|
|
Prev week |
Colapse all |
Post message
[security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access 2010-10-26 security-alert hp com [security bulletin] HPSBMA02599 SSRT100235 rev.1 - HP Virtual Server Environment for Windows, Remote Arbitrary File Download 2010-10-26 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02563225 Version: 1 HPSBMA02599 SSRT100235 rev.1 - HP Virtual Server Environment for Windows, Remote Arbitrary File Download NOTICE: The information in this Security Bulletin should be acted upo [ more ] [ reply ] [security bulletin] HPSBMA02597 SSRT100198 rev.1 - HP Version Control Repository Manager (VCRM) for Windows, Remote Cross Site Scripting (XSS) 2010-10-26 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02560536 Version: 1 HPSBMA02597 SSRT100198 rev.1 - HP Version Control Repository Manager (VCRM) for Windows, Remote Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin s [ more ] [ reply ] Re: Web challenges from RootedCON'2010 CTF - Contest -> Solutions and Write-ups 2010-10-26 Roman Medina-Heigl Hernandez (roman rs-labs com) Contest is over. PPP (Plaid Parliament of Pwning) won the prize. Write-ups (3 in English and 1 in Spanish) were packed in this .rar file: http://www.rs-labs.com/noticias/rootedctf-results/rooted-online-ctf-writ eups-september-2010.rar (see "readme" file with complete info and press-release). Thanks [ more ] [ reply ] [security bulletin] HPSBMA02598 SSRT100314 rev.1 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF). 2010-10-26 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02560655 Version: 1 HPSBMA02598 SSRT100314 rev.1 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery ( [ more ] [ reply ] Re: IPv6 security myths 2010-10-26 Fernando Gont (fernando gont gmail com) Folks, FYI, some have reported problems with accessing the slides. While I debug the reported problem, you may access the slides from the LACNOG 2010 site at: http://www.lacnic.net/documentos/presentaciones/lacnicxiv/ipv6-security- assessment.pdf Thanks, Fernando On Sun, Oct 24, 2010 at 6:33 PM [ more ] [ reply ] RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack 2010-10-25 Thor (Hammer of God) (thor hammerofgod com) I've tested loading a library from an application that requires admin privileges from a normal user and it will prompt for UAC if needed or fail. I understand where the jacking takes place, but you are making it seem like you can bypass user permissions when you can't. At least that's what I got f [ more ] [ reply ] RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack 2010-10-25 ACROS Security Lists (lists acros si) Hi Thor, Thanks to Microsoft's "defense in depth," double-clicking an .exe from a remote share pops up a security warning. In contrast, double-clicking a data file that opens a vulnerable application (which downloads and executes a .dll from the same share) doesn't trigger such security warning. Y [ more ] [ reply ] [security bulletin] HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code 2010-10-26 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01439758 Version: 2 HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code NOTICE: The information in this [ more ] [ reply ] [USN-959-2] PAM vulnerability 2010-10-25 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-959-2 October 25, 2010 pam vulnerability CVE-2010-0832 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory al [ more ] [ reply ] How Visual Studio Makes Your Applications Vulnerable to Binary Planting 2010-10-25 ACROS Security Lists (lists acros si) Microsoft Visual Studio can automatically make an application binary planting-positive (i.e., vulnerable) even when the developer makes no programming errors. Every MFC application seems to be automatically made vulnerable, with those statically linking MFC libraries actually having the vulnerable c [ more ] [ reply ] Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003---> 2010-10-25 robi ecn org Aardvark Topsite XSS vulnerability 2010-10-24 Yam Mesicka (yammesicka gmail com) Hi, I found XSS on Aardvark Topsites PHP system. Dork: "Powered by Aardvark Topsites" "SQL Queries" XSS PoC: site_path/index.php?a=search&q=%22%20onmouseover%3dalert(String.fromChar Code(88,83,83))%20par%3d%22 Can use POST to effect the "email", "title", "u" and "url" parameters either on the same w [ more ] [ reply ] The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads. 2010-10-22 Tavis Ormandy (taviso cmpxchg8b com) The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------ ------- CzeÅ?Ä?, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257 f [ more ] [ reply ] [USN-1009-1] GNU C Library vulnerabilities 2010-10-23 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-1009-1 October 22, 2010 glibc, eglibc vulnerabilities CVE-2010-3847, CVE-2010-3856 =========================================================== A security issue affects the following Ubuntu releases: Ubu [ more ] [ reply ] Vulnerabilities in W-Agora 2010-10-22 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about Cross-Site Scripting and Local File Inclusion vulnerabilities in W-Agora. In addition to vulnerabilities in this system which I found and disclosed in 2006 (SecurityVulns ID: 6960). ------------------------- Affected products: ------------------------- Vu [ more ] [ reply ] IPv6 security myths 2010-10-24 Fernando Gont (fernando gont gmail com) Folks, I thought you might enjoy the slides of a talk about IPv6 security I gave last week at LACNOG (http://www.lacnog.org). The slides are available at: http://www.gont.com.ar/talks/lacnog2010/fgont-lacnog2010-ipv6-security.p df They are also available at the LACNOG 2010 web site (http://www.lacn [ more ] [ reply ] [USN-1008-3] libvirt update 2010-10-23 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1008-3 October 23, 2010 libvirt update https://launchpad.net/bugs/665182 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.04 [ more ] [ reply ] [SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation 2010-10-22 Florian Weimer (fw deneb enyo de) [security bulletin] HPSBMA02593 SSRT100237 rev.1 - HP Virtual Connect Enterprise Manager (VCEM) for Windows, Remote Arbitrary File Download 2010-10-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02550412 Version: 1 HPSBMA02593 SSRT100237 rev.1 - HP Virtual Connect Enterprise Manager (VCEM) for Windows, Remote Arbitrary File Download NOTICE: The information in this Security Bulletin shou [ more ] [ reply ] [USN-1008-2] Virtinst update 2010-10-22 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1008-2 October 21, 2010 virtinst update https://launchpad.net/bugs/655392 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.0 [ more ] [ reply ] [USN-1008-1] libvirt vulnerabilities 2010-10-22 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-1008-1 October 21, 2010 libvirt vulnerabilities CVE-2010-2237, CVE-2010-2238, CVE-2010-2239, CVE-2010-2242 =========================================================== A security issue affects the follow [ more ] [ reply ] Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass 2010-10-21 Mike Duncan (Mike Duncan noaa gov) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/20/2010 10:11 PM, Roberto Suggi Liverani wrote: <snip /> > > In Java SE 6 update 10, both the Java Web Start and Java Plug-In > technologies contain preliminary support for cross-domain policy > files, which specify how unsigned code may access [ more ] [ reply ] [security bulletin] HPSBMA02591 SSRT100299 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Privilege Escalation 2010-10-21 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02549477 Version: 1 HPSBMA02591 SSRT100299 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Privilege [ more ] [ reply ] SEC Consult SA-20101021-0 :: Multiple critical vulnerabilities in Sawmill log analysis software 2010-10-21 Johannes Greil (research sec-consult com) Pecio CMS XSS Vulnerability 2010-10-21 SecPod Research (research secpod com) Hi, SecPod Research Team has found a XSS vulnerability in Pecio CMS. Advisory details has been attached to this mail. Regards, SecPod Research Team http://www.secpod.com ######################################################################## ####### Pecio Content Management System (CMS) v2.0 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02563279
Version: 1
HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access
NOTICE: The infor
[ more ] [ reply ]