|
|
Colapse all |
Post message
httpdx webserver v1.5 Remote Source Disclosure 2010-01-02 info securitylab ir ################################################################# # Securitylab.ir ################################################################# # Application Info: # Name: httpdx webserver # Version: 1.5 ################################################################# # Vulnerability [ more ] [ reply ] WASC Announcement: WASC Threat Classification v2.0 Published 2010-01-03 announcements webappsec org The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC Threat Classification v2.0. The Threat Classification is an effort to classify the weaknesses, and attacks that can lead to the compromise of a website, its data, or its users. This document' [ more ] [ reply ] Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime! 2010-01-02 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Intel just released updated drivers for their ethernet network adaptors, see <http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=17906&Pr odId=3025&lang=eng> and <http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18518&Pr odId=3025&lang=eng> for example. Unfortunatel [ more ] [ reply ] Java vulnerability 2010-01-03 Paul (pvnick gmail com) Sorry if this has been posted (or even fixed) before, but my mom just about got infected with something if it weren't for her anti-virus. http://laryju.info/cgi-bin/qw will download and execute a trojan using some sort of java-based vulnerability. AFAIK she's up-to-date on her patches, so perhaps so [ more ] [ reply ] Y2K10 spamassassin bug, 2010 year mails discared as spam 2010-01-04 Eduardo Romero (edo edo cl) Hi, Please review your spamassassin rules, the FH_DATE_PAST_20XX rule marks the 2010 mails as spam with 3.6 points app, the workaround possible are: .- file /usr/share/spamassassin/72_active.cf replace : header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006] by: header FH_DA [ more ] [ reply ] Secunia Research: PDF-XChange Viewer Content Parsing Memory Corruption Vulnerability 2010-01-04 Secunia Research (remove-vuln secunia com) [USN-876-1] PostgreSQL vulnerabilities 2010-01-03 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-876-1 January 03, 2010 postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities CVE-2009-4034, CVE-2009-4136 =========================================================== A security issue affects th [ more ] [ reply ] [ GLSA 201001-02 ] Adobe Flash Player: Multiple vulnerabilities 2010-01-03 Alex Legler (a3li gentoo org) [SECURITY] [DSA-1964-1] New PostgreSQL packages fix several vulnerabilities 2009-12-31 Florian Weimer (fw deneb enyo de) [SECURITY] [DSA 1958-1] New libtool packages fix privilege escalation 2009-12-29 geissert debian org (Raphael Geissert) Secunia Research: AproxEngine Multiple Vulnerabilities 2009-12-29 Secunia Research (remove-vuln secunia com) FreeWebshop.org: multiple vulnerabilities 2009-12-29 Akita Software Security (lists akitasecurity nl) ------------------------------------------------------------------------ FreeWebshop.org: multiple vulnerabilities ------------------------------------------------------------------------ Yorick Koster, March 2009 ------------------------------------------------------------------------ Abstract --- [ more ] [ reply ] Tests about semicolon zero-day (BID 37460) 2009-12-28 Crash - DcLabs (crashbrz gmail com) (2 replies) Tests about semicolon zero-day (BID 37460) Tests in Windows XP SP3 and IIS 5.1 The results are: 18:21:18 172.16.5.79 GET /t.asp;.jpg 200 The file founded, but not interpreted! IIS print the asp souce code at screen. Testing in 2003 Server IIS 6.0 SP 2 works perfect! the .jpg is interpreted as .a [ more ] [ reply ] MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing 2009-12-28 Tom Yu (tlyu MIT EDU) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2009-003 MIT krb5 Security Advisory 2009-003 Original release: 2009-12-28 Last update: 2009-12-28 Topic: KDC denial of service in cross-realm referral processing CVE-2009-3295 KDC denial of service in cross-realm referral processing CVSSv [ more ] [ reply ] Code to mitigate IIS semicolon zero-day 2009-12-28 ds adv pub gmail com This mitigation should help block attempts to exploit the IIS semicolon zero-day (BID 37460), but no warranties and no guarantees. It didn't crash my web servers during testing, but I make no representations as to how it will or won't perform on anyone else's web servers. This mitigation is only in [ more ] [ reply ] [SECURITY] [DSA 1957-1] New aria2 packages fix arbitrary code execution 2009-12-28 white debian org (Steffen Joeris) DBHCMS Web Content Management System v1.1.4 RFI Vulnerability 2009-12-28 info securitylab ir ######################### Securitylab.ir ######################## # Application Info: # Name: DBHCMS Web Content Management System # Version: 1.1.4 # Download: :( ################################################################# # Discoverd By: Securitylab.ir # Website: http://Securitylab.i [ more ] [ reply ] [InterN0T] LiveZilla - XSS Vulnerability 2009-12-27 advisories intern0t net LiveZilla - Cross Site Scripting Vulnerability Version Affected: 3.1.8.3 (newest) Info: LiveZilla, the Next Generation Live Help / Live Chat and Live Support System connects you to your website visitors. Use LiveZilla to provide Live Chats and monitor your website visitors in real-time. [ more ] [ reply ] |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 201001-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]