Posted on

Danneo CMS 0.5.1 index.php sql injection

A vulnerability was found in Danneo CMS 0.5.1. It has been classified as critical. This affects an unknown function of the file index.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

Microsoft Windows SharePoint Services cross site scripting [CVE-2007-2581]

A vulnerability was found in Microsoft Windows SharePoint Services and Office SharePoint Server (the affected version is unknown). It has been classified as problematic. Affected is an unknown function. Upgrading eliminates this vulnerability. Applying the patch MS07-059 is able to eliminate this problem. The bugfix is ready for download at microsoft.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 12629. In this case the pattern /sharepoint/ is used for detection. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 5597.

Posted on

CA HIPS 8.0 Log Viewer cross site scripting

A vulnerability classified as problematic has been found in CA HIPS 8.0. Affected is an unknown function of the component Log Viewer. Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at supportconnect.ca.com. The best possible mitigation is suggested to be upgrading to the latest version.