|
|
Prev week |
Colapse all |
Post message
[HITB-Announce] HITB Magazine #5 Call for Articles 2010-11-11 Hafez Kamal (aphesz hackinthebox org) Good Day! As you already know, we have released 4 issues in 2010 and gained a lot of experiences working on them. For 2011, we have some great plans for our readers. Our main focus for next year is to publish more high quality articles and for that reason, we are now announcing a Call for Articles [ more ] [ reply ] iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability 2010-11-11 labs-no-reply (labs-no-reply idefense com) iDefense Security Advisory 11.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 11, 2010 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file fo [ more ] [ reply ] [TEHTRI-Security] CVE-2010-1752: Update your MacOSX 2010-11-11 Laurent OUDOT at TEHTRI-Security (laurent oudot tehtri-security com) Gents, During the 1st HITB Amsterdam 2010, TEHTRI-Security made advisories about security issues on handled devices (iPhone, HTC, iPad, BlackBerry, etc). As we made penetration tests for more than 15 years on highly sensitive networks, we were luckily able to find vulnerabilities working on those [ more ] [ reply ] [USN-1017-1] MySQL vulnerabilities 2010-11-11 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1017-1 November 11, 2010 mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities CVE-2010-2008, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, C [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs 2010-11-10 FreeBSD Security Advisories (security-advisories freebsd org) Additional information on the Microsoft Office 2010 binary planting bugs 2010-11-10 ACROS Security Lists (lists acros si) Microsoft patched three binary planting bugs in Office 2010 yesterday: PowerPoint: http://www.acrossecurity.com/aspr/ASPR-2010-11-10-1-PUB.txt Word: http://www.acrossecurity.com/aspr/ASPR-2010-11-10-2-PUB.txt Excel: http://www.acrossecurity.com/aspr/ASPR-2010-11-10-3-PUB.txt We're making some add [ more ] [ reply ] CORE-2010-1018 - Landesk OS command injection 2010-11-10 CORE Security Technologies Advisories (advisories coresecurity com) [USN-1016-1] libxml2 vulnerability 2010-11-10 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1016-1 November 10, 2010 libxml2 vulnerability CVE-2010-4008 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8. [ more ] [ reply ] Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability 2010-11-11 Secunia Research (remove-vuln secunia com) Apple Directory Services Memory Corruption - CVE-2010-1840 2010-11-11 Rodrigo Branco (rbranco checkpoint com) Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Apple Directory Services Memory Corruption CVE-2010-1840 INTRODUCTI [ more ] [ reply ] Vulnerability in Google AJAX Search 2010-11-10 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in Google AJAX Search. In 2007 I already wrote about vulnerability in Google Custom Search Engine (http://websecurity.com.ua/1050/) - CVE-2007-3484 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3484), and this i [ more ] [ reply ] Re: Kernel 0-day 2010-11-10 James Lay (jlay slave-tothe-box net) What kernel version(s) is/are impacted? Tried on one and no workie. James On 11/9/10 3:18 PM, "Dan Rosenberg" <dan.j.rosenberg (at) gmail (dot) com [email concealed]> wrote: >Enjoy... > >-Dan > > >/* > * You've done it. After hours of gdb and caffeine, you've finally got a >shell > * on your target's server. Maybe next t [ more ] [ reply ] eBlog 1.7 Multiple SQL Injection Vulnerabilities 2010-11-10 Salvatore Fresta aka Drosophila (drosophilaxxx gmail com) Babylon Cross-Application Scripting Code Execution 2010-11-10 Roee Hay (ROEEH il ibm com) Introduction ============ Babylon is a single-click computer online dictionary and translation software which is also capable of translating whole documents and web pages. The translation and dictionary results are presented to the user via the Trident layout engine (an in-app/embedded Internet-Exp [ more ] [ reply ] [USN-1015-1] libvpx vulnerability 2010-11-10 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1015-1 November 10, 2010 libvpx vulnerability CVE-2010-4203 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisor [ more ] [ reply ] ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010 2010-11-10 ACROS Security Lists (lists acros si) =====[BEGIN-ACROS-REPORT]===== PUBLIC ======================================================================== = ACROS Security Problem Report #2010-11-10-2 ------------------------------------------------------------------------ - ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010 == [ more ] [ reply ] ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010 2010-11-10 ACROS Security Lists (lists acros si) =====[BEGIN-ACROS-REPORT]===== PUBLIC ======================================================================== = ACROS Security Problem Report #2010-11-10-3 ------------------------------------------------------------------------ - ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010 = [ more ] [ reply ] ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010 2010-11-10 ACROS Security Lists (lists acros si) =====[BEGIN-ACROS-REPORT]===== PUBLIC ======================================================================== = ACROS Security Problem Report #2010-11-10-1 ------------------------------------------------------------------------ - ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2 [ more ] [ reply ] iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability 2010-11-10 labs-no-reply (labs-no-reply idefense com) iDefense Security Advisory 11.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 09, 2010 I. BACKGROUND Microsoft Word is a word processing application from Microsoft Office. For more information about Microsoft Word, see the following website: http://office.microsoft.com/en-us/word/ [ more ] [ reply ] Kernel 0-day 2010-11-09 Dan Rosenberg (dan j rosenberg gmail com) Enjoy... -Dan /* * You've done it. After hours of gdb and caffeine, you've finally got a shell * on your target's server. Maybe next time they will think twice about * running MyFirstCompSciProjectFTPD on a production machine. As you take * another sip of Mountain Dew and pick some of the [ more ] [ reply ] Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability 2010-11-09 Secunia Research (remove-vuln secunia com) Re: D-Link DIR-300 authentication bypass 2010-11-09 Karol CeliÅ?ski (karol celin pl) On some versions of the firmware, exploit says that "something goes wrong" despite of password change is successfull. There is a fixed version: ---cut here--- <?php if(sizeof($argv)!=4) { echo "Usage: php5 $argv[0] <router ip addres> <port> <admin password>\n"; exit; } $ch=curl_init(); cur [ more ] [ reply ] |
|
Privacy Statement |
Greetings.
Marcelo.
[ more ] [ reply ]