Next Page >>
Version Affected
AMember - Multiple Vulnerabilities
Version Affected: 3.1.7 (Apr-10-2009) (newest)
Info: aMember is a flexible membership and subscription management PHP script. It has support for
PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling,
Multicards, E-Gold and Clickbank payment systems (see list of integrated payment systems) and
allows you to setup paid-membership areas on your site. It can also be used without any payment
system - you can manage users manually.
On 9/24/08, Aditya K Sood <0kn0ck@secniche.org> wrote:
>
> *Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.*
>
> *Version Affected:*
> Chrome/0.2.149.30
> Chrome/0.2.149.29
>
> *Severity:*
> High
Achievo - Cross Site Scripting Vulnerability
Version Affected: 1.3.4 (August 12, 2008) (newest)
Info: Achievo is a flexible web-based resource management tool for business environments.
Achievo's resource management capabilities will enable organisations to support their business processes in a simple, but effective manner.
A solution that fits seamlessly to the wishes of every organisation and offers the possibility and freedom to adapt the functionality to the needs of the organisation. It will fit into every organisation because Achievo is extremly easy to change to your specific situation.
Opinion: Achievo seems to know what they're doing, or perhaps it's just because 99% of the platform is locked down.
---------------------------------------------------
Advisory:
PGP Desktop 9.0.6 Denial Of Service Vulnerability.
Version Affected:
PGP Desktop 9.0.6 [Build 6060] (other version could be affected)
Component Affected:
PGPwded.sys
Version Affected:
Oracle E-Business Suite Release 12, version 12.0.6
Oracle E-Business Suite Release 11i, version 11.5.10.2
CVE:
2008-5446
Description:
The oracle E Business including applications like I-Recruitment etc is
LiveZilla - Cross Site Scripting Vulnerability
Version Affected: 3.1.8.3 (newest)
Info:
LiveZilla, the Next Generation Live Help / Live Chat and Live
Support System connects you to your website visitors. Use
LiveZilla to provide Live Chats and monitor your website visitors
in real-time. Convert visitors to customers - with LiveZilla!
Advisory: Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment File Uploading Module- E-Business Suite
CVE-2010-2404
Version Affected - 11.5.10.2, 12.0.6, 12.1.3
About: Oracle I-Recruitment Suite
Oracle iRecruitment is a web based full-cycle recruiting solution that
gives managers, recruiters and candidates the ability to manage every
phase of finding, recruiting, hiring, and tracking new employees. It is a
Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.
*Version Affected:*
IE 7 / IE 8 BETA
*Severity:*
Intermediate
*Background:*
Mshtml.dll is a standard library which is responsible for rendering
Geeklog - Pre-Installation Vulnerabilities
Version Affected: 1.5.2sr4 (18th April 2009) (newest)
Info: See website for more details.
Opinion: The system seems to be more secure than most web application systems on the Internet these days.
Credits: InterN0T
Webmedia Explorer - Cross Site Scripting Vulnerability
Version Affected: 5.0.9 (newest is: 5.10.0)
Info: Webmedia Explorer is the alternative CMS engine that reads the hard disc and generates a website realtime taking advantage of a very powerful rendering and data fetching caching system.
Credits: InterN0T
External Links:
http://www.webmediaexplorer.com/
>> To: bugtraq@securityfocus.com
>> Subject: Pidgin IM Client Password Disclosure Vulnerability.
>>
>> Pidgin IM Client Password Disclosure Vulnerability.
>>
>> *Version Affected:*
>> 0.7.10 Unicode / Previous version can be affected.
>>
>> *Release Date:*
>> 11 September 2008
>>
Google Chrome Window Object Suppressing Remote Denial of Service.
*Version Affected:*
Chrome/0.2.149.30
Chrome/0.2.149.29
Chrome/0.2.149.27
*Severity:*
High
> To: bugtraq@securityfocus.com
> Subject: Pidgin IM Client Password Disclosure Vulnerability.
>
> Pidgin IM Client Password Disclosure Vulnerability.
>
> *Version Affected:*
> 0.7.10 Unicode / Previous version can be affected.
>
> *Release Date:*
> 11 September 2008
>
Advisory: Persistent Log Out Redirection Vulnerability in Oracle
I-Recruitment OA.jsp
CVE-2010-2408
Version Affected - 11.5.10.2, 12.0.6, 12.1.3
About: Oracle I-Recruitment Suite
Oracle iRecruitment is a web based full-cycle recruiting solution that
gives managers, recruiters and candidates the ability to manage every
phase of finding, recruiting, hiring, and tracking new employees. It is a
Yoast GA Plugin for WP - Cross Site Scripting Vulnerability
Version Affected: 3.2.4 (newest)
Info: The Google Analytics for WordPress plugin automatically tracks and
segments all outbound links from within posts, comment author links, links
within comments, blogroll links and downloads. It also allows you to track
AdSense clicks, add extra search engines, track image search queries and it
will even work together with Urchin.
Advisory: Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability.
