Security
[ MDVSA-2012:016 ] glpi
Posted by security on Feb 10
_______________________________________________________________________Mandriva Linux Security Advisory MDVSA-2012:016
http://www.mandriva.com/security/
_______________________________________________________________________
Package : glpi
Date : February 10, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A File Inclusion...
Categories: Security
CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability
Posted by YGN Ethical Hacker Group on Feb 10
1. OVERVIEWThe CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection.
2. BACKGROUND
CubeCart is an "out of the box" ecommerce shopping cart software
solution which has been written to run on servers that have PHP &
MySQL support. With CubeCart you can quickly setup a powerful online
store which can be used to sell digital or tangible products to new
and existing customers all over the world.
3. VULNERABILITY...
Categories: Security
Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities
Posted by research () vulnerability-lab com on Feb 10
Title:======
Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities
Date:
=====
2012-02-10
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=429
VL-ID:
=====
429
Introduction:
=============
Scriptable, distributed and object oriented Hosting Platform. Manage
Clients, Resellers,
Domains, Backups, Stats, Mails and Databases. Manage everything!
(Copy of the Vendor Homepage: http://www.lxcenter.org/)...
Categories: Security
Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities
Posted by research () vulnerability-lab com on Feb 10
Title:======
Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities
Date:
=====
2012-02-09
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=427
VL-ID:
=====
427
Introduction:
=============
Dolibarr ERP & CRM is a modern software to manage your company or foundation activity (contacts, suppliers,
invoices, orders, stocks, agenda, ...). It s an opensource free software designed for small and medium...
Categories: Security
OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities
Posted by research () vulnerability-lab com on Feb 10
Title:======
OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities
Date:
=====
2012-02-08
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=426
VL-ID:
=====
426
Introduction:
=============
Onxshop is not only great CMS offering integrated in-context editing and full design freedom without the constraints
of limiting templates, but it s also stable ecommerce platform used in production environment since 2006. Flexible...
Categories: Security
Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
Posted by research () vulnerability-lab com on Feb 10
Title:======
Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
Date:
=====
2012-02-07
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=428
VL-ID:
=====
428
Introduction:
=============
Dolibarr ERP & CRM is a modern software to manage your company or foundation activity (contacts, suppliers,
invoices, orders, stocks, agenda, ...). It s an opensource free software designed for small and medium
companies,...
Categories: Security
[Suspected Spam] eFront Community++ v3.6.10 - Multiple Web Vulnerabilities
Posted by research () vulnerability-lab com on Feb 09
Title:======
eFront Community++ v3.6.10 - Multiple Web Vulnerabilities
Date:
=====
2012-02-09
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=421
VL-ID:
=====
421
Introduction:
=============
Tailored with larger organizations in mind, eFront Community ++ offers solutions for the management of companies most
valued asset - the people. Based on a coherent approach to human capital management which keeps the...
Categories: Security
[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability
Posted by Leonardo Uribe on Feb 09
--------------------------------------------------------------------------------------------------CVE-2011-4367: Apache MyFaces information disclosure vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
MyFaces Core 2.0.1 to 2.0.11
MyFaces Core 2.1.0 to 2.1.5
Earlier versions are not affected
Description:
MyFaces JavaServer Faces (JSF) allows relative paths in the...
Categories: Security
[ MDVSA-2012:015 ] wireshark
Posted by security on Feb 09
_______________________________________________________________________Mandriva Linux Security Advisory MDVSA-2012:015
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : February 9, 2012
Affected: 2011.
_______________________________________________________________________
Problem Description:
Multiple file parser and NULL...
Categories: Security
[SECURITY] [DSA 2407-1] cvs security update
Posted by Florian Weimer on Feb 09
-------------------------------------------------------------------------Debian Security Advisory DSA-2407-1 security () debian org
http://www.debian.org/security/ Florian Weimer
February 09, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : cvs
Vulnerability : heap overflow
Problem type : remote...
Categories: Security
ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability
Posted by ZDI Disclosures on Feb 08
ZDI-12-031 : Novell iPrint Server attributes-natural-language RemoteCode Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-031
February 8, 2012
-- CVE ID:
CVE-2011-4194
-- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
-- Affected Vendors:
Novell
-- Affected Products:
Novell iPrint
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine...
Categories: Security
ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability
Posted by ZDI Disclosures on Feb 08
ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1TestCompatibilityRecordMode Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-030
February 8, 2012
-- CVE ID:
CVE-2011-1388
-- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
-- Affected Vendors:
IBM
-- Affected Products:
IBM Rational Rhapsody
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this...
Categories: Security
ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability
Posted by ZDI Disclosures on Feb 08
ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarkerRemote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-029
February 8, 2012
-- CVE ID:
CVE-2011-1391
-- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
-- Affected Vendors:
IBM
-- Affected Products:
IBM Rational Rhapsody
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital...
Categories: Security
ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities
Posted by ZDI Disclosures on Feb 08
ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 ControlMultiple Remote Code Execution Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-12-028
February 8, 2012
-- CVE ID:
CVE-2011-1392
-- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
-- Affected Vendors:
IBM
-- Affected Products:
IBM Rational Rhapsody
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by...
Categories: Security
ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability
Posted by ZDI Disclosures on Feb 08
ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc MethodRemote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-027
February 8, 2012
-- CVE ID:
CVE-2012-0189
-- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-- Affected Vendors:
IBM
-- Affected Products:
IBM SPSS
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine...
Categories: Security
ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability
Posted by ZDI Disclosures on Feb 08
ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render MethodRemote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-026
February 8, 2012
-- CVE ID:
CVE-2012-0190
-- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-- Affected Vendors:
IBM
-- Affected Products:
IBM SPSS
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine...
Categories: Security
ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution
Posted by ZDI Disclosures on Feb 08
ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote CodeExecution
http://www.zerodayinitiative.com/advisories/ZDI-12-025
February 8, 2012
-- CVE ID:
CVE-2012-0395
-- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
-- Affected Vendors:
EMC
-- Affected Products:
EMC NetWorker
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID...
Categories: Security
ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability
Posted by ZDI Disclosures on Feb 08
ZDI-12-024 : Total Defense Suite UNC Management Web Serviceuncsp_ViewReportsHomepage SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-024
February 8, 2012
-- CVE ID:
-- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-- Affected Vendors:
Total Defense
-- Affected Products:
Total Defense CA Total Defense
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this...
Categories: Security
ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability
Posted by ZDI Disclosures on Feb 08
ZDI-12-023 : Total Defense Suite UNC Management Web Service DatabaseCredentials Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-023
February 8, 2012
-- CVE ID:
-- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-- Affected Vendors:
Total Defense
-- Affected Products:
Total Defense CA Total Defense
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by...
Categories: Security
ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability
Posted by ZDI Disclosures on Feb 08
ZDI-12-022 : Total Defense Suite UNC Management Console ExportReportSQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-022
February 8, 2012
-- CVE ID:
-- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
-- Affected Vendors:
Total Defense
-- Affected Products:
Total Defense CA Total Defense
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital...
Categories: Security
