|
|
Prev week |
Colapse all |
Post message
[SECURITY] [DSA-2104-1] New quagga packages fix denial of service 2010-09-06 Florian Weimer (fw deneb enyo de) Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities 2010-09-05 sattler solidmedia de # Exploit Title: Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities # Date: 05.09.2010 # Author: Stephan Sattler // Solidmedia # Software Link: http://www.joomla-clantools.de/downloads/doc_download/7-clantools-123.ht ml # Version: 1.2.3 [ Vulnerability 1 ] [ more ] [ reply ] [TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf 2010-09-07 Laurent OUDOT at TEHTRI-Security (laurent oudot tehtri-security com) Gents, We wanted to let you know that TEHTRI-Security will release many 0days and offensive technologies during a new training called : - "Hunting Web Attackers" It will be proposed during HackInTheBox SecConf Malaysia 2010 in October, in Kuala Lumpur. The 0days will be disclosed under a NDA [ more ] [ reply ] Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) 2010-09-07 YGN Ethical Hacker Group (lists yehg net) XSS in Horde Application Framework <=3.3.8, icon_browser.php 2010-09-06 Moritz Naumann (security moritz-naumann com) Hi, Horde Application Framework v3.3.8 and lower are subject to a cross site scripting (XSS) vulnerability. The icon_browser.php script fails to properly sanitize user supplied input to the 'subdir' URL parameter before printing it out as part of a HTML formatted error message. The following URL [ more ] [ reply ] chillyCMS Multiple Vulnerabilities 2010-09-05 admin bugreport ir ##########################www.BugReport.ir############################## ########## # # AmnPardaz Security Research Team # # Title: chillyCMS Multiple Vulnerabilities # Vendor: http://frozenpepper.de/ # Vulnerable Version: 1.1.3 (Latest version till now) # Exploitation: Remote with browser [ more ] [ reply ] Microsoft Internet explorer 8 DLL Hijacking (IESHIMS.DLL) 2010-09-04 YGN Ethical Hacker Group (lists yehg net) I found this Microsoft Internet explorer 8 DLL Hijacking at Inject0r db http://inj3ct0r.com/exploits/13898 This one is a similar variant of IE 7 http://www.exploit-db.com/exploits/2929/ It can be triggered only if attackers can put a IESHIMS.DLL file in user's desktop. However, there are some [ more ] [ reply ] Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation? 2010-09-03 steve povolny hp com There's not a lot in the way of information about IIS settings required to exploit this. What I've gleaned so far is IIS 5.1, and a request to a directory using the :$i30:$INDEX_ALLOCATION in the request...Can't seem to replicate this though. Are there any other settings that you are aware of for [ more ] [ reply ] nullcon Goa dwitiya (2.0) Call For Papers 2010-09-01 nullcon (nullcon nullcon net) nullcon Dwitiya (2.0) The Jugaad(hacking) Conference nullcon is an initiative by null - The open security community. Website: http://nullcon.net Calling all Jugaadus(hackers) It's the time of the year when we welcome research done by the community as paper submissions for nullcon. So, sip your co [ more ] [ reply ] Rooted CON 2011 - Call for Papers 2010-09-01 Román Ramírez (rramirez rootedcon es) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rooted CON 2011 - Call for Papers - -=] About Rooted CON Rooted CON is a security congress which will be held in Madrid (Spain) from 3 to 5 March 2011, whose spectrum of participants ranging from students to state forces and secret services, through [ more ] [ reply ] [SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution 2010-09-03 Sebastien Delafond (seb debian org) VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249) 2010-09-03 VUPEN Security Research (advisories vupen com) VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web fas [ more ] [ reply ] [security bulletin] HPSBMA02572 SSRT100082 rev.1 - HP Operations Agent Running on Windows, Local Elevation of Privileges and Remote Execution of Arbitrary Code 2010-09-02 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02497800 Version: 1 HPSBMA02572 SSRT100082 rev.1 - HP Operations