|
|
Prev week |
Colapse all |
Post message
ZDI-11-094: (0 day) Hewlett-Packard StorageWorks File Migration Agent Remote Archive Tampering Vulnerability 2011-02-28 ZDI Disclosures (zdi-disclosures tippingpoint com) [USN-1078-1] Logwatch vulnerability 2011-03-01 Steve Beattie (sbeattie ubuntu com) =========================================================== Ubuntu Security Notice USN-1078-1 March 01, 2011 logwatch vulnerability CVE-2011-1018 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9. [ more ] [ reply ] weechat does not properly use gnutls and allow an attacker to bypass certificate verification 2011-02-28 john doe tapz be About WeeChat: "WeeChat is a fast, light and extensible chat client. It runs on many platforms (including Linux, BSD and Mac OS). Development is very active, and bug fixes are very fast!" The vuln: Weechat does not use the GnuTLS API properly to check certificates, potentially exposing users to man [ more ] [ reply ] [USN-1074-2] Linux kernel vulnerabilities 2011-02-28 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1074-2 February 28, 2011 linux-fsl-imx51 vulnerabilities CVE-2009-4895, CVE-2010-2066, CVE-2010-2226, CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521, CVE-2010-2524, CVE-2010-2538, CVE-2010-2798 [ more ] [ reply ] [USN-1077-1] FUSE vulnerabilities 2011-02-28 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1077-1 February 28, 2011 fuse vulnerabilities CVE-2009-3297, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543 =========================================================== A security issue affects the following [ more ] [ reply ] [USN-1076-1] ClamAV vulnerability 2011-02-28 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1076-1 February 28, 2011 clamav vulnerability CVE-2011-1003 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LT [ more ] [ reply ] [USN-1075-1] Samba vulnerability 2011-02-28 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1075-1 February 28, 2011 samba vulnerability CVE-2011-0719 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 [ more ] [ reply ] FreeBSD crontab information leakage 2011-02-28 Dan Rosenberg (dan j rosenberg gmail com) ==================================== FreeBSD crontab information leakage ==================================== For its implementation of the standard UNIX cron daemon, FreeBSD uses a version based off vixie-cron. This package is installed by default, and includes a setuid-root crontab binary to all [ more ] [ reply ] Re: prestashop vuln: sql injection submitted to bugtraq (at) securityfocus (dot) com [email concealed] 2011-02-28 nebojsa prestashop com Hi, This bug have been posted on our bugtracker with a fake sql injection, we have answered to him. We have tested all core version since 1.2, and there is no possible injection, maybe he have used a module which is not developped by PrestaShop and which is vulnerable. Best Regards STOJANO [ more ] [ reply ] [security bulletin] HPSBPI02635 SSRT100391 rev.1 - HP Web Jetadmin Running on Windows, Local Unauthorized Access to Managed Resources 2011-02-28 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02714670 Version: 1 HPSBPI02635 SSRT100391 rev.1 - HP Web Jetadmin Running on Windows, Local Unauthorized Access to Managed Resources NOTICE: The information in this Security Bulletin should be [ more ] [ reply ] Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability 2011-02-27 difficult-511 hotmail com ########################################################## # Exploit Title: Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability # Google Dork: inurl:"/imageview6/" # home : www.D99Y.com # Date: 27/2/2011 # Author: Difficult 511 # Software Link: http://www.blackdot.be/files/downloads [ more ] [ reply ] CONFidence 2011- CfP only 6 days left, we are still waiting for your submission 2011-02-27 Andrzej Targosz (andrzej targosz proidea org pl) CONFIDENCE 9TH EDITION CALL FOR PAPERS. /* Apologies if you receive multiple copies of this announcement */ ####################################### If you still consider to become the CONFidence speaker there is only 6 days left to send CfP submission. Calling all practitioners in the field of I [ more ] [ reply ] [USN-1074-1] Linux kernel vulnerabilities 2011-02-26 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1074-1 February 25, 2011 linux-fsl-imx51 vulnerabilities