majorsecurity
[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service
Details
============
Product: Apple Safari Webbrowser
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.apple.com/safari/
Vendor-Status: informed
Advisory-Status: published on 02-02-2010
[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service
Details
============
Product: Motorola Milestone(Droid) Smartphone
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.motorola.com/
Vendor-Status: informed
Advisory-Status: published on 02-02-2010
[MajorSecurity SA-071]phpFaber CMS - Multiple stored Cross-site Scripting issues
Details
=============
Product: phpFaber CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.phpfaber.com/
Advisory-Status: published
[MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue
Details
=============
Product: WordPress 3.0.1
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.wordpress.org/
Advisory-Status: published
[MajorSecurity SA-074]CMS RedAks 2.0 - Multiple Cross-site Scripting issues
Details
=============
Product: CMS RedAks 2.0
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.redaks.com/
Advisory-Status: published
[MajorSecurity Advisory #55]moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues
Details
=======
Product: moziloCMS
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://cms.mozilo.de/
Vendor-Status: informed
Advisory-Status: published
[MajorSecurity SA-075]CMS RedAks 2.0 - SQL injection vulnerability
Details
=============
Product: CMS RedAks v.2.0
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://www.redaks.com/
Advisory-Status: published
[MajorSecurity SA-079]PHPKIT WCMS - Multiple stored Cross Site Scripting Issues
Details
=============
Product: PHPKIT WCMS
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.phpkit.com/
Advisory-Status: published
[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues
Details
=======
Product: moziloWiki
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: http://www.mozilo.de/
Vendor-Status: informed
Advisory-Status: published
[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues
Details
=======
Product: BLUEPAGE CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.bluepage-cms.com/
Vendor-Status: informed
Advisory-Status: published
[MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues
Details
=======
Product: xt:Commerce
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.xtcommerce-shop.com/
Vendor-Status: informed
Advisory-Status: published
[MajorSecurity SA-068]Anantasoft Gazelle CMS - change admin password via Cross-site Request Forgery
Details
=======
Product: Anantasoft Gazelle CMS
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://www.anantasoft.com
Vendor-Status: informed
Advisory-Status: published
[MajorSecurity Advisory #52]ActualAnalyzer family - Cross Site Scripting Issues
Details
=======
Product: Actual Analyzer
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.actualscripts.com
Vendor-Status: informed
Advisory-Status: published
[MajorSecurity Advisory #59]PHP <=5.3 - mysqli_real_escape_string() full
path disclosure
Details
=======
Product: PHP <=5.3
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.php.net/
Vendor-Status: informed
[MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure
Details
=======
Product: PHP <=5.3
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.php.net/
Vendor-Status: informed
Advisory-Status: published
[MajorSecurity SA-073]Subdreamer CMS - SQL injection vulnerability
Details
=============
Product: Subdreamer CMS
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://www.subdreamer.com/
Advisory-Status: published
[MajorSecurity SA-070]Plume CMS - change Admin Password via Cross-site Request Forgery
Details
=======
Product: Plume CMS
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://www.plume-cms.net/
Advisory-Status: published
[MajorSecurity SA-076]Conpresso CMS v4.1.1 - Cross site Scripting vulnerabilities
Details
=============
Product: Conpresso CMS v4.1.1
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.conpresso.com/
Advisory-Status: published
[MajorSecurity SA-069]Invision Power Board - stored Cross site Scripting
Details
=======
Product: Invision Power Board
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.invisionpower.com
Vendor-Status: informed
Advisory-Status: published
Dear SecurityFocus moderators.
Unfortunelly this bug was not found by Am!r (IrIsT?) like it has been credited in this advisory. It was originally discovered by David Vieira-Kurz of MajorSecurity and published on June 3rd 2006.
BugTraq-iD: 345993 --> http://www.securityfocus.com/archive/1/435993
and BID: 18284 -->
http://www.securityfocus.com/bid/18284
Original advisory: http://www.majorsecurity.de/index_2.php?major_rls=major_rls9
|
