« Brief: Fake codecs continue to plague searches
Brief: Reported data leaks reach high in 2007 »

Bugtraq: [SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection

[SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection


Related Files:

  • http://packetstormsecurity.com/0610-advisories/Typo3v4.xss.txt

    the “Indexed search” extension 2.9.0 for Typo3 suffers from a cross site scripting vulnerability. Fixed in Typo3 4.0.2.  Homepage: http://typo3.org/teams/security/security-bulletins/.

  • http://packetstormsecurity.com/0311-exploits/_BSSADV-0000.txt

    Bugtraq Security Systems Security Advisory - Multiple vulnerabilities have been discovered in the Applied Watch Command Center IDS. Two exploits have been released to demonstrate these flaws. The first, appliedsnatch.c, allows a remote attacker to add a user to the console without having to authenticate to the system. The second, addrule.c, allows a remote attacker to add custom IDS alerts to all sensor nodes in a network, enabling a human denial-of-service attack by making good packets look bad. Related CVE Numbers: CAN-2003-0970, CAN-2003-0971.  Homepage: http://www.bugtraq.org. Authored By The Bugtraq Team

  • http://packetstormsecurity.com/docs/infosec/bugtraq.ids.thread.txt

    Complete archive of the excellent threads recently posted on the BugTraq mailing list regarding Intrusion Detection Systems. IDS theories, implementations, problems, and reviews of commercial products are among the topics covered.

  • http://packetstormsecurity.com/0704-advisories/pico-traverse.txt

    Acubix PicoZip version 4.02 suffers from a directory traversal vulnerability.  Homepage: http://www.bugtraq.ir/. Authored By Hamid Ebadi

  • http://packetstormsecurity.com/0707-advisories/t1lib.txt

    T1Lib suffers from a buffer overflow vulnerability.  Homepage: http://www.bugtraq.ir/. Authored By Hamid Ebadi

  • http://packetstormsecurity.com/0503-exploits/typo3sql.txt

    TYPO3 SQL injection proof of concept exploit.  Homepage: http://www.gulftech.org/. Authored By James

  • http://packetstormsecurity.com/0704-exploits/exponent-multi.txt

    Exponent CMS versions 0.96.6-Alpha and below are susceptible to directory traversal and cross site scripting vulnerabilities.  Homepage: http://www.bugtraq.ir/. Authored By Hamid Ebadi

  • http://packetstormsecurity.com/advisories/debian/DSA-168-1

    Debian security advisory DSA 168-1 - Debian released new PHP packages that fix newline character injection in several PHP functions. Additionally, these packages correct a bug in PHP that allow a safe_mode restriction to be bypassed.  Homepage: http://www.debian.org/security/.

  • http://packetstormsecurity.com/0704-exploits/rspa-rfi.txt

    Really Simple PHP and Ajax, or RSPA, is susceptible to a remote file inclusion vulnerability. Version RSPA-2007-03-23 is susceptible.  Homepage: http://www.bugtraq.ir/. Authored By Hamid Ebadi

  • http://packetstormsecurity.com/0712-advisories/sa27969.txt

    Secunia Security Advisory - A vulnerability has been reported in TYPO3, which can be exploited by malicious users to conduct SQL injection attacks.  Homepage: http://secunia.com/advisories/27969/

    • This entry was posted on Friday, December 28th, 2007 at 8:00 am and is filed under Cross Site Scripting (XSS), Host Intrusion Detection Systems, Host Intrusion Prevention Systems, Network Intrusion Detection Systems, Network Intrusion Prevention Systems, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    Leave a Reply

    You must be logged in to post a comment.