Next Page >>
Systems Affected
Vtiger CRM 5.0.4 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Vtiger CRM
Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 6/10, vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Vendor http://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Vendors Affected:
Axway
http://www.axway.com
Systems Affected:
Secure Transport
Problem:
A path traversal vulnerability was identified in SecureTransport versions 5.1 SP2 and earlier on the Microsoft Windows platform that could allow tampering and information disclosure. This vulnerability allows remote attackers to access other user's directories, and also to read, download, delete and upload arbitrary files. This can be performed using a encoded backslash characters (%5c) in the path.
October 24, 2006
Severity:
High (Code Execution)
Systems Affected:
Internet Explorer 6 SP1 - Windows 2000 SP4
Internet Explorer 6 SP1 - Windows XP SP1
Internet Explorer 6 SP2 - Windows XP SP2
Internet Explorer 6 SP1 - Windows Server 2003 SP1
Internet Explorer 6 SP2 - Windows Server 2003 SP2
Risk Level : Medium
Impact : Gain Access
Systems Affected :
RSA KEON Registration Authority Software
Remedy :
Systems Affected 9i Rel. 1 - 10g Rel. 2
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust
Advisory 16 April 2008 (V 1.00)
Advisory URL http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html
Details
The package SDO_GEOM is vulnerable against SQL injection.
NGSSoftware Insight Security Research Advisory
Name: PLSQL Injection in Oracle Application Server
Systems Affected: Oracle Application Server 9.0.4.3, 10.1.2.2, 10.1.4.1
Severity: Critical
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ davidl@ngssoftware.com ]
Reported: 9th October 2007
Date of Public Advisory: 15th July 2008
Advisory number: #NISR15072008
Release Date: 30 November 2012
Reference: NGS00263
Discoverer: Ben Williams <ben.williams@ngssecure.com>
Vendor: Symantec
Vendor Reference:
Systems Affected: Symantec Messaging Gateway 9.5.3-3
Risk: High
Status: Published
========
TimeLine
High (Remote Code Execution)
Vendor:
Multiple Vendors
Systems Affected:
Applications with FLAC Support
Overview:
eEye Digital Security has discovered 14 vulnerabilities in the
processing of FLAC (Free-Lossless Audio Codec) files affecting various
===============================ADVISORY===============================
Name: Autocomplete Data Theft in Mozilla Firefox
Systems Affected: Mozilla Firefox 3.5, Mozilla Firefox 3.0
Severity: Moderate
Category: Data Leakage
Author: Context Information Security Ltd
Advisory: 4 November 2009
CVE: CVE-2009-3370
Release Date: 31 July 2011
Reference: NGS00068
Discoverer: Dominic Chell <dominic.chell@ngssecure.com>
Vendor: VideoLAN
Vendor Reference: CVE-2011-1931
Systems Affected: VLC media player 1.1.9 and earlier releases
Risk: High
Status: Published
========
TimeLine
Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt
CVE ID: CVE-2008-1930
Source: Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/>
Systems Affected:
Wordpress 2.5
Overview:
Name: Cross Site Scripting in CiscoWorks
Release Date: 05 December 2007
Reference: LSD001-2007
Discover: Dave Lewis
Vendor: Cisco
Systems Affected: CiscoWorks version 2.6 (as tested)
All prior builds are affected
Risk: Medium
Status: Published
Reference:
WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities
Name Multiple Vulnerabilities in wClient-PHP
Systems Affected wClient-PHP 3.0-2 and earlier versions
Severity Medium
Impact (CVSSv2) Medium (5/10, vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Vendor http://www.wikidsystems.com/
Advisory http://www.ush.it/team/ush/hack-wclient/wikid.txt
Author Francesco "ascii" Ongaro (ascii AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Systems Affected 10g Rel. 1, 10g Rel. 2
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust
Advisory 16 April 2008 (V 1.00)
Advisory URL http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_util.html
Details
The package SDO_UTIL is vulnerable against SQL injection.
