|
|
Prev week |
Colapse all |
Post message
Re: DC4420 - London DEFCON - April meet - Wednesday 20th April 2011 2011-04-18 Major Malfunction (majormal pirate-radio org) *** REMINDER!!! Now *this* Wednesday... > > You wanted technical, you got it.... In March we quantum'd your minds > then keylogged you with 13 lines of code: Thanks to Gregoire of IDQ for > the drinks and the great talk. Thanks to Krunch for the Systemtap > walkthrough and entertaining deliver [ more ] [ reply ] Does anyone know how to contact OpenSSH non-public? 2011-04-17 Jann Horn (jannhorn googlemail com) Hello, does anyone know how to contact the openssh guys without using a public mailinglist/IRC channel/...? I tried openssh (at) openssh (dot) com [email concealed], but I didn't get an answer. It's nothing big, but I'd like to make sure that they know about it and to hear their opinion. Jann Horn -----BEGIN PGP SIGNATURE----- [ more ] [ reply ] RE: THOMSON Router XSS 2011-04-15 Auffret Patrice (Patrice Auffret technicolor com) > ##################################################################### > # Vendor: THOMSON Router > # Product Name: TG585 v7 > # Software Release: 7.4.4.7 > # Vulnerability type: XSS > # Risk rating: Medium > ##################################################################### > # [Exploit] > # ht [ more ] [ reply ] VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105) 2011-04-15 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and s [ more ] [ reply ] VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344) 2011-04-15 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used brow [ more ] [ reply ] VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345) 2011-04-15 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows [ more ] [ reply ] VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034) 2011-04-15 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Micro [ more ] [ reply ] VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094) 2011-04-15 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Win [ more ] [ reply ] ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability 2011-04-14 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- Ti [ more ] [ reply ] ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability 2011-04-14 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-135 April 14, 2011 -- CVE ID: CVE-2011-1344 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPo [ more ] [ reply ] [USN-1110-1] KDE-Libs vulnerabilities 2011-04-14 Jamie Strandboge (jamie canonical com) ======================================================================== == Ubuntu Security Notice USN-1110-1 April 14, 2011 kde4libs vulnerabilities ======================================================================== == A security issue affects these releases of Ubuntu and its derivatives: - [ more ] [ reply ] Recon 2011 - Accepted Talks , Training, Call For Papers Reminder - July 8 to 10, 2011 - Montreal, Quebec 2011-04-14 hfortier recon cx [security bulletin] HPSBMA02652 SSRT100432 rev.3 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure 2011-04-14 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02776387 Version: 3 HPSBMA02652 SSRT100432 rev.3 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure NOTICE: The information in this Security [ more ] [ reply ] HTB22922: XSS vulnerabilities in phpAlbum.net 2011-04-14 advisory htbridge ch Vulnerability ID: HTB22922 Reference: http://www.htbridge.ch/advisory/xss_vulnerabilities_in_phpalbum_net.html Product: phpAlbum.net Vendor: Patrik Jakab ( http://www.phpalbum.net/ ) Vulnerable Version: 0.4.1-14_fix06 Vendor Notification: 31 March 2011 Vulnerability Type: XSS (Cross Site Scripting [ more ] [ reply ] HTB22923: XSRF (CSRF) in phpAlbum.net 2011-04-14 advisory htbridge ch Vulnerability ID: HTB22923 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_phpalbum_net.html Product: phpAlbum.net Vendor: Patrik Jakab ( http://www.phpalbum.net/ ) Vulnerable Version: 0.4.1-14_fix06 Vendor Notification: 31 March 2011 Vulnerability Type: CSRF (Cross-Site Request Forgery) R [ more ] [ reply ] HTB22924: Arbitrary Command Execution in phpAlbum.net 2011-04-14 advisory htbridge ch Vulnerability ID: HTB22924 Reference: http://www.htbridge.ch/advisory/arbitrary_command_execution_in_phpalbum_ net.html Product: phpAlbum.net Vendor: Patrik Jakab ( http://www.phpalbum.net/ ) Vulnerable Version: 0.4.1-14_fix06 Vendor Notification: 31 March 2011 Vulnerability Type: Arbitrary Command [ more ] [ reply ] ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability 2011-04-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-134 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: CA -- Affected Products: CA Total [ more ] [ reply ] ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability 2011-04-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-133 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: CA -- Affected Products: CA Total De [ more ] [ reply ] ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability 2011-04-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-132 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: CA -- Affected Products: CA Tot [ more ] [ reply ] The BodgeIt Store - another vulnerable web app 2011-04-14 psiinon (psiinon gmail com) Hi folks, I've recently open sourced a vulnerable web app, called The BodgeIt Store: http://code.google.com/p/bodgeit/ Why? Well, you can never have too many vulnerable apps to test against, but also because I've found that many of the existing apps are non trivial to install - they either have a [ more ] [ reply ] CA20110413-01: Security Notice for CA Total Defense 2011-04-13 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- CA20110413-01: Security Notice for CA Total Defense Issued: April 13, 2011 CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. [ more ] [ reply ] ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability 2011-04-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-129 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: CA -- Affected Products: CA Total Def [ more ] [ reply ] ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability 2011-04-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-127 April 13, 2011 -- CVE ID: CVE-2011-1655 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: CA -- Affected Products: CA [ more ] [ reply ] ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability 2011-04-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-128 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: CA -- Affected Products: CA Tot [ more ] [ reply ] ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability 2011-04-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-131 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: CA -- Affected Products: CA Total De [ more ] [ reply ] ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability 2011-04-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-130 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: CA -- Affected Products: CA Total Def [ more ] [ reply ] ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability 2011-04-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-126 April 13, 2011 -- CVE ID: CVE-2011-1654 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: CA -- Affected Products: CA Total Defense S [ more ] [ reply ] Re: ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability 2011-04-13 nospam gmail it McAfee stated: [quote] Impact of Vulnerability: Disabling Anti-Virus, adding unwanted exclusions [/quote] When submitting this bug to ZDI, I made availiable two reliable post-bypass proof-of-concepts: - a static perl code injection exploit using the 'args' argument of saveTopImagelogos.cgi - an [ more ] [ reply ] MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285] 2011-04-13 Tom Yu (tlyu mit edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-004 MIT krb5 Security Advisory 2011-004 Original release: 2011-04-12 Last update: 2011-04-12 Topic: kadmind invalid pointer free() CVE-2011-0285 CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 10 [ more ] [ reply ] |
|
Privacy Statement |
Here we are with our 15th Issue of CHMag. March witnessed the launch of the much awaited Mozilla Firefox 4 so we dedicated this issue to Mozilla. Due to overwhelming response of "Call For Articles", we have good number of articles and so we will continue with same theme for May issue.
ClubH
[ more ] [ reply ]