections
Vendor http://www.familycms.com
Versions Affected <= 2.1.3
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-16
Dear bugtraq,
Below is a digest of vulnerabilities in multiple CAPTCHA systems. All
vulnerabilities were reported by MustLive (websecurity.com.ua) during
"The Month of Bugs in CAPTCHA"
1. Peter’s Custom Anti-Spam Image < 2.9 (Wordpress plugin)
1.1 "antiselect" value can be guessed with 10% probability.
1.2 Same check pairs may be used for multiple postings
Description
***********
Blogcms system has multiple security vulnerabilities:
1. Multiple SQL Injections
2. Multiple Linked XSS
3. Multiple Linked SiXSS
Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities
Name Amblog
Vendor http://robitbt.hu
Versions Affected 1.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-10
Hi,
This is regarding multiple XSS Vulnerabilities in Openfire 3.6.4
Administrative Section. The following is the disclosure document:
Title: Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative
Section
------------------------------------------------------------------------
------------------------------------------------------------------------
--
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-1667
Multiple integer overflows in XInitImage function in xwd.c for
GraphicsMagick, allow user-assisted remote attackers to cause a
denial of service (crash) or obtain sensitive information via
crafted images with large or negative values that trigger a
buffer overflow. It only affects the oldstable distribution (etch).
[+] Application: AdaptBB
[+] Version: 1.0 Beta
[+] Website: http://sourceforge.net/projects/adaptbb/
[+] Bugs: [A] Multiple Blind SQL Injection
[B] Multiple Dynamic Code Execution
[C] Arbitrary File Upload
[+] Exploitation: Remote
[+] Date: 09 Apr 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted
TCP Sequence Vulnerability
Advisory ID: cisco-sa-20090325-tcp
http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Python: Multiple vulnerabilities
Date: July 31, 2008
Bugs: #230640, #232137
ID: 200807-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
############################################################################
#####
Subject: DNS Multiple Race Exploiting Tool release
Homepage: http://www.securebits.org/dnsmre.html
Download: http://www.securebits.org/tools/dns_mre-v1.0.tar.gz
OS: The tool runs on Linux
Target OS: Tested against windows 2003 server
############################################################################
#####
Application: Quate CMS
Versions Affected: 0.3.4
Vendor URL: http://www.quate.net/
Bugs: RFI, Multiple LFI, Directory traversal, Multiple XSS
Exploits: YES
Reported: 18.03.2008
Second report: 25.03.2008
Vendor response: NONE
Solution: NONE
Multiple Vulnerabilities In .FLAC File Format and Various Media
Applications
Release Date:
November 15, 2007
Date Reported:
September 28, 2007 (Vendor Reporting Coordination Began With US-CERT)
Severity:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PCRE: Multiple vulnerabilities
Date: November 20, 2007
Bugs: #198198
ID: 200711-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Secure Network - Security Research Advisory
Vuln name: Simple PHP Blog Multiple Vulnerabilities
Systems affected: simplePHPBlog 0.5.0.1, simplePHPBlog 0.4.8 and all previous versions
Systems not affected: -
Severity: Medium
Local/Remote: Remote
Vendor URL: http://www.simplephpblog.com/
Author(s): Luca "ikki" Carettoni - luca.carettoni@securenetwork.it, Luca "Daath" De Fulgentis - daath@webapptest.org
Vendor disclosure: 14th September 2007
netVigilance Security Advisory #64
SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple languages, Support for multiple instances in one database, Support for multiple layouts, Own header/footer can be defined, Support of BBCode and smilies, Admin can decide which BBCode tags to enable, Avatars (with option to let users upload their own), Admin can decide which input fields to display and which of them are required, Admins can write comments on posts, Admins can mark entry as "always on top", Admins can attach file to entry, flood protection, IP banlist, bad word list, send email notification upon new posts, optionally validate new posts before they get visible by public, own leadtext for entry form and own "Thank you" message can be defined, Option to mark posts as private (only admins can see them), search entries, Option to let users send emails out of guestbook.
External References:
Mitre CVE: ID requested but no answer received
NVD NIST: ID requested but no answer received
OSVDB: ID requested but no answer received
netVigilance Security Advisory #67
SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple languages, Support for multiple instances in one database, Support for multiple layouts, Own header/footer can be defined, Support of BBCode and smilies, Admin can decide which BBCode tags to enable, Avatars (with option to let users upload their own), Admin can decide which input fields to display and which of them are required, Admins can write comments on posts, Admins can mark entry as "always on top", Admins can attach file to entry, flood protection, IP banlist, bad word list, send email notification upon new posts, optionally validate new posts before they get visible by public, own leadtext for entry form and own "Thank you" message can be defined, Option to mark posts as private (only admins can see them), search entries, Option to let users send emails out of guestbook.
External References:
Mitre CVE: ID requested but no answer received
NVD NIST: ID requested but no answer received
OSVDB: ID requested but no answer received
BUGTRAQ/BID:
Title: [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical
Storage Manager CsAgent Multiple Vulnerabilities
CA Vuln ID (CAID): 35690, 35691, 35692
CA Advisory Date: 2007-09-26
Reported By: Sean Larsson, iDefense Labs
anonymous researcher working with the iDefense VCP
AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities
Name AlstraSoft E-Friends
Vendor http://www.alstrasoft.com
Versions Affected 4.96
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-10-27
Biblioteca 1.0 Beta Joomla Component Multiple SQL Injection Vulnerabilities
Name Biblioteca
Vendor http://www.cielostellato.info
Versions Affected 1.0 Beta
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-21
[ Multiple Vendors libc/fnmatch(3) DoS (incl apache poc) ]
Author: Maksymilian Arciemowicz
http://netbsd.org/donations/
http://securityreason.com/
http://cxib.net/
Date:
- Dis.: 29.01.2011
- Pub.: 13.05.2011
iScripts MultiCart 2.2 Multiple SQL Injection Vulnerability
Name iScripts MultiCart
Vendor http://www.iscripts.com
Versions Affected 2.2
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-03-07
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Next Page>>
|
