|
|
Colapse all |
Post message
[security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code 2009-04-27 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01723303 Version: 1 HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted [ more ] [ reply ] DDIVRT-2009-24 Precidia Ether232 Memory Corruption 2009-04-27 ddivulnalert ddifrontline com Title ----- DDIVRT-2009-24 Precidia Ether232 Memory Corruption Severity -------- Medium Date Discovered --------------- March 10th, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and princeofnigeria and r@b13$ Vulnerability Description --- [ more ] [ reply ] [TZO-15-2009] Aladdin eSafe generic bypass - Forced release 2009-04-27 Thierry Zoller (Thierry Zoller lu) ______________________________________________________________________ From the low-hanging-fruit-department - Aladdin eSafe bypass/evasion ______________________________________________________________________ Release mode: Forced relaese, vendor has not replied. Ref : TZO-152009 - Alad [ more ] [ reply ] [TZO-14-2009] Comodo Antivirus RAR evasion 2009-04-27 Thierry Zoller (Thierry Zoller lu) ______________________________________________________________________ From the low-hanging-fruit-department - Comodo antivir bypass/evasion ______________________________________________________________________ Release mode: Coordinated but limited disclosure. Ref : TZO-142009 - Comodo [ more ] [ reply ] MataChat Cross-Site Scripting Vulnerabilities 2009-04-25 IrIsT Ir gmail com a bug in MataChat that allows to us to occur a Cross-Site Scripting on a Remote machin. this bug tested with the Vulnerable Software All Ver. -------------------------------------------------- ######################################################################## ############################ [ more ] [ reply ] [TZO-13-2009] Avira Antivir generic CAB evasion / bypass 2009-04-27 Thierry Zoller (Thierry Zoller lu) ______________________________________________________________________ From the low-hanging-fruit-department - Avira antivir bypass/evasion ______________________________________________________________________ Release mode: Coordinated but limited disclosure. Ref : TZO-132009 - Avira An [ more ] [ reply ] Remote iodinetd DoS vulnerability on Debian Lenny 2009-04-26 Albert Sellarès (whats wekk net) Hi, I attach an exploit that lets you shutdown a remote iodinet server (version <= 0.4.2). This bug was found some weeks before on Debian Lenny, but it hasn't been fixed in the stable branch and the bug has been closed :S. This is the Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=52 [ more ] [ reply ] [SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities 2009-04-26 Thijs Kinkhorst (thijs debian org) MSL-2009-001 - Samsung Missing Provisioning Authentication 2009-04-24 Mobile Security Lab (research mseclab com) Security Advisory MSL-2009-001 - Samsung Missing Provisioning Authentication Advisory Information -------------------- Title: Samsung Missing Provisioning Authentication Advisory ID: MSL-2009-001 Advisory URL: http://www.mseclab.com/index.php?page_id=148 Published: 2009-04-23 Updated: 2009- [ more ] [ reply ] Juniper Advisory 2009-04-24 security procheckup com PR09-05: ScreenOS remote information disclosure on Juniper Netscreen ScreenOS Firewalls Vulnerability found: 22nd March 2009 Vendor informed: 22nd March 2009 Severity: Low (information disclosure) Description: By simply requesting the about.html file, the firewall returns the version of ScreenO [ more ] [ reply ] Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication 2009-04-24 Robbie Gill (rgill arubanetworks com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication. Aruba Advisory ID: AID-42309 Revision: 1.0 For Public Release on 4/23/2009 +-------------------------------- [ more ] [ reply ] REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30--> 2009-04-24 y3nh4ck3r gmail com ------------------------------------------------------------------ REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30--> ------------------------------------------------------------------ CMS INFORMATION: -->WEB: http://foto.rigma.biz (affected) -->DOWNLOAD: http://sourceforge.net/pro [ more ] [ reply ] Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities 2009-04-24 Salvatore \drosophila\ Fresta (drosophilaxxx gmail com) ******* Salvatore "drosophila" Fresta ******* [+] Application: Pragyan CMS [+] Version: 2.6.4 [+] Website: http://www.pragyan.org [+] Bugs: [A] Multiple SQL Injection [+] Exploitation: Remote [+] Date: 22 Apr 2009 [+] Discovered by: Salvatore "drosophila" Fresta [+] Author: Salvatore "drosop [ more ] [ reply ] Formshield Captcha - Older Version vulnerable to replay attacks 2009-04-24 arvind doraiswamy (arvind doraiswamy gmail com) Replay attack on CAPTCHA Libraries Summary A CAPTCHA implementation that we tested were found to be vulnerable to replay attacks. The attack is explained in detail for Formshield ? A popular DOT NET CAPTCHA implementation. NOTE: We discovered this during a Black Box engagement with one of our cli [ more ] [ reply ] CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability 2009-04-24 Mark Thomas (Mark Thomas springsource com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability Severity: Low Vendor: SpringSource Versions Affected: Spring Framework 1.1.0-2.5.6, 3.0.0.M1-3.0.0.M2 dm Server 1.0.0-1.0.2 (note 2.x not affected since dm Server 2.x requires a 1 [ more ] [ reply ] WOOT'09 call for papers 2009-04-23 Alexander Sotirov (alex sotirov net) The CFP for the 3rd USENIX Workshop on Offensive Technologies is now available at http://www.usenix.org/woot09/cfpa WOOT'09 aims to bring together researchers and practitioners in system security to present research advancing the understanding of attacks on operating systems, networks, and applicat [ more ] [ reply ] Re: [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities 2009-04-23 sales abk-soft net FOWLCMS 1.1--Multiple Remote Vulnerabilities--> 2009-04-22 y3nh4ck3r gmail com ------------------------------------------------------- MULTIPLE REMOTE VULNERABILITIES--FOWLCMS 1.1--> ------------------------------------------------------- ----------------- CMS INFORMATION: ----------------- -->WEB: https://sourceforge.net/projects/fowlcms/ -->DOWNLOAD: https://sourceforge. [ more ] [ reply ] [USN-764-1] Firefox and Xulrunner vulnerabilities 2009-04-23 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-764-1 April 23, 2009 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CV [ more ] [ reply ] |
|
Privacy Statement |
Ubuntu Security Notice USN-761-2 April 27, 2009
php5 vulnerabilities
CVE-2008-5814, CVE-2009-1271
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
[ more ] [ reply ]