New User, Welcome!     Login

Next Page >>

Systems Affected

Vtiger CRM 5.0.4 Multiple Vulnerabilities

Vtiger CRM 5.0.4 Multiple Vulnerabilities

 Name              Multiple Vulnerabilities in Vtiger CRM
 Systems Affected  Vtiger CRM 5.0.4 and possibly earlier versions
 Severity          Medium
 Impact (CVSSv2)   Medium 6/10, vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
 Vendor            http://www.vtigercrm.com
 Advisory
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
 Authors           Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)

NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI

Release Date: 30 April 2012
Reference: NGS00138
Discoverer: Ben Williams <ben.williams@ngssecure.com>
Vendor: Websense
Vendor Reference: 
Systems Affected: 
Risk: High
Status: Published

========
TimeLine

EEYE: VGX.DLL Compressed Content Heap Overflow Vulnerability

October 24, 2006

Severity:
High (Code Execution)

Systems Affected:
Internet Explorer 6 SP1 - Windows 2000 SP4
Internet Explorer 6 SP1 - Windows XP SP1
Internet Explorer 6 SP2 - Windows XP SP2
Internet Explorer 6 SP1 - Windows Server 2003 SP1
Internet Explorer 6 SP2 - Windows Server 2003 SP2

Oracle - SQL Injection Vulnerability in SDO_UTIL [DB05]

Systems Affected   10g Rel. 1, 10g Rel. 2
Severity           High Risk
Category           SQL Injection
Vendor URL             http://www.oracle.com/
Author             Alexander Kornbrust
Advisory               16 April 2008 (V 1.00)
Advisory URL           http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_util.html

Details
The package SDO_UTIL is vulnerable against SQL injection.

Moodle 1.9.3 Remote Code Execution

Moodle 1.9.3 Remote Code Execution

Name              Remote Code Execution in Moodle
Systems Affected  Moodle 1.9.3 and possibly earlier versions
Severity          High
Impact (CVSSv2)   High 7.3/10, vector: (AV:N/AC:L/Au:M/C:P/I:P/A:C)
Vendor            http://moodle.org/
Advisory          http://www.ush.it/team/ush/hack-moodle193/moodle193.txt
Authors           Antonio "s4tan" Parata (s4tan AT ush DOT it)
                  Francesco "ascii" Ongaro (ascii AT ush DOT it)

NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration

Release Date: 22 March 2011
Reference: NGS00014
Discoverer: Gavin Jones
Vendor: Cisco
Vendor Reference: CSCei51783, CSCtj96108
Systems Affected: ASA 5500 Series Adaptive Security Appliances -Cisco PIX 500 Series Security Appliances -Cisco VPN 3000 Series Concentrators (models 3005, 3015, 3020, 3030, 3060, and 3080)
Risk: Low
Status: Published

========
TimeLine

Re: [Full-disclosure] PHP filesystem attack vectors

ascii schrieb:
> PHP filesystem attack vectors
> 
>  Name              PHP filesystem attack vectors
>  Systems Affected  PHP and PHP+Suhosin

This research misses some information.

It compares "vanilla PHP" to "patched PHP" but that is not exactly true.

Juniper SRX Critical Denial of Service Vulnerability

This vulnerability is present on all Juniper SRX's and quite possibly all Juniper T series routers 


Systems Affected
Vendor                  Status          Date Notified   Date Updated
Juniper Networks, Inc.  Vulnerable      1-April-2010

mvnForum 1.1 Cross Site Scripting

Last revised: 2008-05-06
Latest version: http://users.own-hero.net/~decoder/advisories/mvnforum-jsxss.txt
Source: Christian Holler <http://users.own-hero.net/~decoder/>


Systems Affected:

 mvnForum 1.1 (http://www.mvnforum.com/) - A Java J2EE/Jsp/Servlet forum

Severity: Moderate

Wordpress 2.5 Cookie Integrity Protection Vulnerability

Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt
CVE ID: CVE-2008-1930
Source: Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/>


Systems Affected:

 Wordpress 2.5


Overview:

EEYE: BitDefender Online Scanner 8 Double Decode Heap Overflow

High (Remote Code Execution)

