SecurityFocus

[SECURITY] [DSA 2107-1] New couchdb package fixes arbitrary code execution 2010-09-09
Sebastien Delafond (seb debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------

Debian Security Advisory DSA-2107-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ SÃ©bastien Delafond
Sep 9, 2010

[ more ] [ reply ]

[security bulletin] HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local 2010-09-09
security-alert hp com

Denial of Service (DoS), Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02067559
Version: 1

HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local

[ more ] [ reply ]

[USN-975-1] Firefox and Xulrunner vulnerabilities 2010-09-08
Jamie Strandboge (jamie canonical com)

===========================================================
Ubuntu Security Notice USN-975-1 September 08, 2010
firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities
CVE-2010-2760, CVE-2010-2762, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-20

[ more ] [ reply ]

Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability. 2010-09-08
Fyodor (fyodor insecure org)

On Sun, Sep 05, 2010 at 07:27:53AM -0600, nikhil_uitrgpv (at) yahoo.co (dot) in [email concealed] wrote:
> 1. Overview
> nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.

Nmap is not vulnerable. DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and

[ more ] [ reply ]

ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing. 2010-09-08
Security_Alert emc com

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP

spoofing.

EMC Identifier: ESA-2010-015

CVE Identifier: CVE-2010-2860

Severity Rating: CVSS v2 Base Score: 8.3 (AV:A/AC:L/Au:N/C:C/I:C/A:C)

Affected products:

[ more ] [ reply ]

[USN-985-1] mountall vulnerability 2010-09-08
Kees Cook (kees ubuntu com)

===========================================================
Ubuntu Security Notice USN-985-1 September 08, 2010
mountall vulnerability
CVE-2010-2961
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This ad

[ more ] [ reply ]

ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSA® Access Manager Agent when working with RSA® Adaptive Authentication. 2010-09-08
Security_Alert emc com

ESA-2010-014: RSA, The Security Division of EMC, releases security hot fixes for potential vulnerability in RSA® Access Manager Server under certain conditions. 2010-09-08
Security_Alert emc com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2010-014: RSA, The Security Division of EMC, releases security hot fixes for potential vulnerability in RSA® Access Manager Server under certain conditions.

Security Advisory

Updated August 31, 2010

Summary:

RSA Access Manager Server contains

[ more ] [ reply ]

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers 2010-09-08
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[ GLSA 201009-06 ] Clam AntiVirus: Multiple vulnerabilities 2010-09-07
Tobias Heinlein (keytoaster gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201009-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

etax 2010 failure to validate remote ssl certificate properly 2010-09-07
dave b (db pub mail gmail com)

etax 2010[0]

1.fails to properly check the remote https server has a valid
certificate for the host it claims to be from.
Test case:
edit the hosts file like this:
IP_OF_HTTPS_SERVER_HERE etaxservices10.etax.ato.gov.au

e.g. 203.0.178.114
(note: you need a certificate for _any_ domain signed by a C

[ more ] [ reply ]

[security bulletin] HPSBMA02574 SSRT100038 rev.1 - HP ProLiant G6 Lights-Out 100, Remote Management, Denial of Service (DoS) 2010-09-07
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02498412
Version: 1

HPSBMA02574 SSRT100038 rev.1 - HP ProLiant G6 Lights-Out 100, Remote Management, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upo

[ more ] [ reply ]

[ GLSA 201009-05 ] Adobe Reader: Multiple vulnerabilities 2010-09-07
Stefan Behte (craig gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201009-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability 2010-09-07
sattler solidmedia de

# Exploit Title: Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability
# Date: 07.09.2010
# Author: Stephan Sattler // www.solidmedia.de
# Software Link: http://sourceforge.net/projects/aardvertiser/files/com_aardvertiser%20V2
.1.1%20Free/com_aardvertiserfree.zip/download
# Version

[ more ] [ reply ]

Re: etax 2010 failure to validate remote ssl certificate properly 2010-09-07
dave b (db pub mail gmail com)

On 8 September 2010 05:09, dave b <db.pub.mail (at) gmail (dot) com [email concealed]> wrote:
> etax 2010[0]

Minor edit :)
"> (note: you need a certificate for _any_ domain signed by a CA"
should be:
"> (note: you need a certificate for a domain that has been signed by
a signed by a CA installed on the client pc"
i.e. a certif

[ more ] [ reply ]

[SECURITY] [DSA 2098-2] New typo3-src packages fix regression 2010-09-07
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2098-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
September 7, 2010

[ more ] [ reply ]

