http://cxsecurity.com/wlb/ Vulnerabilities Database - World Laboratory of Bugtraq 2 CXSecurity.com en-US Sat, 19 May 2012 00:34:44 +0200 CXSecurity http://cxsecurity.com/wlb/rss/vulnerabilities/ http://cxsecurity.com/images/wlb/wlblogo.png Vulnerabilities Database - World Laboratory of Bugtraq 2 (WLB2) http://cxsecurity.com/issue/WLB-2012050133 WLB-2012050133 Thu, 17 May 2012 07:50:14 +0200 Kestutis Gudinavicius Topic: OpenOffice.org Memory Overwrite Vulnerability Risk: High Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA512 CVE-2012-2149 OpenOffice.org memory overwrite vulnerability Reference: http:... http://cxsecurity.com/issue/WLB-2012050132 WLB-2012050132 Thu, 17 May 2012 07:49:22 +0200 Sven Jacobias Topic: OpenOffice.org Powerpoint Denial Of Service Risk: Medium Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA512 CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOff... http://cxsecurity.com/issue/WLB-2012050131 WLB-2012050131 Thu, 17 May 2012 07:48:54 +0200 Tielei Wang Topic: OpenOffice.org vclmi.dll Integer Overflow Risk: High Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA512 CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when a... http://cxsecurity.com/issue/WLB-2012050130 WLB-2012050130 Thu, 17 May 2012 07:48:05 +0200 demonalex Topic: FlashPeak SlimBrowser 6.0.1.38 Denial Of Service Risk: Medium Text:Title: FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability Software : FlashPeak SlimBrowser Software Version : 6.0.... http://cxsecurity.com/issue/WLB-2012050129 WLB-2012050129 Thu, 17 May 2012 07:46:14 +0200 Daniel Godoy Topic: Unijimpe Captcha Cross Site Scripting Risk: Low Text:# Exploit Title: Captcha (unijimpe) XSS Vulnerability # Date: 15/05/2012 # Author: Daniel Godoy # Author Mail: DanielGodoy[a... http://cxsecurity.com/issue/WLB-2012050128 WLB-2012050128 Thu, 17 May 2012 07:45:03 +0200 Jakub Suchy Topic: Drupal Aberdeen 6.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1585890 * Advisory ID: DRUPAL-SA-CONTRIB-2012-081 * Project: Aberdeen [1] (third-pa... http://cxsecurity.com/issue/WLB-2012050127 WLB-2012050127 Thu, 17 May 2012 07:40:13 +0200 Steven Jones and Van G Topic: Drupal Hostmaster 6.x Cross Site Scripting / Access Bypass Risk: High Text:View online: http://drupal.org/node/1585678 * Advisory ID: DRUPAL-SA-CONTRIB-2012-080 * Project: Hostmaster (Aegir) [1]... http://cxsecurity.com/issue/WLB-2012050126 WLB-2012050126 Thu, 17 May 2012 07:39:37 +0200 Lee Rowlands Topic: Drupal Post Affiliate Pro 6.x Cross Site Scripting / Access Bypass Risk: High Text:View online: http://drupal.org/node/1585648 * Advisory ID: DRUPAL-SA-CONTRIB-2012-079 * Project: Post Affiliate Pro [1]... http://cxsecurity.com/issue/WLB-2012050125 WLB-2012050125 Thu, 17 May 2012 07:38:49 +0200 Andrew Berry Topic: Drupal Advertisement 6.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1585544 * Advisory ID: DRUPAL-SA-CONTRIB-2012-077 * Project: Advertisement [1] (thi... http://cxsecurity.com/issue/WLB-2012050124 WLB-2012050124 Thu, 17 May 2012 07:38:17 +0200 Daniel Glucksman Topic: Drupal Ubercart Product Keys 6.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1585532 * Advisory ID: DRUPAL-SA-CONTRIB-2012-076 * Project: Ubercart Product Keys ... http://cxsecurity.com/issue/WLB-2012050123 WLB-2012050123 Thu, 17 May 2012 07:37:48 +0200 coltrane Topic: Drupal Smart Breadcrumb 6.