|
|
Colapse all |
Post message
Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability 2012-02-21 demonalex 163 com Title: Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability Product : Mercurycom MR804 Router Hardware Version : MR804 v8.0 081C3113 Software Version : 3.8.1 Build 101220 Rel.53006nB Vendor: http://www.mercurycom.com.cn/ Class: Boundary Condition Error CVE: [ more ] [ reply ] IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements 2012-02-20 Fernando Gont (fgont si6networks com) Folks, FYI, just posted: <http://blog.si6networks.com/2012/02/ipv6-nids-evasion-and-improvements- in.html> It contains some test results regarding the implementation of RFC 5722 and draft-ietf-6man-ipv6-atomic-fragments. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont (at) si6networks (dot) com [email concealed] PGP Fing [ more ] [ reply ] F*EX 20111129-2 Cross Site Scripting Vulnerability 2012-02-20 muuratsalo experimental hack lab (muuratsalo gmail com) ------------------------------------------------------------------------ F*EX 20111129-2 Cross Site Scripting Vulnerability ------------------------------------------------------------------------ title.............: F*EX 20111129-2 Cross Site Scripting Vulnerabilities author............: muuratsa [ more ] [ reply ] F*EX <= 20100208 Cross Site Scripting Vulnerabilities 2012-02-20 muuratsalo experimental hack lab (muuratsalo gmail com) ------------------------------------------------------------------------ F*EX <= 20100208 Cross Site Scripting Vulnerabilities ------------------------------------------------------------------------ title.............: F*EX <= 20100208 Cross Site Scripting Vulnerabilities author............: muur [ more ] [ reply ] Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. 2012-02-20 muuratsalo experimental hack lab (muuratsalo gmail com) (1 replies) Dear all, I have discovered some vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. F*EX (Frams's Fast File EXchange) is a service (GPL software) that can be used to allow users anywhere on the Internet to exchange files of ANY size quickly and conveniently. The sender uploads the fil [ more ] [ reply ] Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. 2012-02-20 muuratsalo experimental hack lab (muuratsalo gmail com) Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities 2012-02-20 YGN Ethical Hacker Group (lists yehg net) (1 replies) 1. OVERVIEW Dolphin 7.0.7 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Dolphin is the only "all-in-one" free community software platform for creating your own social networking, community or online dating site without any limits and under your full control. Dolphin co [ more ] [ reply ] Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities 2012-02-20 Kurt Seifried (kseifried redhat com) OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities 2012-02-20 YGN Ethical Hacker Group (lists yehg net) (1 replies) 1. OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people [ more ] [ reply ] Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities 2012-02-20 Kurt Seifried (kseifried redhat com) DC4420 - London DEFCON - February meet - Tuesday February 21st 2012 2012-02-20 Major Malfunction (majormal pirate-radio org) This month we have our usual two talk format - one that you'll need to concentrate on (and which will give us time to break into the bar), and one through which you can sip the beer you bought to accompany the one you bought for me... Shaun Colley of IOActive will make our heads hurt with [ more ] [ reply ] SQL Injection Vulnerabilities in TestLink 2012-02-20 jnatal (jnatal cert inteco es) ------------------ Information ------------------ Name: SQL Injection Vulnerabilities in TestLink Software tested: TL v1.8.5b & checked in v1.9.3 (prior version may be affected) Vendor Homepage: http://www.teamst.org Vendor Notification: 27 January 2012 Vendor Patch: 4 February 2012 Public Disclosur [ more ] [ reply ] SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional 2012-02-20 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5 2012-02-20 SEC Consult Vulnerability Lab (research sec-consult com) CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated] 2012-02-19 YGN Ethical Hacker Group (lists yehg net) 1. OVERVIEW The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerfu [ more ] [ reply ] WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability 2012-02-18 sschurtz darksecurity de Advisory: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability Advisory ID: SSCHADV2012-003 Author: Stefan Schurtz Affected Software: Successfully tested on WebsiteBaker 2.8.2 SP2 Vendor URL: www.websitebaker2.org Vendor Status: fixed ========================== Vulnerability Description === [ more ] [ reply ] Downloads Folder: A Binary Planting Minefield 2012-02-17 ACROS Security Lists (lists acros si) This blog post reveals a bit of our research and provides an advance notification of a largely unknown remote exploit technique on Windows. More importantly, it provides instructions for protecting your computers from this technique while waiting for the affected software to correct its behavior. [ more ] [ reply ] PHP 5.2.x Remote Code Execution Vulnerability 2012-02-17 Worawit Wang (worawita gmail com) Release Date: 17 February 2012 Affected Versions: 5.2.0 - 5.2.17 (unsupported version) ------------------------------------------------------------------------ ------------------ Description: If PHP bails out in startup stage before setting PG(modules_activated) to 1, the filter_globals struct is [ more ] [ reply ] IETF I-D: Security and Interoperability Implications of Oversized IPv6 Header Chains 2012-02-17 Fernando Gont (fgont si6networks com) Folks, FYI, we've published a new IETF I-D entitled "Security and Interoperability Implications of Oversized IPv6 Header Chains". The I-D is available at: <http://tools.ietf.org/id/draft-gont-6man-oversized-header-chain-00.txt> Any feedback will be very welcome. Thanks, -- Fernando Gont SI6 Net [ more ] [ reply ] [security bulletin] HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default 2012-02-17 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 4 HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should [ more ] [ reply ] Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977) 2012-02-17 Rodrigo Rubira Branco \(BSDaemon\) (rodrigo kernelhacking com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Kousuke, First of all, let me clarify that the disclosure process has been entirely coordinated by me, and thus, Wagner, Conviso and Check Point have no responsibilities over any mistake I eventually made. Anyway, just to clarify your points: > [ more ] [ reply ] Puppet Dashboard insecure by default 2012-02-15 Schweiss, Chip (chip innovates com) Apparently, leaving all security up to the end user is okay with Puppet Labs. I stumbled across some rather alarming search results when looking for an explanation to a message on my own dashboard: http://goo.gl/m99l6 There are numerous Puppet Dashboard's exposed directly to the Internet and inde [ more ] [ reply ] [Spam] Skype v5.6.59.x - Memory Corruption Vulnerability 2012-02-17 research (at) vulnerability-lab (dot) com [email concealed] (research vulnerability-lab com) Title: ====== Skype v5.6.59.x - Memory Corruption Vulnerability Date: ===== 2012-02-17 References: =========== http://www.vulnerability-lab.com/get_content.php?id=315 VL-ID: ===== 315 Introduction: ============= Skype is a software application that allows users to make voice and video calls [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2415-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Nico Golde
February 21, 2012
[ more ] [ reply ]