|
|
Prev week |
Colapse all |
Post message
VUPEN Security Research - Microsoft Windows Shell Graphics biCompression Buffer Overflow Vulnerability 2011-02-10 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Windows Shell Graphics biCompression Buffer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. [ more ] [ reply ] VUPEN Security Research - Microsoft Windows Shell Graphics BMP "height" Integer Overflow Vulnerability 2011-02-10 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Windows Shell Graphics BMP "height" Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. [ more ] [ reply ] VUPEN Security Research - Microsoft Windows Shell Graphics BMP "width" Integer Overflow Vulnerability 2011-02-10 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Windows Shell Graphics BMP "width" Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. W [ more ] [ reply ] HTB22822: XSS vulnerability in RunCMS 2011-02-10 advisory htbridge ch Vulnerability ID: HTB22822 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_runcms.html Product: RunCMS Vendor: http://www.runcms.org/ ( http://www.runcms.org/ ) Vulnerable Version: 2.2.2 Vendor Notification: 27 January 2011 Vulnerability Type: XSS (Cross Site Scripting) Risk level: [ more ] [ reply ] HTB22821: Path disclosure in RunCMS 2011-02-10 advisory htbridge ch Vulnerability ID: HTB22821 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_runcms.html Product: RunCMS Vendor: http://www.runcms.org/ ( http://www.runcms.org/ ) Vulnerable Version: 2.2.2 Vendor Notification: 27 January 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: [ more ] [ reply ] Kunena SQL Injection Vulnerability & Information Leakage 2011-02-11 Red Matter (disclosures redmatterinc com) Vendor/Product: Kunena Vulnerable Versions: < 1.5.14; < 1.6.3 Vulnerability Type: SQL Injection & information leakage Risk level: High Vulnerability Details: Because parameterized queries were not used, and adequate input sanitization was not done on the catids parameter on the advanced search pag [ more ] [ reply ] [USN-1061-1] iTALC vulnerability 2011-02-11 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1061-1 February 11, 2011 italc vulnerability CVE-2011-0724 =========================================================== A security issue affects the following Edubuntu releases: Edubuntu 9.10 Edubuntu 10. [ more ] [ reply ] VUPEN Security Research - Microsoft Internet Explorer "mshtml.dll" Dangling Pointer Vulnerability (CVE-2011-0036) 2011-02-10 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Microsoft Internet Explorer "mshtml.dll" Dangling Pointer Vulnerability (CVE-2011-0036) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Micros [ more ] [ reply ] HTB22851: SQL Injection in WP Forum Server wordpress plugin 2011-02-10 advisory htbridge ch Vulnerability ID: HTB22851 Reference: http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpre ss_plugin_1.html Product: WP Forum Server wordpress plugin Vendor: VastHTML ( http://lucidcrew.com/ ) Vulnerable Version: 1.6.5 Vendor Notification: Vulnerability Type: SQL Injection Risk [ more ] [ reply ] HTB22852: SQL Injection in WP Forum Server wordpress plugin 2011-02-10 advisory htbridge ch Vulnerability ID: HTB22852 Reference: http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpre ss_plugin_2.html Product: WP Forum Server wordpress plugin Vendor: VastHTML ( http://lucidcrew.com/ ) Vulnerable Version: 1.6.5 Vendor Notification: Vulnerability Type: SQL Injection Risk [ more ] [ reply ] ASPR #2011-02-11-1: Remote Binary Planting in Adobe Reader 2011-02-11 ACROS Security Lists (lists acros si) =====[BEGIN-ACROS-REPORT]===== PUBLIC ======================================================================== = ACROS Security Problem Report #2011-02-11-1 ------------------------------------------------------------------------ - ASPR #2011-02-11-1: Remote Binary Planting in Adobe Reader ========= [ more ] [ reply ] ASPR #2011-02-11-2: Remote Binary Planting in Adobe Flash Player 2011-02-11 ACROS Security Lists (lists acros si) =====[BEGIN-ACROS-REPORT]===== PUBLIC ======================================================================== = ACROS Security Problem Report #2011-02-11-2 ------------------------------------------------------------------------ - ASPR #2011-02-11-2: Remote Binary Planting in Adobe Flash Player === [ more ] [ reply ] VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX 2011-02-11 VMware Security team (security vmware com) CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities 2011-02-10 CORE Security Technologies Advisories (advisories coresecurity com) Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ ZOHO ManageEngine ADSelfService multiple vulnerabilities 1. *Advisory Information* Title: ZOHO ManageEngine ADSelfService multiple vulnerabilities Advisory ID: CORE-2011-0103 Advisory URL: http://www.coresecurity.co [ more ] [ reply ] HTB22820: SQL Injection in RunCMS 2011-02-10 advisory htbridge ch Vulnerability ID: HTB22820 Reference: http://www.htbridge.ch/advisory/sql_injection_in_runcms.html Product: RunCMS Vendor: http://www.runcms.org/ ( http://www.runcms.org/ ) Vulnerable Version: 2.2.2 Vendor Notification: 27 January 2011 Vulnerability Type: SQL Injection Risk level: High Credit: Hi [ more ] [ reply ] VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability (APSB11-01) 2011-02-10 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Adobe Shockwave DIRAPI Lctx Chunck Memory Corruption Vulnerability (APSB11-01) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access [ more ] [ reply ] [USN-1060-1] Exim vulnerabilities 2011-02-10 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1060-1 February 10, 2011 exim4 vulnerabilities CVE-2010-2023, CVE-2010-2024, CVE-2010-4345, CVE-2011-0017 =========================================================== A security issue affects the following [ more ] [ reply ] Linksys WAP610N Unauthenticated Root Consle 2011-02-09 Matteo Ignaccolo (matteo ignaccolo securenetwork it) Secure Network - Security Research Advisory Vuln name: Linksys WAP610N Unauthenticated Access With Root Privileges Systems affected: WAP610N (Firmware Version: 1.0.01) Systems not affected: -- Severity: High Local/Remote: Remote Vendor URL: http://www.linksysbycisco.com Author(s): Matteo Ignaccolo [ more ] [ reply ] [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability 2011-02-10 Brett Porter (brett apache org) CVE-2011-0533: Apache Continuum cross-site scripting vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Continuum 1.3.6 Continuum 1.4.0 (Beta) The unsupported versions Continuum 1.1 - 1.2.3.1 are also affected. Description: A request that included a spec [ more ] [ reply ] [SECURITY] CVE-2010-3449: Apache Continuum CSRF vulnerability 2011-02-10 Brett Porter (brett apache org) CVE-2010-3449: Apache Continuum CSRF vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Continuum 1.3.6 Continuum 1.4.0 (Beta) The unsupported versions Continuum 1.1 - 1.2.3.1 are also affected. Description: Administrators are able to change any user's pa [ more ] [ reply ] RE: Microsoft Terminal Services vulnerable to MITM-attacks. 2011-02-09 Ziots, Edward (EZiots Lifespan org) If someone 0wns your pipe between you and the Terminal Server(s) then you got bigger problems then the existing MITM attack. Whether the attack sets it up via ARP spoofing, or other trickery. If you are really worried about this, encrypt your communications via IPSEC. Z Edward E. Ziots CISSP, N [ more ] [ reply ] SourceBans Version 1.4.7 XSS 2011-02-09 null null null # Exploit Title: SourceBans Version 1.4.7 XSS # Google Dork: inurl:"sourcebans/index.php?p=submit" # Date: Feb. 9th 2011 # Author: Sw1tCh # Software Link: http://www.sourcebans.net/ # Version: 1.4.7 Info: SourceBans is an application for managing publicly the banned users for a Steam Ser [ more ] [ reply ] TPTI-11-03: Adobe Shockwave Font Xtra String Decoding Remote Code Execution Vulnerability 2011-02-09 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-11-03: Adobe Shockwave Font Xtra String Decoding Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-03 February 8, 2011 -- CVE ID: CVE-2011-0556 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Playe [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2163-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Nico Golde
February 14, 2011
[ more ] [ reply ]