Vendor:
BitDefender / SOFTWIN - http://www.bitdefender.com

Systems Affected:
BitDefender Online Scan Users

Overview:
eEye Digital Security has discovered a critical remote code execution
condition within OScan8.ocx and Oscan81.ocx included by default in

EEYE: CA BrightStor ArcServe Backup Server Arbitrary Pointer Dereference

High (Remote Code Execution)

Vendor:
Computer Associates (CA)

Systems Affected:
BrightStor ARCserve Backup 11.5
BrightStor ARCserve Backup 11.1
BrightStor ARCserve Backup 11.0
BrightStor ARCserve Backup 10.5
BrightStor ARCserve Backup 9.01

NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI

Release Date: 30 April 2012
Reference: NGS00141
Discoverer: Ben Williams <ben.williams@ngssecure.com>
Vendor: Websense
Vendor Reference: 
Systems Affected: 
Risk: High
Status: Published

========
TimeLine

Oracle - SQL Injection in package SDO_IDX [DB07]

Oracle - SQL Injection in package SDO_IDX [DB07]

Systems Affected   9i Rel. 1 - 11g Rel. 1
Severity           High Risk
Category           SQL Injection
Vendor URL             http://www.oracle.com/
Author             Alexander Kornbrust
Advisory               16 April 2008 (V 1.00)
Advisory URL           http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_idx.html

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

Yaws and Boa log escape sequence injection

 Name              Nginx, Varnish, Cherokee, thttpd, mini-httpd,
                   WEBrick, Orion, AOLserver, Yaws and Boa log escape
                   sequence injection
 Systems Affected  nginx 0.7.64
                   Varnish 2.0.6
                   Cherokee 0.99.30
                   mini_httpd 1.19
                   thttpd 2.25b0
                   WEBrick 1.3.1

Advisory: Cross Site Scripting in CiscoWorks

Name: Cross Site Scripting in CiscoWorks
Release Date: 05 December 2007
Reference: LSD001-2007
Discover: Dave Lewis
Vendor: Cisco
Systems Affected: CiscoWorks version 2.6 (as tested)
All prior builds are affected

Risk: Medium
Status: Published
Reference:

NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation

Release Date: 28 June 2011
Reference: NGS00051
Discoverer: Gavin Jones <gavin.jones@ngssecure.com>
Vendor: Cisco
Vendor Reference: 
Systems Affected: Cisco VPN client (Windows 64 Bit)
Risk: High
Status: Fixed

========
TimeLine

Multiple SQL Injection Flaws in Oracle CTX_DOC package

NGSSoftware Insight Security Research Advisory

Name: Multiple SQL Injection Flaws in Oracle CTX_DOC package
Systems Affected: Oracle 10g release 1 and 2
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ davidl@ngssoftware.com ]
Reported: 6 June 2005
Date of Public Advisory: 17th October 2007
Advisory number: #NISR17102007A

Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox

===============================ADVISORY===============================

Name:               Autocomplete Data Theft in Mozilla Firefox
Systems Affected:   Mozilla Firefox 3.5, Mozilla Firefox 3.0
Severity:           Moderate
Category:           Data Leakage
Author:             Context Information Security Ltd
Advisory:           4 November 2009
CVE:                      CVE-2009-3370

Heap overflow in RealPlayer ID3 tag parser

Name: Heap overflow in RealPlayer ID3 tag parsing code
Release Date: 29 October 2007
Reference: NGS00432
Discover: John Heasman <john@ngssoftware.com>
Vendor: RealNetworks
Systems Affected: Several builds of RealPlayer 10.5,
  All builds of RealPlayer 10.
  For additional affected versions, see the URL below.
Risk: High
Status: Published

Zabbix 1.6.2 Frontend Multiple Vulnerabilities

Zabbix 1.6.2 Frontend Multiple Vulnerabilities

 Name              Multiple Vulnerabilities in Zabbix Frontend
 Systems Affected  Zabbix 1.6.2 and possibly earlier versions
 Severity          High
 Impact (CVSSv2)   High 9.7/10, vector: (AV:N/AC:L/Au:N/C:P/I:C/A:C)
 Vendor            http://www.zabbix.com/
 Advisory          http://www.ush.it/team/ush/hack-zabbix_162/adv.txt
 Authors           Antonio "s4tan" Parata (s4tan AT ush DOT it)
                   Francesco "ascii" Ongaro (ascii AT ush DOT it)