Version Affected:
Chrome/0.2.149.30
Chrome/0.2.149.29
Chrome/0.2.149.27
Description:
Google chrome is susceptible to stringent behavior while handling
"onbeforeunload"
Summary
=======
Name: Denial-of-Service Vulnerability in IDA Pro
Release Date: June 28th, 2010
Discoverer: Jason Geffner
Version Affected: IDA Pro 3.76 through 5.6
Risk: Low
Status: Published
============
Introduction
Flatnux - Cross Site Scripting Vulnerabilities + More
Version Affected: "2009-03-27" (newest)
Info: See website for more information.
Credits: InterN0T
External Links:
http://www.flatnux.altervista.org/
SiteCore.NET - Cross Site Scripting Vulnerability
Version Affected: 6.0.0 (rev. 090120) (We were unable to find out if this is the newest version or not).
Info: It's an overpriced CMS for companies running IIS.
Credits: InterN0T
External Links:
http://sitecore.net/
Miranda IM Client Password Disclosure Vulnerability.
* Version Affected:*
0.7.10 Unicode / Previous version can be affected.
* Release Date:*
11 September 2008
* About:*
Miranda IM is a multi-protocol instant messaging client for Windows.
Opera Window Object Suppressing Remote Denial of Service.
*Version Affected:*
Opera 9.52
*Severity:*
High
*Description:*
Version Affected:
Chrome/1.0.154.43 and previous too
Description:
The Google chrome browser is vulnerable to clickjacking flaw.A
clickjacked page tricks a user into performing
undesired actions by clicking on a concealed link. attackers can trick
users into performing actions which the
users never intended to do and there is no way of tracing such actions
later, as the user was genuinely
TBDev - Cross Site Scripting and HTML Injection Vulnerabilities
Version Affected: 01-01-2008 (16th January 2008) (newest)
Info: TBDEV.NET is a project to further enhance, update and develop a software (php peer-to-peer) from the original torrentbits/bytemonsoon source code.
Credits: InterN0T
External Links:
http://www.tbdev.net
AdPeeps Ad Rotator - XSS and HTML Injection Vulnerabilities
Version Affected: 8.5d1 (3-18-09) (newest)
Info: Ad Peeps is a banner rotator and text ad rotator - all in one that allows you to track, sell and manage banner ads, rich-media/flash ads and text ads on your website. Built using PHP/MYSQL, Ad Peeps provides you and your advertisers with highly detailed real-time statistics and is capable of delivering millions of impressions per day on a typical shared web server. - Plus, you can try it right now on your website with our 7 day trial.
Ad Peeps is so versatile that it can even show your text ads Yahoo! Style or Google AdWords Style. Unlike many other banner ad rotator programs, Ad Peeps was skillfully designed to use minimal server resources while maintaining speed and unparalleled performance. Built on a highly scalable and versatile database architecture, Ad Peeps works without fuss even on high traffic web sites and won't crash your high powered website..
Opinion: AdPeeps, along with many others should really hire people to audit their code.
LightNEasy - HTML Injection Vulnerability
Version Affected: 2.2.2 (15th January 2009) (newest)
Info: LightNEasy, a simple and light Content Management System and Website Builder
Credits: InterN0T
External Links:
http://lightneasy.org/
Summary
=======
Name: Remote Arbitrary Code Execution Vulnerability in UFO: Alien Invasion
Release Date: June 18th, 2010
Discoverer: Jason Geffner
Version Affected: UFO: Alien Invasion 2.2.1
(version previous to UFO: Alien Invasion 2.2.1 not tested)
Risk: Very High
Status: Published
============
moziloCMS - Cross Site Scripting Vulnerability
Version Affected: 1.11.1 (19th May 2009) (newest)
Info: See website for more information. (It's in german and i don't bother translating)
Credits: InterN0T
External Links:
http://cms.mozilo.de/
Skype IM Client Password Disclosure Vulnerability.
*Version Affected:*
Skype 3.8 / Previous version can be affected.
*Release Date:*
11 September 2008
*Description:*
The skype client inherits client side password disclosure vulnerability.
> >> To: bugtraq@securityfocus.com
> >> Subject: Pidgin IM Client Password Disclosure Vulnerability.
> >>
> >> Pidgin IM Client Password Disclosure Vulnerability.
> >>
> >> *Version Affected:*
> >> 0.7.10 Unicode / Previous version can be affected.
> >>
> >> *Release Date:*
> >> 11 September 2008
> >>
SkyBlueCanvas - XSS and Path Content Disclosure Vulnerabilities
Version Affected: 1.1 r237 (newest version: 1.1 r246)
Info: SkyBlueCanvas Lightweight CMS is an open source, free content management system written in php and built specifically for small web sites. The entire site you are viewing is a demonstration of the SkyBlueCanvas lightweight CMS. SkyBlueCanvas is custom-built for those instances when more robust systems like Joomla, WordPress and Drupal are too much horsepower.
Credits: InterN0T
External Links:
http://www.skybluecanvas.com
Next Page>>
|