CVE-2009-4895, CVE-2010-2066, CVE-2010-2226, CVE-2010-2240, CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521, CVE-2010-2524, CVE-2010-2538 [ more ] [ reply ] [USN-1073-1] Linux kernel vulnerabilities 2011-02-25 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1073-1 February 25, 2011 linux, linux-ec2 vulnerabilities CVE-2010-0435, CVE-2010-3448, CVE-2010-3698, CVE-2010-3859, CVE-2010-3865, CVE-2010-3873, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-387 [ more ] [ reply ] [USN-1072-1] Linux vulnerabilities 2011-02-25 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1072-1 February 25, 2011 linux vulnerabilities CVE-2010-0435, CVE-2010-2943, CVE-2010-3296, CVE-2010-3297, CVE-2010-3448, CVE-2010-3698, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3873, CVE-2010 [ more ] [ reply ] [USN-1071-1] Linux kernel vulnerabilities 2011-02-25 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1071-1 February 25, 2011 linux-source-2.6.15 vulnerabilities CVE-2010-3086, CVE-2010-3859, CVE-2010-3873, CVE-2010-3875, CVE-2010-3876, CVE-2010-3880, CVE-2010-4078, CVE-2010-4080, CVE-2010-4081, CVE-2010- [ more ] [ reply ] Re: Linksys Cisco Wag120N CSRF Vulnerability 2011-02-25 tadeu1 gmail com I would like to recommend to people who want to test the code to disable/wipe out unnecessary options such as "remote_management" and "http_wanport" since they could give eventual outside attacker chances of authentication. Another doubt lies on the possibility that this code implictly relies on a [ more ] [ reply ] DoS Condition with Altigen VoIP Phone Systems 2011-02-25 Patrick Kelley (psworn gmail com) If you run a NMAP network scan against the IP of the phone server, it will crash the Altigen's Gateway service, rendering the system useless until rebooted. All information saved in the phone system at the time is lost. Port 5061 crashes due to HEAP Overflow. Following message: Application popup [ more ] [ reply ] Linksys Cisco Wag120N CSRF Vulnerability 2011-02-25 irancrash gmail com ---------------------------------------------------------------- Hardware : Linksys Cisco Wag120n(And perhaps similar versions) Type of vunlnerability : CSRF ( Change Admin Password And Add User ) Risk of use : High ---------------------------------------------------------------- Producer Website : [ more ] [ reply ] prestashop vuln: sql injection submitted to bugtraq (at) securityfocus (dot) com [email concealed] 2011-02-25 Antonio S.M (antonio_s_martino yahoo es) Hello, I am Antonio San Martino, i write you to incloude this sql injection vulnerabilities in your database. The vulnerable version is prestashop 1.3.3 and is vulnerable to sql injection Vulnerable software and vendor: Prestashop, verion: 1.3.3 - 0.246s Sql Injection Vulnerabilities Vulne [ more ] [ reply ] CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System 2011-02-25 Williams, James K (James Williams ca com) CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System Issued: February 23, 2011 Updated: February 24, 2011 CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can a [ more ] [ reply ] [BMSA-2011-01] Insecure secure cookie in web.go 2011-02-25 Nam Nguyen (namn bluemoon com vn) BLUE MOON SECURITY ADVISORY 2011-01 =================================== :Title: Insecure secure cookie in web.go :Severity: Low :Reporter: Blue Moon Consulting :Products: web.go :Fixed in: -- Description ----------- web.go is the simplest way to write web applications in the Go programming lang [ more ] [ reply ] HTB22851: SQL Injection in WP Forum Server wordpress plugin 2011-02-24 advisory htbridge ch Vulnerability ID: HTB22851 Reference: http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpre ss_plugin_1.html Product: WP Forum Server wordpress plugin Vendor: VastHTML ( http://lucidcrew.com/ ) Vulnerable Version: 1.6.5 Vendor Notification: 10 February 2011 Vulnerability Type: SQ [ more ] [ reply ] HTB22850: SQL Injection in WP Forum Server wordpress plugin 2011-02-24 advisory htbridge ch Vulnerability ID: HTB22850 Reference: http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpre ss_plugin.html Product: WP Forum Server wordpress plugin Vendor: VastHTML ( http://lucidcrew.com/ ) Vulnerable Version: 1.6.5 Vendor Notification: 10 February 2011 Vulnerability Type: SQL [ more ] [ reply ] |
|
Privacy Statement |
http://www.zerodayinitiative.com/advisories/ZDI-11-094
February 28, 2011
-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Pac
[ more ] [ reply ]