y3nh4ck3r@gmail.comto bugtraq------------------------- SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final--> ------------------------------ CMS INFORMATION: -->WEB: http://projectcms.org/ -->DOWNLOAD: http://projectcms.org/uploads/ -->DEMO: http://projectcms.org -->CATEGORY: CMS / Portal -->DESCRIPTION: ProjectCMS is an open source community project to create   ... Read more » |
______________________________ From the low-hanging-fruit-department - Nod32 CAB bypass/evasion ______________________________ Release mode: Coordinated but limited disclosure. Ref : TZO-162009 - Nod32 CAB bypass/evasion WWW : http://blog.zoller.lu/2009/04/ Status : No patch, but mitigation recommendations (see below) Vendor : http://www.trendmicro.com/ Security notification reaction rating : Good Notification to patch time window : 14 days Disclosure Policy : ... Read more » |
Hash: SHA1 - ------------------------------ Debian Security Advisory DSA-1782-1 security@debian.org http://www.debian.org/ April 29, 2009 http://www.debian.org/ - ------------------------------ Package : mplayer Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE- ... Read more » |
Hash: SHA1
POSITRON SECURITY LLC <http://www.positronsecurity. Security Advisory #2009-001 Memcached and MemcacheDB ASLR Bypass Weakness Author: Joe Testa <jt _at_sign_ positronsecurity_dot_com> Date: April 28th, 2009 URL: <http://www.positronsecurity. I. Executive Summary Memcached [1] is a popular open-source, multi-platform database- caching software program used to alleviate repetitive database operations. It wa ... Read more » |
SEC Consult Security Advisory < 20090429-0 > ============================== title: Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000 product: LevelOne AMG-2000 Wireless AP Management Gateway vulnerable version: Firmware <=2.00.00build00600 impact: critical homepage: http://www.level1.com found: 2008-12-16 by: J. Greil / SEC Consult / www.sec-consult.com =========================== ... Read more » |
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01723303 Version: 1 HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-04-27 Last Updated: 2009-04-27 Potential Security Impact: Remote execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. References: CVE-2008-2438 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows BACKGROUND CVSS 2.0 ... Read more » |
Title
----- DDIVRT-2009-24 Precidia Ether232 Memory Corruption Severity -------- Medium Date Discovered --------------- March 10th, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and princeofnigeria and r@b13$ Vulnerability Description ------------------------- Certain Precidia Ether232 devices contain memory overwrite and authentication flaws. By making malformed GET requests to the built-in web server on certain Precidia Ether232 devices, it is possible to arbitrarily overwrite memory on the device and cause unknown impact. Solution Description -------------------- At this point in time, Precidia Technologies has not provided a firmware upgrade addressing the memory corruption flaw. As a workaround, Precidia Technologies suggests that users disable the web server on the device through the serial or telnet configuration inte ... Read more » |
From the low-hanging-fruit-department - Aladdin eSafe bypass/evasion ______________________________ Release mode: Forced relaese, vendor has not replied. Ref : TZO-152009 - Aladdin eSafe Generic Evasion WWW : http://blog.zoller.lu/2009/04/ Status : Not patched Vendor : http://www.aladdin.com Security notification reaction rating : Catastrophic (vendor visited specific url at my website but has not reacted) Disclosure Policy : http://blog.zoller.lu/2008/09/ |
Thierry Zollerto NTBUGTRAQ, bugtraq, full-dFrom the low-hanging-fruit-department - Avira antivir bypass/evasion ______________________________ Release mode: Coordinated but limited disclosure. Ref : TZO-132009 - Avira Antivir evasion CAB WWW : http://blog.zoller.lu/200 ... Read more » |
IrIsT.Ir@gmail.comto bugtraqa bug in MataChat that allows to us to occur a Cross-Site Scripting on a Remote machin. this bug tested with the Vulnerable Software All Ver. ------------------------------ ############################## # &nbs ... Read more » |