|
|
Prev week |
Colapse all |
Post message
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw 2011-01-05 Stefan Fritsch (sf debian org) Re: [ATHCON2011] CFP/ Call for Papers - AthCon IT Security Conference 2011-01-06 Kyprianos Vasilopoulos (kyprianos athcon org) AthCon IT Security Conference - http://www.athcon.org Call for Papers and Workshops http://www.athcon.org/cfp AthCon is the first highly technical information security conference in Greece, first introduced in June 2010. This year's AthCon will take place from 2nd - 3d June 2011, in Athens at th [ more ] [ reply ] [SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw 2011-01-05 Stefan Fritsch (sf debian org) [SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow 2011-01-05 Stefan Fritsch (sf debian org) [ GLSA 201101-01 ] gif2png: User-assisted execution of arbitrary code 2011-01-05 Tim Sammut (underling gentoo org) Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability 2011-01-05 YGN Ethical Hacker Group (lists yehg net) ======================================================================== ====== Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability ======================================================================== ====== 1. OVERVIEW The Joomla! 1.0.x series are currently vulnerable to Cross S [ more ] [ reply ] Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section 2011-01-05 Walikar Riyaz Ahemed Dawalmalik (WalikarRiyazAD microland com) Hi, This is regarding multiple CSRF (Cross Site Request Forgery) Vulnerabilities in Openfire 3.6.4 Administrative Section. The following is the disclosure document: Title: Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section ------------------------------------------------------- [ more ] [ reply ] BlogEngine.NET 1.6 Multiple Vulnerabilities 2011-01-05 Deniz CEVIK (denizcev gmail com) Product: BlogEngine.NET Vendor informed: 24 Sep 2010 Fixed Version Released: 01 Jan 2011 Affected Versions: 1.6.x and prior versions Severtiy: Critical Impact: Information Discloure and System Compromise Description: BlogEngine.NET is an open source .NET blogging project that was born out of desir [ more ] [ reply ] Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section 2011-01-05 Walikar Riyaz Ahemed Dawalmalik (WalikarRiyazAD microland com) Hi, This is regarding multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section. The following is the disclosure document: Title: Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section ------------------------------------------------------------------------ ------------- [ more ] [ reply ] Getting root, the hard way 2011-01-05 Dan Rosenberg (dan j rosenberg gmail com) /* * Linux Kernel CAP_SYS_ADMIN to root exploit * by Dan Rosenberg * @djrbliss on twitter * * Usage: * gcc -w caps-to-root.c -o caps-to-root * sudo setcap cap_sys_admin+ep caps-to-root * ./caps-to-root * * This exploit is NOT stable: * * * It only works on 32-bit x86 machines * * * I [ more ] [ reply ] [USN-1035-1] Evince vulnerabilities 2011-01-05 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1035-1 January 05, 2011 evince vulnerabilities CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643 =========================================================== A security issue affects the followin [ more ] [ reply ] VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap 2011-01-05 VMware Security Team (security vmware com) www.eVuln.com : "id" SQL Injection in WikLink 2011-01-05 bt evuln com www.eVuln.com advisory: "id" SQL Injection in WikLink Summary: http://evuln.com/vulns/171/summary.html Details: http://evuln.com/vulns/171/description.html -----------Summary----------- eVuln ID: EV0171 Software: WikLink Vendor: n/a Version: 0.1.3 Critical Level: medium Type: SQL Injection Status [ more ] [ reply ] [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss 2011-01-04 Ewerson Guimarães (Crash) - Dclabs (crash dclabs com br) [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss [Software/Hardware] - LinkSys DSL Router BEFSR41 V2 [Vendor Product Description] - This Router will allow your computers to share a high-speed Internet connection as well as resources, including files and printers. [Bug Description] - Linksys does [ more ] [ reply ] Mathematica8 on Linux /tmp/MathLink vulnerability 2011-01-03 paul szabo sydney edu au The problem that was reported as below for Mathematica7, is present also/still in (the "free trial" version of) Mathematica8. Cheers, Paul Szabo psz (at) maths.usyd.edu (dot) au [email concealed] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia --- I wrote on [ more ] [ reply ] Geeklog 1.7.1 <= Cross Site Scripting Vulnerability 2011-01-03 YGN Ethical Hacker Group (lists yehg net) ========================================================= Geeklog 1.7.1 <= Cross Site Scripting Vulnerability ========================================================= 1. OVERVIEW The Geeklog was vulnerable to Cross Site Scripting in its administration backend. 