Vtiger CRM 5.2.0 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Vtiger CRM
Systems Affected Vtiger CRM 5.2.0 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 9/10, vector: (AV:N/AC:L/Au:N/C:P/I:P/A:C)
Vendor http://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
High (Remote Code Execution)
Vendor:
Computer Associates (CA)
Systems Affected:
CA ARCserve Backup for Laptops and Desktops r11.5
CA ARCserve Backup for Laptops and Desktops r11.1 SP2
CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
PHP filesystem attack vectors - Take Two
Name PHP filesystem attack vectors - Take Two
Systems Affected PHP and PHP+Suhosin
Vendor http://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad_2.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it)
High (Remote Code Execution)
Vendor:
Computer Associates (CA)
Systems Affected:
BrightStor ARCserve Backup 11.5
BrightStor ARCserve Backup 11.1
BrightStor ARCserve Backup 11.0
BrightStor ARCserve Backup 10.5
BrightStor ARCserve Backup 9.01
Name SQL Injection in package DBMS_AQIN [CVE-2009-0992]
Systems Affected Oracle 10.1.0.5 - 11.1.0.7
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
CVE CVE-2009-0992
Advisory 14 April 2009 (V 1.00)
Details:
Release Date: 30 November 2012
Reference: NGS00330
Discoverer: Robert Ray <robert.ray@ngssecure.com>
Vendor: Squiz
Vendor Reference: 11846
Systems Affected: Squiz CMS V11654
Risk: High
Status: Published
========
TimeLine
This vulnerability is present on all Juniper SRX's and quite possibly all Juniper T series routers
Systems Affected
Vendor Status Date Notified Date Updated
Juniper Networks, Inc. Vulnerable 1-April-2010
Release Date: 28 June 2011
Reference: NGS00057
Discoverer: Dominic Chell <dominic.chell@ngssecure.com>
Vendor: Apple
Vendor Reference: 142522746
Systems Affected: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6. This issue does not affect systems prior to Mac OS X v10.6
Risk: High
Status: Published
========
TimeLine
Digital Security Research Group [DSecRG] Advisory
Name: 2z project
Systems Affected: 2z project 0.9.6.1
Vendor URL: http://2z-project.ru
Authors: Alexandr Polyakov, Stas Svistunovich
Digital Security Reasearch Group [DSecRG] (research [at] dsec [dot] ru)
Reported: 27.12.2007
Vendor response: 27.12.2007
Jetty 6.x and 7.x Multiple Vulnerabilities
Name Multiple Vulnerabilities in Jetty
Systems Affected Jetty 7.0.0 and earlier versions
Severity Medium
Impact (CVSSv2) Medium 5/10, vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Vendor http://www.mortbay.org/jetty/
Advisory http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
FormMail 1.92 Multiple Vulnerabilities
Name Multiple Vulnerabilities in FormMail
Systems Affected FormMail 1.92 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 4.3/10, vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Vendor http://www.scriptarchive.com/formmail.html
Advisory http://www.ush.it/team/ush/hack-formmail_192/adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
/*
*
* SMB SRV2.SYS Denial of Service PoC
* Release Date: Sep 8, 2009
* Severity: Medium/High
* Systems Affected: Windows Vista SP1+SP2, Windows 2008 SP2, Windows 7 Beta + RC
* Discovered by: Laurent Gaffi
*
* Description:
* SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.
* The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used
Release Date: 5 January 2012
Reference: NGS00109
Discoverer: David Middlehurst <david.middlehurst@ngssecure.com>
Vendor: ImpressPages
Vendor Reference:
Systems Affected: ImpressPages CMS 1.0.12
Risk: High
Status: Published
========
TimeLine
Release Date: 28 June 2011
Reference: NGS00052
Discoverer: Paul Harrington <paul.harrington@ngssecure.com>
Vendor: Apple
Vendor Reference: 140299872
Systems Affected: OS X 10.6.6 with RawCamera.bundle < 3.6
Risk: High
Status: Published
========
TimeLine
=======
Name: Elevation of Privilege Vulnerability in iTunes for Windows
Release Date: March 31th, 2010
Discoverer: Jason Geffner
Vendor: Apple Inc.
Systems Affected: iTunes 9.0.0, iTunes 9.0.1, iTunes 9.0.2, iTunes 9.0.3
(version previous to iTunes 9.0.0 not tested)
Risk: High
Apple Security Advisory ID: APPLE-SA-2010-03-30-2 [1]
Apple Knowledge Base Article: HT4105 [2]
CVE-ID: CVE-2010-0532
Reference: LSD002-2008
CVE Number: CVE-2008-1202
Discover: Dave Lewis
Vendor: Adobe Systems
Product: LiveCycle Workflow 6.2 Management Web Interface
Systems Affected: version 6.2 (as tested)
NB. Other versions may be affected.
Risk: Important
Status: Published
Reference:
Next Page>>
|