[ GLSA 201009-04 ] SARG: User-assisted execution of arbitrary code 2010-09-07
Stefan Behte (craig gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201009-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities 2010-09-07
Giuseppe Iuculano (iuculano debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2105-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
September 07, 2010

[ more ] [ reply ]

[USN-984-1] LFTP vulnerability 2010-09-07
Marc Deslauriers (marc deslauriers canonical com)

===========================================================
Ubuntu Security Notice USN-984-1 September 07, 2010
lftp vulnerability
CVE-2010-2251
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
U

[ more ] [ reply ]

Recent developments in FireWire Attacks 2010-09-07
Freddie Witherden (freddie witherden org)

Hello,

The security vulnerabilities associated with open FireWire ports are
nothing new, having been covered extensively by Maximilian Dornseif
(2004 and 2005) and more recently by Adam Boileau (2006 and 2008).
Unfortunately the tools released as part of these disclosures (pyfw,
pythonraw1394 and w

[ more ] [ reply ]

Call for Participation - GameSec 2010 - Berlin, Germany 2010-09-07
Albert Levi (levi sabanciuniv edu)

CALL FOR PARTICIPATION

GameSec 2010 - Conference on Decision and Game Theory for Security
22-23 November 2010, Berlin, Germany

www.gamesec-conf.org

***
Keynote Speakers:
Prof. Nick Bambos (Stanford Univ.) and Prof. Silvio Micali (MIT).

A list of accepted papers and conference program are
availab

[ more ] [ reply ]

[ MDVSA-2010:171 ] lvm2 2010-09-06
security mandriva com

[SECURITY] [DSA-2103-1] New smbind packages fix sql injection 2010-09-05
Giuseppe Iuculano (iuculano debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2103-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
September 05, 2010

[ more ] [ reply ]

The Zed Attack Proxy (ZAP) version 1.0.0 2010-09-06
psiinon (psiinon gmail com)

Hello,

I'd like to announce the first release of the Zed Attack Proxy (ZAP) -
https://code.google.com/p/zaproxy/ - a penetration test tool designed
to be used to make web applications more secure.

Why has it been released?

There are many excellent pen test tools, but few of them are really
suitab

[ more ] [ reply ]

Security problems in Zenphoto version 1.3 2010-09-07
Bogdan Calin (bogdan acunetix com)

We are continuing with the list of security vulnerabilities found in a
number of web applications while testing our latest version of Acunetix
WVS v7 . In this blog post, we will look into the details of a number
of security problems discovered by Acunetix WVS in the popular web
gallery application

[ more ] [ reply ]

H2HC São Paulo - Capture the Captcha 2010-09-05
Rodrigo Rubira Branco (BSDaemon) (rodrigo kernelhacking com)

We would like to thank to our sponsors for making this game possible:
Bonsai for hosting the game and Tenable for providing the prize!

A Captcha is a type of challenge-response test used in computing to
ensure that the response is not generated by a computer. It is a
contrived acronym for "Comple

[ more ] [ reply ]

Call for Papers H2HC Cancun/Mexico and H2HC Sao Paulo/Brazil 2010-09-05
Rodrigo Rubira Branco (BSDaemon) (rodrigo kernelhacking com)

CALL FOR PAPERS - Hackers 2 Hackers Conference 7th edition

The call for papers for H2HC 7th edition is now open. H2HC is a hacker
conference taking place in Sao Paulo, Brazil, from 27 to 28 November
2010 and this year for the first time also in Cancun, on 3 of December 2010.

[ - Introduction - ]

[ more ] [ reply ]

nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability. 2010-09-05
nikhil_uitrgpv yahoo co in

1. Overview
nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.

2. Vulnerability Description
nmap passes insufficiently qualified path for the dll "airpcap.dll" while opening a file using nmap

Timeline
27-08-2010 - Discovered Vulnerability
31-08-2010 - Disclosed at nmap-dev mailing

[ more ] [ reply ]

[USN-983-1] Sudo vulnerability 2010-09-07
Jamie Strandboge (jamie canonical com)

===========================================================
Ubuntu Security Notice USN-983-1 September 07, 2010
sudo vulnerability
CVE-2010-2956
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS

[ more ] [ reply ]

Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability 2010-09-05
sattler solidmedia de

# Exploit Title: Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability

# Date: 05.09.2010

# Author: Stephan Sattler // Solidmedia

# Software Link: http://joomla-clantools.de/downloads/doc_download/26-clantools-v15-fuer-
joomla-15x.html

# Version: 1.5

[ Vulnerability 1 ]

[ more ] [ reply ]