2. BACKGROUND Geeklog is a PHP/ [ more ] [ reply ] [ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration 2011-01-01 Andrea Purificato (andrea purificato gmail com) Hi sec-folks, I recently discuss with Ariadne team to public disclose two new different vulnerabilities found in Ariadne Content Manager (ACM). As the name says, ACM is an enterprise solution for content management mainly used by big private and public companies and institutions. This is the site [ more ] [ reply ] www.eVuln.com : SQL Injection in WikLink 2011-01-03 bt evuln com www.eVuln.com advisory: SQL Injection in WikLink Summary: http://evuln.com/vulns/170/summary.html Details: http://evuln.com/vulns/170/description.html -----------Summary----------- eVuln ID: EV0170 Software: WikLink Vendor: n/a Version: 0.1.3 Critical Level: medium Type: SQL Injection Status: Unp [ more ] [ reply ] Announcing cross_fuzz, a potential 0-day in circulation, and more 2011-01-01 Michal Zalewski (lcamtuf coredump cx) Hi list, == SUMMARY == I am happy to announce the availability of cross_fuzz - an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market - many of said bugs exploitable - and is still finding more. T [ more ] [ reply ] CA20101231-01: Security Notice for CA ARCserve D2D 2010-12-31 Williams, James K (James Williams ca com) CA20101231-01: Security Notice for CA ARCserve D2D Issued: December 31, 2010 CA Technologies support is alerting customers to a security risk with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an Information Solution to address [ more ] [ reply ] HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc 2010-12-31 ipsdix gmail com <!-- HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc by rgod tested against Windows Vista / IE 7 download url: http://www.hp.com/global/us/en/consumer/digital_photography/free/softwar e/photo-creations.html activex [ more ] [ reply ] [SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities 2010-12-31 Thijs Kinkhorst (thijs debian org) Path disclousure in Nibbleblog 2010-12-30 advisory htbridge ch Vulnerability ID: HTB22760 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_nibbleblog.html Product: Nibbleblog Vendor: Diego Ignacio Gabriel Najar Carrascal ( http://www.nibbleblog.com/ ) Vulnerable Version: 3.0.1 Vendor Notification: 15 December 2010 Vulnerability Type: Path disclo [ more ] [ reply ] Path disclosure in LightNEasy 2010-12-30 advisory htbridge ch Vulnerability ID: HTB22753 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_lightneasy.html Product: LightNEasy Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) Vulnerable Version: 3.2.2 Vendor Notification: 15 December 2010 Vulnerability Type: Path disclosure Status: Not Fixe [ more ] [ reply ] LFI in LightNEasy 2010-12-30 advisory htbridge ch Vulnerability ID: HTB22752 Reference: http://www.htbridge.ch/advisory/lfi_in_lightneasy.html Product: LightNEasy Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) Vulnerable Version: 3.2.2 Vendor Notification: 15 December 2010 Vulnerability Type: LFI Status: Not Fixed, Vendor Alerted, Await [ more ] [ reply ] Information disclosure in LightNEasy 2010-12-30 advisory htbridge ch Vulnerability ID: HTB22751 Reference: http://www.htbridge.ch/advisory/information_disclosure_in_lightneasy.htm l Product: LightNEasy Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) Vulnerable Version: 3.2.2 Vendor Notification: 15 December 2010 Vulnerability Type: Information disclosure St [ more ] [ reply ] SQL Injection in LightNEasy 2010-12-30 advisory htbridge ch Vulnerability ID: HTB22750 Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy.html Product: LightNEasy Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) Vulnerable Version: 3.2.2 Vendor Notification: 15 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, V [ more ] [ reply ] Path disclousure in ocPortal 2010-12-30 advisory htbridge ch Vulnerability ID: HTB22761 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_ocportal.html Product: ocPortal Vendor: ocProducts Ltd ( http://ocportal.com ) Vulnerable Version: 5.0.3 Vendor Notification: 15 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Ale [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2141-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Stefan Fritsch
January 06, 2011
[ more ] [ reply ]