|
May 09 2011 Security Bulletin |
|
Written by Oana Cornea
|
|
Monday, 09 May 2011 06:40 |
|
Serious flaw in OpenID
OpenID foundation announced a serious weakness in the Attribute Exchange extension to OpenID which permits sites to exchange information between endpoints. Essentially, it is possible to pass information through Attribute Exchange unsigned, which could potentially permit an attacker to modify the information. |
|
May 07 2011 Security Bulletin |
|
Written by Oana Cornea
|
|
Monday, 09 May 2011 06:39 |
|
WP-DBManager Plugin for WordPress wp-admin/admin.php database_file Parameter Traversal Arbitrary File Access
WP-DBManager Plugin for WordPress contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the wp-admin/admin.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'database_file' parameter. This directory traversal attack would allow the attacker to download arbitrary files.
LinkSys BEFSR41 Admin Interface Multiple Fields XSS
LinkSys BEFSR41 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input size passed via the 'Host name', 'User Name(PPPoE and PPTP)', 'Customized Applications' and other unspecified fields before returning them to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
|
May 06 2011 Security Bulletin |
|
Written by Oana Cornea
|
|
Monday, 09 May 2011 06:31 |
|
VMware vCenter Server Unspecified Directory Traversal Vulnerability
VMware vCenter Server is prone to an unspecified directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
OTRS Multiple Unspecified Cross-Site Scripting Vulnerabilities
OTRS is prone to multiple cross-site scripting vulnerabilities because it fails to properly handle user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials.
VMware vCenter Server and vSphere Client security vulnerabilities
VMware vCenter Server directory traversal and information disclosure vulnerabilities. vSphere Client Installer is delivered through an unsigned package. |
|
May 05 2011 Security Bulletin |
|
Written by Oana Cornea
|
|
Monday, 09 May 2011 06:30 |
|
Linux kernel vulnerabilities
If a system was using X.25, a remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4164)
Red Hat Security Advisory. Python
Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. |
|
|
|
|
|
|
Page 1 of 43 |
