|
|
Prev week |
Colapse all |
Post message
Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability 2010-11-09 Secunia Research (remove-vuln secunia com) D-Link DIR-300 authentication bypass 2010-11-09 Karol CeliÅ?ski (karol celin pl) [intro] Hello, I found security bug in D-Link DIR-300 wireless router. It can be used to bypass authentication mechanizm by attacker with access to web interface. I reported it to D-Link but they are not replying for my emails. According to other D-Link security holes and their status I think that t [ more ] [ reply ] [USN-1008-4] libvirt regression 2010-11-08 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1008-4 November 08, 2010 libvirt regression https://launchpad.net/bugs/665531 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 1 [ more ] [ reply ] [CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch 2010-11-08 CORE Security Technologies Advisories (advisories coresecurity com) JQuarks4s Joomla Component 1.0.0 Blind SQL Injection Vulnerability 2010-11-08 Salvatore Fresta aka Drosophila (drosophilaxxx gmail com) DIMVA 2011 Call for Workshops Proposals 2010-11-08 Lorenzo Cavallaro (lorenzo cavallaro gmail com) FYI, (Apologies if you receive multiple copies) ----- BEGIN DIMVA 2011 Call for Workshops Proposals ----- This year, in a break from previous DIMVAs, we want to allow for a small number of workshops to be co-located with the main conference. Researchers and practitioners are therefore invited [ more ] [ reply ] Re: Seo Panel 2.1.0 - Critical File Disclosure 2010-11-08 Zach C (fxchip gmail com) This is really a non-fix, as some legitimate files might have the double-period as part of its name and might still be circumvented with exactly the same string you provided here minus one slash. The real solution would be to get the absolute path of the file provided and fail if that path isn't b [ more ] [ reply ] Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP 2010-11-08 Philippe Langlois (philippe langlois gmail com) Malware Collections and Feed Exchange 2010-11-08 Rodrigo Rubira Branco (BSDaemon) (rodrigo kernelhacking com) Dear All, I'm really proud to announce that the first stage of the Dissect.pe project is in beta now! The idea of the project is to provide a free interface for malware analysis, similar to other existing projects, but with advances that will be announced when we start freely dissecting samples. [ more ] [ reply ] Seo Panel 2.1.0 - Critical File Disclosure 2010-11-08 advisories intern0t net Seo Panel - Critical File Disclosure Versions Affected: 2.1.0 (previous versions were not checked.) Info: A complete open source seo control panel for managing search engine optimization of your websites. Seo Panel is a seo tool kit includes latest hot seo tools to increase and track the perfor [ more ] [ reply ] Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978 2010-11-08 Rodrigo Branco (rbranco checkpoint com) Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Spree e-commerce JSON Hijacking Vulnerabilities CVE-2010-3978 INTR [ more ] [ reply ] some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability) 2010-11-08 Michal Zalewski (lcamtuf coredump cx) This reminded me of a bunch of problems I spotted in Juniper SSL VPN a while ago; they are apparently fixed, but I don't recall seeing any public vendor advisory / credit for reporting them - so here you go, even if just for the record... These were fixed by Juniper in IVE 6.3R1, 6.2R3, 6.1R5, 6.0R [ more ] [ reply ] Vulnerabilities in PHPShop 2010-11-06 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about Insufficient Anti-automation, Cross-Site Scripting, Denial of Service and Full path disclosure vulnerabilities in PHPShop. This is engine for online shops. ------------------------- Affected products: ------------------------- Vulnerable are PHPShop 2.1 EE [ more ] [ reply ] CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment 2010-11-06 Konrad Rieck (konrad rieck tu-berlin de) nSense-2010-003: Cisco Unified Communications Manager 2010-11-05 Henri Lindberg henri+lists (at) nsense (dot) fi [email concealed] (henri+lists nsense fi) Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws 2010-11-05 YGN Ethical Hacker Group (lists yehg net) This public disclosure has achieved its aim. Joomla! Team finally patched this hole. http://developer.joomla.org/security/news/9-security/10-core-security/32 3-20101101-core-sqli-info-disclosurevulnerabilities.html Upgrade to the latest Joomla! version (1.5.22 or later). >>>>>>>>>>>>>>>>>>>>>>> [ more ] [ reply ] Angel LMS Exploit 2010-11-05 Wesley Kerfoot (wjak56 gmail com) I have discovered a security exploit in Angel LMS 7.3 "Colleges and universities worldwide choose the ANGEL LMS to deliver powerful online teaching and learning experiences. ANGEL provides the comprehensive LMS features institutions need in a simple interface that promotes adoption. A recognized in [ more ] [ reply ] Common consumer routers password disclosure 2010-11-05 danieljcrteixeira gmail com Date: 2010-11-03 Product:Embedded Web Server HTTP1.0 Vendors: AirLive ARM-204, AirLive WT-2000ARM, D-Link DVA-G3170i/PT, Edimax AR-7084ga, Huawei, Aolynk DR814Q, DrayTek Vigor2700 series, DrayTek Vigor2920 series, Thomson TG784, ZyXEL P-660RU-T1v3 Vulnerability Type: Password disclosure Status: Not [ more ] [ reply ] Wargame Qualifications - Win a car !!! 2010-11-05 Ivan Buetler (ivan buetler csnc ch) Dear bugtraq reader, We are proud to announce, that we have a very cool winner prize waiting for you at Swiss Cyber Storm 3 Security Conference in May 2011! The best hacker wins a brand new car with an approx. value of CHF 30'000. This is about 22'000 EURO or 30'000 US dollars. Qualify yourself! [ more ] [ reply ] ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player 2010-11-05 ACROS Security Lists (lists acros si) =====[BEGIN-ACROS-REPORT]===== PUBLIC ======================================================================== = ACROS Security Problem Report #2010-11-05-01 ------------------------------------------------------------------------ - ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player = [ more ] [ reply ] [FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability 2010-11-05 xpzhang (xpzhang fortinet com) [FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability Fortinet Discovers Adobe Flash Player Vulnerability 2010.Nov.04 Summary: Fortinet's FortiGuard Labs has discovered a Memory corruption vulnerability in Adobe Flash Player(Flash10h.ocx), which may lead to arbitrar [ more ] [ reply ] [USN-1014-1] Pidgin vulnerabilities 2010-11-04 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1014-1 November 04, 2010 pidgin vulnerabilities CVE-2010-1624, CVE-2010-3711 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8. [ more ] [ reply ] [USN-1013-1] FreeType vulnerabilities 2010-11-04 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1013-1 November 04, 2010 freetype vulnerabilities CVE-2010-3311, CVE-2010-3814, CVE-2010-3855 =========================================================== A security issue affects the following Ubuntu rel [ more ] [ reply ] [USN-1012-1] CUPS vulnerability 2010-11-04 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1012-1 November 04, 2010 cups, cupsys vulnerability CVE-2010-2941 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubun [ more ] [ reply ] Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer 2010-11-04 Arturo 'Buanzo' Busleiman (buanzo buanzo com ar) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Directory Traversal is not only a web-server vulnerability, neza0x. Webapps can be vulnerable as well. Or 3rd party [nginx|apache|etc] modules, for that matter. On 11/03/2010 05:49 PM, neza0x (at) gmail (dot) com [email concealed] wrote: > Directory Traversal still alive? I mean [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:223
http://www.mandriva.com/security/
______________________________________________________________________
[ more ] [ reply ]