Blogs

phplist: cross site request forgery (CSRF), CVE-2011-0748

http://comments.gmane.org/gmane.comp.security.full-disclosure/78944

"Up to version 2.10.12, it provided no protection against cross site
request forgery (CSRF) at all, allowing a malicious attacker
controlling a webpage an admin visits at the time being logged into
phplist to gain full control over the phplist installation.

Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability

http://www.securityfocus.com/bid/43515/info

"Horde IMP Webmail is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before it is used
in dynamic content.

Attacker-supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user; other attacks are also possible.

Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability

http://www.securityfocus.com/bid/43515/info

"Horde IMP Webmail is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before it is used
in dynamic content.

Attacker-supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user; other attacks are also possible.

Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability

http://www.securityfocus.com/bid/43515/info

"Horde IMP Webmail is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before it is used
in dynamic content.

Attacker-supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user; other attacks are also possible.

VMware vmrun utility local privilege escalation

https://www.vmware.com/security/advisories/VMSA-2011-0006.html

"The VMware vmrun utility is susceptible to a local privilege escalation
in non-standard configurations."

All users of the vmrun utility should visit the advisory and see if
his/her instance is susceptible. If so, it is critical to update the
software through the links provided in the advisory.

VMware vmrun utility local privilege escalation

https://www.vmware.com/security/advisories/VMSA-2011-0006.html

"The VMware vmrun utility is susceptible to a local privilege escalation
in non-standard configurations."

All users of the vmrun utility should visit the advisory and see if
his/her instance is susceptible. If so, it is critical to update the
software through the links provided in the advisory.

VMware vmrun utility local privilege escalation

https://www.vmware.com/security/advisories/VMSA-2011-0006.html

"The VMware vmrun utility is susceptible to a local privilege escalation
in non-standard configurations."

All users of the vmrun utility should visit the advisory and see if
his/her instance is susceptible. If so, it is critical to update the
software through the links provided in the advisory.

Pages