SecurityFocus

[CFP] LACSEC 2011: 6th Network Security Event for Latin America and the Caribbean 2011-01-24
Fernando Gont (fernando gont gmail com)

***********************************************************************
CALL FOR PRESENTATIONS
***********************************************************************
LACSEC 2011
6th Network Security Event for Latin America and the Caribbean

[ more ] [ reply ]

[USN-1048-1] Tomcat vulnerability 2011-01-24
Marc Deslauriers (marc deslauriers canonical com)

===========================================================
Ubuntu Security Notice USN-1048-1 January 24, 2011
tomcat6 vulnerability
CVE-2010-4172
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 L

[ more ] [ reply ]

phpcms V9 BLind SQL Injection Vulnerability 2011-01-21
eidelweiss windowslive com

=================================================================
phpcms V9 BLind SQL Injection Vulnerability
=================================================================

Software: phpcms V9
Vendor: www.phpcms.cn
Vuln Type: BLind SQL Injection
Download link: http://www.phpcms.cn/2010/1229/32

[ more ] [ reply ]

ESA-2011-001: RSA, The Security Division of EMC, addresses RKM 1.5 C Client SQL Injection Vulnerability 2011-01-21
Security_Alert emc com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2011-001: RSA, The Security Division of EMC, addresses RKM 1.5 C Client SQL Injection Vulnerability

Security Advisory

Updated January 13, 2011

Summary:

The vulnerability that was identified in the RSA Key Manager (RKM) C client 1.5 wh

[ more ] [ reply ]

[USN-1047-1] AWStats vulnerability 2011-01-24
Marc Deslauriers (marc deslauriers canonical com)

===========================================================
Ubuntu Security Notice USN-1047-1 January 24, 2011
awstats vulnerability
CVE-2010-4369
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.0

[ more ] [ reply ]

[SECURITY] [DSA 2150-1] request-tracker3.6 security update 2011-01-22
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2150-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
January 22, 2011

[ more ] [ reply ]

[ MDVSA-2011:018 ] sudo 2011-01-21
security mandriva com

[ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities 2011-01-21
Tim Sammut (underling gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201101-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities 2011-01-21
Tim Sammut (underling gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201101-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ MDVSA-2011:017 ] tetex 2011-01-21
security mandriva com

[ MDVSA-2011:016 ] t1lib 2011-01-21
security mandriva com

NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability 2011-01-20
NSO Research (nso-research sotiriu de)

______________________________________________________________________
-------------------------- NSOADV-2010-010 ---------------------------

DATEV Multiple Applications DLL Hijacking Vulnerability
______________________________________________________________________
________________________

[ more ] [ reply ]

IETF RFC on Port Randomization 2011-01-21
Fernando Gont (fernando gont gmail com)

Folks,

Our document "Recommendations for Transport-Protocol Port
Randomization" has finally been published as RFC 6056.

Its abstract is:
---- cut here ----
During the last few years, awareness has been raised about a number
of "blind" attacks that can be performed against the Transmission
Control

[ more ] [ reply ]

[ MDVSA-2011:015 ] pcsc-lite 2011-01-20
security mandriva com

[TEHTRI-Security] CVE-2010-2599: Update your BlackBerry 2011-01-21
Laurent OUDOT at TEHTRI-Security (laurent oudot tehtri-security com)

Gents,

BlackHat Washington DC has just finished, and we wanted to let you know
that RIM officially released a patch for the vulnerability found by
TEHTRI-Security in BlackBerry devices, and covered during our talk:
"Inglourious Hackerds: Targeting Web Clients".

The 0day created by TEHTRI-Security

[ more ] [ reply ]

Code execution in Microsoft Fax Cover Page Editor 2011-01-20
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Microsoft Fax Cover Page Editor
http://windows.microsoft.com/en-US/windows-vista/Create-or-edit-a-fax-co
ver-page
Versions: <= 5.2.3790.3959
Platforms:

[ more ] [ reply ]

London DEFCON - DC4420 - Tuesday 25th January 2011 - SOCIAL 2011-01-21
Major Malfunction (majormal pirate-radio org)

Hi All!

