Next Page >>
Versions Affected
We believe this flaw will permit remote code execution.
This vulnerability is tracked as CVE-2007-4995.
Versions Affected
- -----------------
All releases of 0.9.8 prior to 0.9.8f.
Recommendation
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-020
Application: Alcatel OmniPCX Office
Versions Affected: Alcatel OmniPCX Office since release 210/061.1
Vendor URL: http://alcatel.com
Bugs: Remote command execution
Exploits: YES
Risk: High
CVSS Score: 7.31
[DSECRG-08-021] Digital Security Research Group [DSecRG] Advisory
Application: PowerPHPBoard
Versions Affected: 1.00b
Vendor URL: http://www.powerscripts.org/
Bug: Multiple Local File Include
Exploits: YES
Reported: 01.02.2008
Vendor Response: none
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-022
Application: BolinOS
Versions Affected: 4.6.1
Vendor URL: http://www.bolinos.com
Bugs: Local File Include,Multiple XSS, System information disclosure
Exploits: YES
Reported: 13.03.2008
Second report: 18.03.2008
original advisory: http://dsecrg.com/pages/vul/DSECRG-09-035.html
Application: Chance-i DiViS-Web DVR System ActiveX control
Versions Affected: 3,0,0,7
Vendor URL: http://www.chance-i.com/
Bug: Heap Overflow
Exploits: YES
Reported: 13.03.2009
Second Reported: 20.03.2009
SSH connections directed at any TANDBERG VCS device. A successful exploit would
most likely yield an attacker shell access to the device with privileges of the
victim client.
Versions Affected
- -----------------
VSR has observed this vulnerability in version x4.2.1. Based on preliminary
analysis of configuration files and scripts [2], versions x4.3.0 and x5.0 also
appear to be vulnerable. Earlier versions have not been tested.
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-023
Application: SAP Web Application Server
Versions Affected: Version 7.0
Vendor URL: http://SAP.com
Bugs: XSS
Exploits: YES
Reported: 25.01.2008
Vendor response: 25.01.2008
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-020
Application: Alcatel OmniPCX Office
Versions Affected: Alcatel OmniPCX Office since release 210/061.1
Vendor URL: http://alcatel.com
Bugs: Remote command execution
Exploits: YES
Risk: High
CVSS Score: 7.31
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-043
Application: EAI WebViewer2D (EnjoySAP, SAP GUI for Windows 6.4 and 7.1)
Versions Affected: Tested on 7100.2.7.1038 PL 7
Vendor URL: http://SAP.com
Bugs: insecure method, File owervriting
Exploits: YES
Reported: 02.07.2009
Vendor response: 02.07.2009
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 5.5.0 to 5.5.28
Tomcat 6.0.0 to 6.0.20
The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be also
affected.
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-028
Application: Velocity web-server (a part of Velocity Security Management System)
Versions Affected: Old version 1.0
Vendor URL: http://hirschelectronics.com
Bugs: Directory traversal File Download
Exploits: YES
Reported: 03.03.2008
Second report: 14.03.2008
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-020
Application: Alcatel OmniPCX Office
Versions Affected: Alcatel OmniPCX Office since release 210/061.1
Vendor URL: http://alcatel.com
Bugs: Remote command execution
Exploits: YES
Risk: High
CVSS Score: 7.31
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-031
http://dsecrg.com/pages/vul/show.php?id=131
Application: Oracle BEA Weblogic 10
Versions Affected: Oracle BEA Weblogic 10
Vendor URL: http://oracle.com
Bugs: Linked XSS Vulnerability
Exploits: YES
Reported: 18.03.2009
Vendor response: 19.03.2009
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-038
Application: ezContents CMS
Versions Affected: 2.0.3
Application URL: http://www.ezcontents.org/
Vendor URL: http://www.visualshapers.com/
Bug: Multiple Local File Include
Exploits: YES
Reported: 05.08.2008
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-017
Application: Flyspray (web-based bug tracking system)
Versions Affected: 0.9.9.4
Vendor URL: http://www.flyspray.org
Bugs: SiXSS, Stored XSS, Brute Force
Exploits: YES
Reported: 08.02.2008
Vendor response: 08.02.2008
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 6.0.0 to 6.0.18
Tomcat 5.5.0 to 5.5.27
Tomcat 4.1.0 to 4.1.39
Description:
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-064
Application: SAP GUI
Versions Affected: SAP GUI (SAP GUI 7.1)
Vendor URL: http://SAP.com
Bugs: Insecure method. Code Execution.