Local privilege escalation vulnerability in Cisco VPN client

Release Date: 16 August 2007
Reference: NGS00503
Discover: Dominic Beecher <dominic@ngssoftware.com>
Vendor: Cisco
Vendor Reference: cisco-sa-20070815-vpnclient
Systems Affected:  All versions up to but not including 5.0.01.0600
Risk: High
Status: Published

========
TimeLine

NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM

Release Date: 30 April 2012
Reference: NGS00140
Discoverer: Ben Williams <ben.williams@ngssecure.com>
Vendor: Websense
Vendor Reference: 
Systems Affected: 
Risk: Critical
Status: Published

========
TimeLine

Untrusted Java applet can connect to localhost

Name: Untrusted Java applet can connect to localhost
Release Date: 29 October 2007
Reference: NGS00443
Discover: John Heasman <john@ngssoftware.com>
Vendor: Sun Microsystems
Systems Affected: JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0
Update 11 and earlier, SDK and JRE 1.4.2_14 and earlier
Risk: Medium
Status: Published

========

Oracle Application Server PLSQL injection flaw

NGSSoftware Insight Security Research Advisory

Name: PLSQL Injection in Oracle Application Server
Systems Affected: Oracle Application Server 9.0.4.3, 10.1.2.2, 10.1.4.1
Severity: Critical
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ davidl@ngssoftware.com ]
Reported: 9th October 2007
Date of Public Advisory: 15th July 2008
Advisory number: #NISR15072008

Oracle - SQL Injection in package SDO_GEOM [DB06]

Systems Affected   9i Rel. 1 - 10g Rel. 2
Severity           High Risk
Category           SQL Injection
Vendor URL             http://www.oracle.com/
Author             Alexander Kornbrust
Advisory               16 April 2008 (V 1.00)
Advisory URL           http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html
Details
The package SDO_GEOM is vulnerable against SQL injection.

NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows

Release Date: 28 June 2011
Reference: NGS00052
Discoverer: Paul Harrington <paul.harrington@ngssecure.com>
Vendor: Apple
Vendor Reference: 140299872
Systems Affected: OS X 10.6.6 with RawCamera.bundle < 3.6
Risk: High
Status: Published

========
TimeLine

Advisory: Tripwire Enterprise/Server XSS Vulnerability

Release Date: 29 January 2008
Reference: LSD001-2008
Discover: Dave Lewis
Vendor: Tripwire
Product: Tripwire Enterprise/Server Management Web Interface
Systems Affected: version 7.0 (as tested)
NB. Earlier versions are affected as well. Please upgrade.


Risk: Less Critical
Status: Published

Collabtive 0.4.8 Multiple Vulnerabilities

Collabtive 0.4.8 Multiple Vulnerabilities

 Name              Multiple Vulnerabilities in Collabtive
 Systems Affected  Collabtive 0.4.8 and possibly earlier versions
 Severity          High
 Impact (CVSSv2)   High 8/10, vector: (AV:N/AC:L/Au:S/C:P/I:C/A:P)
 Vendor            http://collabtive.o-dyn.de/
 Advisory          http://www.ush.it/team/ush/hack-collabtive048/adv.txt
 Authors           Antonio "s4tan" Parata (s4tan AT ush DOT it)
                   Francesco "ascii" Ongaro (ascii AT ush DOT it)

WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities

WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities

  Name              Multiple Vulnerabilities in wClient-PHP
  Systems Affected  wClient-PHP 3.0-2 and earlier versions
  Severity          Medium
  Impact (CVSSv2)   Medium (5/10, vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
  Vendor            http://www.wikidsystems.com/
  Advisory          http://www.ush.it/team/ush/hack-wclient/wikid.txt
  Author            Francesco "ascii" Ongaro (ascii AT ush DOT it)
                    Antonio "s4tan" Parata (s4tan AT ush DOT it)
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!