Agent Running on Windows, Local Elevation of Privileges and Remote Execution of Arbitrary Code NOTICE: The information in this Se [ more ] [ reply ] [ GLSA 201009-01 ] wxGTK: User-assisted execution of arbitrary code 2010-09-02 Alex Legler (a3li gentoo org) Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll) 2010-09-02 YGN Ethical Hacker Group (lists yehg net) 1. OVERVIEW The Moovida Media Player application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, Unsafe Library Loading, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIP [ more ] [ reply ] Vulnerabilities in CMS WebManager-Pro 2010-09-02 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about SQL Injection and Redirector (URL Redirector Abuse) vulnerabilities in CMS WebManager-Pro (SecurityVulns ID:11108). It's Ukrainian commercial CMS. SQL Injection: http://site/c.php?id=1%20and%20version()=5 Redirector: http://site/c.php?id=1&url=http://webs [ more ] [ reply ] {PRL} Novell Netware OpenSSH Remote Stack Overflow 2010-09-02 Francis Provencher (francisprovencher protekresearchlab com) ######################################################################## ############# Application: Novell Netware OpenSSH Remote Stack Overflow Platforms: Netware 6.5 Exploitation: Remote code execution CVE Number: Novell TID: 7006756 ZeroDayInitiative: ZDI-10-169 Author: Francis Pro [ more ] [ reply ] [USN-982-1] Wget vulnerability 2010-09-02 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-982-1 September 02, 2010 wget vulnerability CVE-2010-2252 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 L [ more ] [ reply ] XSS vulnerability in ArtGK CMS 2010-09-01 advisory htbridge ch Vulnerability ID: HTB22588 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_artgk_cms_1.html Product: ArtGK CMS Vendor: ArtGK ( http://artgk-cms.ru/ ) Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions Vendor Notification: 18 August 2010 Vulnerability Type: XSS (Cro [ more ] [ reply ] Online Binary Planting Exposure Test 2010-09-01 ACROS Lists (lists acros si) ACROS Security has made the Online Binary Planting Exposure Test publicly accessible for the benefit of all Windows users. This test should make it easy for users and administrators to assess their exposure to binary planting attacks originating from the Internet. URL: http://www.binaryplanting.co [ more ] [ reply ] XSS vulnerability in Rumba CMS 2010-09-01 advisory htbridge ch Vulnerability ID: HTB22592 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_rumba_cms_1.html Product: Rumba CMS Vendor: Rumba Netware Ltd. ( http://rumbacms.com ) Vulnerable Version: 2.4 and Probably Prior Versions Vendor Notification: 18 August 2010 Vulnerability Type: Stored XSS ( [ more ] [ reply ] XSS vulnerability in Amiro.CMS FAQ 2010-09-01 advisory htbridge ch Vulnerability ID: HTB22590 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_amiro_cms_1.html Product: Amiro.CMS Vendor: Amiro ( http://www.amiro.ru/ ) Vulnerable Version: 5.8.4.0 and Probably Prior Versions Vendor Notification: 18 August 2010 Vulnerability Type: Stored XSS (Cross Si [ more ] [ reply ] XSS vulnerability in ArtGK CMS forum 2010-09-01 advisory htbridge ch Vulnerability ID: HTB22587 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_artgk_cms.html Product: ArtGK CMS Vendor: ArtGK ( http://artgk-cms.ru/ ) Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions Vendor Notification: 18 August 2010 Vulnerability Type: XSS (Cross [ more ] [ reply ] XSS vulnerability in Rumba CMS tags 2010-09-01 advisory htbridge ch Vulnerability ID: HTB22591 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_rumba_cms.html Product: Rumba CMS Vendor: Rumba Netware Ltd. ( http://rumbacms.com ) Vulnerable Version: 2.4 and Probably Prior Versions Vendor Notification: 18 August 2010 Vulnerability Type: Stored XSS (Cr [ more ] [ reply ] VMSA-2010-0013 VMware ESX third party updates for Service Console 2010-09-01 VMware Security Team (security vmware com) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2104-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
September 06, 2010
[ more ] [ reply ]