As if eating drinking and hacking your way through Christmas and New
Year weren't enough, we've now got Burns Night to contend with, a new
venue to break in, and only a few days to get ready!!!

Yes, after several months of stomping (actually, cycling in his case)
the streets, alien has

[ more ] [ reply ]

[security bulletin] HPSBMA02622 SSRT100342 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Cross Site Scripting (XSS) 2011-01-21
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02678501
Version: 1

HPSBMA02622 SSRT100342 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Cross Site Scripting (XSS)

NOTICE: The information in this

[ more ] [ reply ]

[security bulletin] HPSBUX02623 SSRT100355 rev.1 - HP-UX Running Kerberos, Remote Unauthorized Modification 2011-01-21
security-alert hp com

[ MDVSA-2011:014 ] ccid 2011-01-20
security mandriva com

SQL Injection in Pixie 2011-01-20
advisory htbridge ch

Vulnerability ID: HTB22786
Reference: http://www.htbridge.ch/advisory/sql_injection_in_pixie_1.html
Product: Pixie
Vendor: Lucid Crew ( http://www.getpixie.co.uk/ )
Vulnerable Version: 1.04
Vendor Notification: 06 January 2011
Vulnerability Type: SQL Injection
Status: Awaiting Vendor Response
Ris

[ more ] [ reply ]

DotNetNuke Remote Code Execution vulnerability 2011-01-20
Daniel Niggebrugge (Niggebrugge fox-it com)

=======================================
Vulnerability discovered: November 23, 2010
Discovered by: Daniël Niggebrugge, Fox-IT BV (https://www.fox-it.com/)
Reported to vendor: November 30, 2010
Fix available: Yes
=======================================

PRODUCT
-------------
DotNetNuke is an open sou

[ more ] [ reply ]

SQL Injection in Pixie 2011-01-20
advisory htbridge ch

Vulnerability ID: HTB22785
Reference: http://www.htbridge.ch/advisory/sql_injection_in_pixie.html
Product: Pixie
Vendor: Lucid Crew ( http://www.getpixie.co.uk/ )
Vulnerable Version: 1.04
Vendor Notification: 06 January 2011
Vulnerability Type: SQL Injection
Status: Awaiting Vendor Response
Risk

[ more ] [ reply ]

[USN-1046-1] Sudo vulnerability 2011-01-20
Jamie Strandboge (jamie canonical com)

===========================================================
Ubuntu Security Notice USN-1046-1 January 20, 2011
sudo vulnerability
CVE-2011-0010
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS

[ more ] [ reply ]

[SECURITY] [DSA 2149-1] Security update for dbus 2011-01-20
Nico Golde (nion debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
---
Debian Security Advisory DSA-2149-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Nico Golde
January 20, 2011

[ more ] [ reply ]

[security bulletin] HPSBMA02625 SSRT100138 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code 2011-01-19
security-alert hp com

[USN-1045-2] util-linux update 2011-01-19
Marc Deslauriers (marc deslauriers canonical com)

===========================================================
Ubuntu Security Notice USN-1045-2 January 19, 2011
util-linux update
CVE-2010-3879
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ub

[ more ] [ reply ]

[USN-1045-1] FUSE vulnerability 2011-01-19
Marc Deslauriers (marc deslauriers canonical com)

===========================================================
Ubuntu Security Notice USN-1045-1 January 19, 2011
fuse vulnerability
CVE-2010-3879
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
U

[ more ] [ reply ]

[ MDVSA-2011:013 ] hplip 2011-01-19
security mandriva com

Simploo CMS Community Edition - Remote PHP Code Execution Issue 2011-01-18
david kurz majorsecurity net

Details
=============
Product: Simploo CMS Community Edition
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.simploo.de/
Advisory-Status: published

Credits
=============
Discovered by: David Vieira-Kurz of MajorSecurity

Affected Products:
=============
Simploo CMS 1.7.1 and pri

[ more ] [ reply ]