Exploits: YES
Reported: 16.10.2009
Vendor response: 27.10.2009
Date of Public Advisory: 23.03.2010
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110
Application: Oracle Database 10G
Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL: http://oracle.com
Bugs: PL/SQL Injections
Exploits: YES
Reported: 29.01.2008
Vendor response: 31.01.2008
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-011
Application: Astrosoft HelpDesk
Versions Affected:
Vendor URL: http://astrosoft.ru/
Bugs: Multiple XSS Injections
Exploits: YES
Reported: 29.01.2008
Vendor response: NONE
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-008
Application: Txp CMS
Versions Affected: 4.0.5
Vendor URL: http://www.textpattern.com
Bugs: DOS, multiple XSS, etc.
Exploits: YES
Reported: 11.01.2008
Vendor response: 14.01.2008
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-025
http://dsecrg.com/pages/vul/show.php?id=125
Application: Oracle Secure Enterprise Search (SES)
Versions Affected: Oracle Secure Enterprise Search (SES) version 10.1.8.2.0
Vendor URL: http://www.oracle.com
Bugs: XSS
Exploits: YES
Reported: 21.01.2009
Vendor response: 23.01.2009
pre-filled with the stored credentials from the victim.example.org domain,
even though the password prompt is generated by evil.example.com.
Versions Affected
-----------------
The issue was originally discovered in version 3.0.195.38 and was also verified
to exist in version 4.0.249.78. Testing was conducted on the Windows platform.
Severity: Low
Vendor: SpringSource
Versions Affected:
Spring Framework 1.1.0-2.5.6, 3.0.0.M1-3.0.0.M2
dm Server 1.0.0-1.0.2 (note 2.x not affected since dm Server 2.x requires a 1.6 JDK)
Description:
The j.u.r.Pattern.compile method in Sun 1.5 JDK has a problem ([1],[2]) with exponential compilation times, when using optional groups. A workaround [3] was implemented in 1.4.2_06 but the root cause of poor performance in regex processing was not resolved until JDK 1.6.
Pivot - XSS and HTML Injection Vulnerabilities
Versions Affected: 1.40.4 and 1.40.7 (22nd March 2009) (newest)
Info: Pivot is a web-based tool to help you maintain dynamic sites, like
weblogs or online journals. Pivot is released under the GPL so it is
completely free to use. It is written in PHP, and does not require
additional libraries or databases to function.
Credits: InterN0T
Author: Gerendi Sandor Attila
Date: April 29, 2009
Package: Coppermine Photo Gallery (cpg1.4.21)
Product homepage: http://coppermine-gallery.net/
Versions Affected: v.1.4.21 (older versions are also affected)
Advisory: http://gsasec.blogspot.com/2009/04/coppermine-photo-gallery-1421-cross.html
Severity: Medium
Input passed to the 'css' parameter from '/docs/showdoc.php' is not sanitized before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-029
Application: Dokeos E-Learning System
Versions Affected: 1.8.5
Vendor URL: http://dokeos.com/
Bug: Local File Include
Exploits: YES
Reported: 01.07.2008
Vendor response: 05.07.2008
Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities
Name Digital Scribe
Vendor http://www.digital-scribe.org
Versions Affected 1.4.1
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-11
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 5.5.0 to 5.5.29
Tomcat 6.0.0 to 6.0.27
Tomcat 7.0.0
Note: 7.0.0 is still beta.
iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities
Name iScripts EasySnaps
Vendor http://www.iscripts.com
Versions Affected 2.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-01-07
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.16
The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected
Next Page>>
|