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1585564 * Advisory ID: DRUPAL-SA-CONTRIB-2012-078 * Project: Smart Breadcrumb [1] (... http://cxsecurity.com/issue/WLB-2012050122 WLB-2012050122 Wed, 16 May 2012 19:13:50 +0200 Timo Warns Topic: Linux Kernel 3.3.x <= 3.3.4 Buffer overflow in HFS plus filesystem Risk: High Text:PRE-CERT Security Advisory == * Advisory: PRE-SA-2012-03 * Released on: 10 May 2012 * Affected product: Linux Ker... http://cxsecurity.com/issue/WLB-2012050120 WLB-2012050120 Wed, 16 May 2012 19:09:09 +0200 Gjoko 'LiquidWorm' Krstic Topic: Artiphp CMS v5.5.0 Multiple XSS POST Injection Vulnerabilities Risk: Low Text:Artiphp CMS v5.5.0 Multiple XSS POST Injection Vulnerabilities Vendor: Artiphp Product web page: http://www.artiphp.com Af... http://cxsecurity.com/issue/WLB-2012050119 WLB-2012050119 Wed, 16 May 2012 19:07:45 +0200 Gjoko 'LiquidWorm' Krstic Topic: backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability Risk: Low Text:backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability Vendor: SiliSoftware Product web page: http://www.silisoftware.com ... http://cxsecurity.com/issue/WLB-2012050118 WLB-2012050118 Wed, 16 May 2012 19:06:59 +0200 Gjoko 'LiquidWorm' Krstic Topic: phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability Risk: Low Text:phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability Vendor: SiliSoftware Product web page: http://www.sil... http://cxsecurity.com/issue/WLB-2012050117 WLB-2012050117 Wed, 16 May 2012 07:48:40 +0200 Rodrigo Rubira Branco Topic: Apple Quicktime .pct Parsing Memory Corruption Risk: High Text:Qualys Vulnerability & Malware Research Labs (VMRL) http://www.qualys.com http://www.dissect.pe Memory corruption when App... http://cxsecurity.com/issue/WLB-2012050116 WLB-2012050116 Wed, 16 May 2012 07:47:14 +0200 Ivano Binetti Topic: Axous 1.1.1 Cross Site Request Forgery / Cross Site Scripting Risk: Low Text:+ + # Exploit Title : Axous 1.1.1 Multiple Vulnerabilities (CSRF - Persist... http://cxsecurity.com/issue/WLB-2012050114 WLB-2012050114 Wed, 16 May 2012 07:45:18 +0200 Heine Pedersen and Torben Jensen Topic: WordPress Track That Stat 1.0.8 Cross Site Scripting Risk: Low Text:We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the repo... http://cxsecurity.com/issue/WLB-2012050113 WLB-2012050113 Wed, 16 May 2012 07:44:27 +0200 Jelmer Kuperus Topic: Liferay 5.x / 6.x Cross Site Scripting Risk: Low Text:Multiple xss issues in Liferay Description: Liferay Portal is an enterprise portal written in Java Multiple xss vulner... http://cxsecurity.com/issue/WLB-2012050112 WLB-2012050112 Wed, 16 May 2012 07:43:33 +0200 TheCyberNuxbie Topic: TunInfo SQL Injection Risk: Medium Text: 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ ... http://cxsecurity.com/issue/WLB-2012050111 WLB-2012050111 Tue, 15 May 2012 07:25:37 +0200 TheCyberNuxbie Topic: NTDS WebStudio SQL Injection Risk: Medium Text: 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ ... http://cxsecurity.com/issue/WLB-2012050110 WLB-2012050110 Tue, 15 May 2012 07:24:19 +0200 Jean Pascal Pereira Topic: b2ePMS 1.0 SQL Injection Risk: Medium Text: # b2ePMS 1.0 Authentication Bypass Vulnerability # Discovered by: Jean Pascal Pereira <per... http://cxsecurity.com/issue/WLB-2012050109 WLB-2012050109 Tue, 15 May 2012 07:23:47 +0200 Jelmer Kuperus Topic: Liferay Portal Privilege Escalation Risk: Medium Text:Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: https://bugzil... http://cxsecurity.com/issue/WLB-2012050107 WLB-2012050107 Tue, 15 May 2012 07:20:23 +0200 Stefan Kanthak Topic: ICACLS.EXE Destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED Risk: Low Text:Hi @ll, since Windows Vista resp. Windows Server 2003 Service Pack 2, the command line tool to modify/set file/directory pe... http://cxsecurity.com/issue/WLB-2012050106 WLB-2012050106 Tue, 15 May 2012 07:18:19 +0200 Avram Marius Gabriel (d3v1l) Topic: WordPress WP-FaceThumb Gallery 0.1 Cross Site Scripting Risk: Low Text: # Wordpress WP-FaceThumb Gallery Plugin <= 0.1 Reflected XSS Vulnerability # Plugin Page : http://wordpress.org/extend/p... http://cxsecurity.com/issue/WLB-2012050104 WLB-2012050104 Tue, 15 May 2012 07:16:35 +0200 Anon Topic: Galette SQL Injection Risk: Medium Text:Source: http://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to ... http://cxsecurity.com/issue/WLB-2012050103 WLB-2012050103 Tue, 15 May 2012 07:16:02 +0200 TheCyberNuxbie Topic: Vallarta Web Services SQL Injection Risk: Medium Text: 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ ... http://cxsecurity.com/issue/WLB-2012050102 WLB-2012050102 Sun, 13 May 2012 13:24:55 +0200 Nathaniel Carew from Sense of Security Labs. Topic: NETGEAR WNDRMAC Exposure of Sensitive Information Risk: High Text:Sense of Security - Security Advisory - SOS-12-005 Release Date. 13-May-2012 Last Update. - ... http://cxsecurity.com/issue/WLB-2012050101 WLB-2012050101 Sun, 13 May 2012 13:23:24 +0200 iSP0m Topic: NEC Backdoor Administrative Account Risk: High Text: NEC Corp. has a product line of high perfomance servers - http://www.nec.com.sg/index.php?q=products/enterprise-servers ... http://cxsecurity.com/issue/WLB-2012050100 WLB-2012050100 Sun, 13 May 2012 13:22:44 +0200 Th4 MasK Topic: YIndexa SQL Injection Risk: Medium Text: ## ~ Exploit Title : Yndexa SQL Injecktion ~ Author : Th4 MasK ~ Vendor : http://www.in... http://cxsecurity.com/issue/WLB-2012050099 WLB-2012050099 Sun, 13 May 2012 13:22:18 +0200 Vulnerability-Lab.com Topic: NetBill Billing System 1.2 CSRF / XSS Risk: Low Text:Title: NetBill Billing System v1.2 - Multiple Web Vulnerabilites Date: == 2012-05-11 References: == http... http://cxsecurity.com/issue/WLB-2012050098 WLB-2012050098 Sun, 13 May 2012 13:21:51 +0200 Vulnerability-Lab.com Topic: Travelon Express CMS 6.2.2 XSS / Shell Upload / SQL Injection Risk: High Text:Title: Travelon Express CMS v6.2.2 - Multiple Web Vulnerabilities Date: == 2012-05-10 References: == htt... http://cxsecurity.com/issue/WLB-2012050097 WLB-2012050097 Sun, 13 May 2012 13:21:37 +0200 Vulnerability-Lab.com Topic: Free Reality 3.1-0.6 XSS / CSRF / SQL Injection Risk: Medium Text:Title: Free Reality v3.1-0.6 - Multiple Web Vulnerabilities Date: == 2012-05-07 References: == http://ww... http://cxsecurity.com/issue/WLB-2012050096 WLB-2012050096 Sun, 13 May 2012 13:21:23 +0200 Vulnerability-Lab.com Topic: Viscacha Forum CMS 0.8.1.1 SQL Injection / XSS Risk: Medium Text:Title: Viscacha Forum CMS v0.8.1.1 - Multiple Web Vulnerabilities Date: == 2012-05-08 References: == htt... http://cxsecurity.com/issue/WLB-2012050095 WLB-2012050095 Sun, 13 May 2012 13:21:06 +0200 Vulnerability-Lab.com Topic: Proman Xpress 5.0.1 SQL Injection / XSS Risk: Medium Text:Title: Proman Xpress v5.0.1 - Multiple Web Vulnerabilities Date: == 2012-05-09 References: == http://www... http://cxsecurity.com/issue/WLB-2012050094 WLB-2012050094 Sun, 13 May 2012 13:20:45 +0200 Vulnerability-Lab.com Topic: GENU CMS 2012.4 CSRF / SQL Injection Risk: Medium Text:Title: GENU CMS 2012.4 - Multiple Web Vulnerabilities Date: == 2012-05-06 References: == http://www.vuln... http://cxsecurity.com/issue/WLB-2012050093 WLB-2012050093 Sun, 13 May 2012 13:20:26 +0200 Vulnerability-Lab.com Topic: Serendipity CMS 1.6 Cross Site Scripting Risk: Low Text:Title: Serendipity v1.6 CMS - Multiple Web Vulnerabilities Date: == 2012-05-05 References: == http://www... http://cxsecurity.com/issue/WLB-2012050092 WLB-2012050092 Sun, 13 May 2012 13:20:06 +0200 Vulnerability-Lab.com Topic: GetSimple CMS 3.1 Cross Site Scripting Risk: Low Text:Title: GetSimple CMS v3.1 - Multiple Web Vulnerabilities Date: == 2012-05-04 References: == http://www.v... http://cxsecurity.com/issue/WLB-2012050091 WLB-2012050091 Sun, 13 May 2012 13:19:22 +0200 Ciaran McNally Topic: Sockso 1.51 Cross Site Scripting Risk: Low Text: ## Application: Sockso http://sockso.pu-gh.com Versions: <= 1.5 Platf... http://cxsecurity.com/issue/WLB-2012050090 WLB-2012050090 Sun, 13 May 2012 13:19:02 +0200 h1ch4m Topic: AnvSoft Any Video Conveter 4.3.6 Unicode Buffer Overflow Risk: High Text:# Exploit Title: AnvSoft Any Video Converter 4.3.6 unicode buffer overflow. # Software Link: http://www.any-video-converter.co...