-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2158-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
February 9, 2011

[ more ]  [ reply ]

If someone 0wns your pipe between you and the Terminal Server(s) then
you got bigger problems then the existing MITM attack. Whether the
attack sets it up via ARP spoofing, or other trickery.

If you are really worried about this, encrypt your communications via
IPSEC.

Z

Edward E. Ziots
CISSP, N

[ more ]  [ reply ]

# Exploit Title: SourceBans Version 1.4.7 XSS

# Google Dork: inurl:"sourcebans/index.php?p=submit"

# Date: Feb. 9th 2011

# Author: Sw1tCh

# Software Link: http://www.sourcebans.net/

# Version: 1.4.7

Info:

SourceBans is an application for managing publicly the banned users for a Steam Ser

[ more ]  [ reply ]

TPTI-11-03: Adobe Shockwave Font Xtra String Decoding Remote Code Execution Vulnerability

http://dvlabs.tippingpoint.com/advisory/TPTI-11-03

February 8, 2011

-- CVE ID:
CVE-2011-0556

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Shockwave Playe

[ more ]  [ reply ]

TPTI-11-05: Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution Vulnerability

http://dvlabs.tippingpoint.com/advisory/TPTI-11-05

February 8, 2011

-- CVE ID:
CVE-2011-0569

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Shockwave Player

[ more ]  [ reply ]

TPTI-11-04: Adobe Shockwave GIF Logical Screen Descriptor Parsing Remote Code Execution Vulnerability

http://dvlabs.tippingpoint.com/advisory/TPTI-11-04

February 8, 2011

-- CVE ID:
CVE-2010-4189

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Sho

[ more ]  [ reply ]

TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution Vulnerability

http://dvlabs.tippingpoint.com/advisory/TPTI-11-02

February 8, 2011

-- CVE ID:
CVE-2011-0555

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Shockwave Player

-

[ more ]  [ reply ]

TPTI-11-01: Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code Execution Vulnerability

http://dvlabs.tippingpoint.com/advisory/TPTI-11-01

February 8, 2011

-- CVE ID:
CVE-2010-4188

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Shockwave

[ more ]  [ reply ]

Not if you use smartcard authentication.

-----Original Message-----
From: sam.vaughey (at) gmail (dot) com [email concealed] [mailto:sam.vaughey (at) gmail (dot) com [email concealed]]
Sent: Tuesday, February 08, 2011 6:16 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: Microsoft Terminal Services vulnerable to MITM-attacks.

Does this issue still exist ?

[ more ]  [ reply ]

On 2011-02-08 sam.vaughey (at) gmail (dot) com [email concealed] wrote:
> Does this issue still exist ?

Depends on the configuration. Unless configured to require network level
authentication, RDP is still prone to MitM attacks AFAIK.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patc

[ more ]  [ reply ]

Michael Brooks (Sitewatch) discovered an XSS issue in the nonjs
interface that allowed HTML injection via a crafted parameter.

0.5.10 is now available. This is actually just 0.5.9 with the
following fix:

- CVE-2011-0050: XSS in R param in nonjs interface

David

[ more ]  [ reply ]

iDefense Security Advisory 02.08.11
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2011

I. BACKGROUND

Adobe Flash Player is an application for viewing animations and movies
using computer programs such as a Web browser; in common usage, Flash
lets you put animation and movies on a

[ more ]  [ reply ]

iDefense Security Advisory 02.08.11
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2011

I. BACKGROUND

Adobe Flash Player is an application for viewing animations and movies
using computer programs such as a Web browser; in common usage, Flash
lets you put animation and movies on a

[ more ]  [ reply ]

ZDI-11-081: Adobe Flash Player Point Object Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-081

February 8, 2011

-- CVE ID:
CVE-2011-0578

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Flash Player

-- Vuln

[ more ]  [ reply ]

ZDI-11-080: Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-080

February 8, 2011

-- CVE ID:
CVE-2010-4190

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe

[ more ]  [ reply ]

ZDI-11-079: Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-079

February 8, 2011

-- CVE ID:
CVE-2011-0557

-- CVSS:
9, (AV:N/AC:L/Au:N/C:C/I:P/A:P)

-- Affected Vendors:
Adobe

-- Affected Products:
Adob

[ more ]  [ reply ]

ZDI-11-078: Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-078

February 8, 2011

-- CVE ID:
CVE-2010-4192

-- CVSS:
9, (AV:N/AC:L/Au:N/C:C/I:P/A:P)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe

[ more ]  [ reply ]

iDefense Security Advisory 02.08.11
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2011

I. BACKGROUND

Adobe Shockwave Player is a popular Web browser plug-in. It is available
for multiple Web browsers and platforms, including Windows, and MacOS.
Shockwave Player enables Web browser

[ more ]  [ reply ]

ZDI-11-077: Adobe Acrobat Reader U3D Texture Parser ILBM Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-077

February 8, 2011

-- CVE ID:
CVE-2011-0590

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Acrobat

[ more ]  [ reply ]

iDefense Security Advisory 02.08.11
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2011

I. BACKGROUND

Adobe Reader/Acrobat is a Portable Document Format Viewer (PDF). For
more information, see the vendor's site found at the following link.

http://www.adobe.com/products/reader/

II

[ more ]  [ reply ]

ZDI-11-076: RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-076

February 8, 2011

-- CVE ID:
CVE-2011-0694

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
RealNetworks

-- Affected Products:

[ more ]  [ reply ]

ZDI-11-075: Adobe Acrobat Reader rt3d.dll Multimedia Playing Arbitrary Memory Overwite Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-075

February 8, 2011

-- CVE ID:
CVE-2011-0606

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Aff

[ more ]  [ reply ]

ZDI-11-074: Adobe Reader u3d Parent Node Count Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-074

February 8, 2011

-- CVE ID:
CVE-2011-0600

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Reader

-- Vulnera

[ more ]  [ reply ]

ZDI-11-073: Adobe Reader ICC Parsing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-073

February 8, 2011

-- CVE ID:
CVE-2011-0598

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Reader

-- Vulnerability Det

[ more ]  [ reply ]

ZDI-11-072: Adobe Reader BMP ColorData Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-072

February 8, 2011

-- CVE ID:
CVE-2011-0599

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Reader

-- TippingPoint(TM

[ more ]  [ reply ]

ZDI-11-071: Adobe Reader BMP RLE_8 Decompression Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-071

February 8, 2011

-- CVE ID:
CVE-2011-0596

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adobe Reader

-- Vulne

[ more ]  [ reply ]

ZDI-11-070: Adobe Acrobat Reader U3D Texture .fli RLE Decompression Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-070

February 8, 2011

-- CVE ID:
CVE-2011-0595

-- CVSS:
9.7, (AV:N/AC:L/Au:N/C:C/I:C/A:P)

-- Affected Vendors:
Adobe

-- Affected Products:
A

[ more ]  [ reply ]

ZDI-11-069: Adobe Acrobat Reader U3D Texture psd RLE Decompression Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-069

February 8, 2011

-- CVE ID:
CVE-2011-0593

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Adob

[ more ]  [ reply ]

ZDI-11-067: Adobe Acrobat Reader U3D Texture rgba RLE Decompression Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-067

February 8, 2011

-- CVE ID:
CVE-2011-0591

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Adobe

-- Affected Products:
Ado

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:024
http://www.mandriva.com/security/
______________________________________________________________________

[ more ]  [ reply ]