|
Colapse all |
Post message
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities 2009-12-01 c0dy r00tDefaced net AST-2009-010: RTP Remote Crash Vulnerability 2009-11-30 Asterisk Security Team (security asterisk org) Upcoming FreeBSD Security Advisory 2009-12-01 FreeBSD Security Officer (cperciva freebsd org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, A short time ago a "local root" exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root. Normally it is the policy of the FreeBSD Security Team to not publicly di [ more ] [ reply ] Re: [Full-disclosure] ** FreeBSD local r00t zeroday 2009-12-01 Ryan Steinmetz (rpsfa rit edu) 6.4-RELEASE not vuln On (11/30/09 22:51), Benji wrote: > 7.0 not vuln. > > On Mon, Nov 30, 2009 at 10:49 PM, Ed Carp <erc (at) pobox (dot) com [email concealed]> wrote: > > > On 11/30/09, Kingcope <kcope2 (at) googlemail (dot) com [email concealed]> wrote: > > > > > Systems tested/affected > > > ********************************** > > > FreeBSD 8.0-RELEA [ more ] [ reply ] WinAppDbg 1.3 is out! 2009-12-01 Mario Alejandro Vilas Jerez (mvilas gmail com) What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulat [ more ] [ reply ] ** FreeBSD local r00t zeroday 2009-11-30 Kingcope (kcope2 googlemail com) (1 replies) ** FreeBSD local r00t 0day Discovered & Exploited by Nikolaos Rangos also known as Kingcope. Nov 2009 "BiG TiME" "Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg There is an unbelievable simple local r00t bug in recent FreeBSD versions. I audited FreeBSD for local r00 [ more ] [ reply ] [oCERT-2009-017] PHP multiple issues 2009-11-30 Andrea Barisani (lcars ocert org) #2009-017 PHP multiple issues Description: PHP, an open source scripting language, suffers from several bugs that may pose a security risk. The reported issues have been discovered in several API functions, issues include buffer overflows, near null reads/writes, arbitrary memory read and an off [ more ] [ reply ] [SECURITY] [DSA 1942-1] New wireshark packages fix several vulnerabilities 2009-11-29 Moritz Muehlenhoff (jmm debian org) Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others 2009-11-28 Andrea Purificato (a purificato uni it) Hi! I've just released the working exploit for CTXSYS.DRVXTABC.CREATE_TABLES injection on Oracle DB 9i/10g (CVE-2009-1991) You can find the code on my site, http://rawlab.mindcreations.com In particular, Classic SQL injection: http://rawlab.mindcreations.com/codes/exploit/oracle/ctxsys-drvxtabc-c [ more ] [ reply ] Announce: RFIDIOt-1.0a released - November 2009 2009-11-30 Adam Laurie (adam algroup co uk) Hey! I know it's been a while, but I've been busy etc. etc. :) After 3 years, I've finally got around to a full release number! Here is version 1.0a, in which I've started integrating Nick von Dadelszen's libnfc (http://www.libnfc.org/) wrapper so we can support the new generation of usb stick [ more ] [ reply ] Windows packages for BIND9 contain vulnerable MSVC runtime components 2009-11-28 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, ISC just released updates for their supported BIND versions. Unfortunately ALL the Windows packages (BIND9.6.1-P2.zip, BIND9.5.2-P1.zip and BIND9.4.3-P4.zip) but contain an outdated and unsupported "Microsoft Visual C++ 2005 Redistributable" (vcredist_x86.exe) which installs VULNERABLE run [ more ] [ reply ] TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) 2009-11-30 Thierry Zoller (Thierry zoller lu) Cacti 0.8.7e: Multiple security issues 2009-11-26 Moritz Naumann (security moritz-naumann com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cacti 0.8.7e and earlier versions are affected by multiple security issues. Issues 1-4 are cross site scripting issues, issue 5 is a priviledge escalation issue. 1. XSS 1 A HTTP GET request against the following URL will, on a web browser with Ja [ more ] [ reply ] Xxasp v3.3.2 Sql injection 2009-11-30 secu_lab_ir yahoo com ########################## Securitylab.ir ######################## # Application Info: # Name: Xxasp # Version: 3.3.2 ################################################################# # Discoverd By: Secu_lab_ir (at) yahoo (dot) com [email concealed] # Website: http://securitylab.ir # Contacts: admin[at]securitylab.ir & [ more ] [ reply ] [BMSA-2009-07] Backdoor in PyForum 2009-11-30 Nam Nguyen (namn bluemoon com vn) BLUE MOON SECURITY ADVISORY 2009-07 =================================== :Title: Backdoor in PyForum :Severity: Critical :Reporter: Blue Moon Consulting :Products: PyForum v1.0.3 :Fixed in: -- Description ----------- pyForum is a 100% python-based message board system based in the excellent web2 [ more ] [ reply ] Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition 2009-11-30 k4mr4n_St yahoo com #!/usr/bin/env python ########################################################### # # Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition # Coded By: k4mr4n_st (at) yahoo (dot) com [email concealed] # Found By: k4mr4n (Securitylab.ir Member) # Tested On: Windows XPSP3 English # Note: This s [ more ] [ reply ] [security bulletin] HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of 2009-11-25 security-alert hp com Service (DoS) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01945686 Version: 1 HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS) NOTICE: The information in this Security Bul [ more ] [ reply ] Remote Command Execution in dotDefender Site Management 2009-11-30 John Dos (dotdefeater googlemail com) Problem Description =================== A remote command execution vulnerability exists in the dotDefender (3.8-5) Site Management. dotDefender [1] is a web appliaction firewall (WAF) which 'prevents hackers from attacking your website.' Technical Details ================= The Site Management [ more ] [ reply ] Some more details on IE STYLE zero-day 2009-11-30 ds adv pub gmail com Here are a few more details on researching the IE STYLE zero-day vulnerability. Microsoft Security Advisory 977981 describes the vulnerability as follows: "The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object [ more ] [ reply ] [SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilities 2009-11-25 Moritz Muehlenhoff (jmm debian org) [USN-862-1] PHP vulnerabilities 2009-11-26 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-862-1 November 26, 2009 php5 vulnerabilities CVE-2008-7068, CVE-2009-3291, CVE-2009-3292, CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018 ======================================================= [ more ] [ reply ] [SECURITY] [DSA-1940-1] New php5 packages fix several issues 2009-11-25 Stefan Fritsch (sf debian org) |
|
|
Privacy Statement |
##################################################################
# ___ ___ _ _____ __ _ #
# / _ \ / _ \| | | __ \ / _| | | #
# _ __| | | | | | | |_| | |
[ more ] [ reply ]