|
|
Prev week |
Colapse all |
Post message
[SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities 2010-08-31 Moritz Muehlenhoff (jmm debian org) KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) 2010-08-31 YGN Ethical Hacker Group (lists yehg net) 1. OVERVIEW The KeePass application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION KeePass Password Safe is a free [ more ] [ reply ] ApPHP Calendar XSS - CSRF 2010-08-31 edgard chammas balamand edu lb ############################################################## # Vendor: ApPHP # Affected versions: All # Script: ApPHP Calendar # URL: http://www.apphp.com/php-calendar/index.php # Vulnerability type: XSS - CSRF # Risk rating: Medium ############################################################## # [ more ] [ reply ] ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability 2010-08-31 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-168 August 31, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Custom [ more ] [ reply ] Tortoise SVN DLL Hijacking Vulnerability 2010-08-31 nikhil_uitrgpv yahoo co in 1. Overview Tortoise SVN is vulnerable to Windows DLL Hijacking Vulnerability. Version 1.6.10, Build 19898 (latest available on 30th August 2010 was tested) is vulnerable. 2. Vulnerability Description Tortoise SVN passes insufficiently qualified path for the dll "dwmapi.dll" while opening a file us [ more ] [ reply ] [security bulletin] HPSBMA02571 SSRT100034 rev.1 - HP Insight Diagnostics Online Edition, Remote Cross Site Scripting (XSS) 2010-08-31 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02492472 Version: 1 HPSBMA02571 SSRT100034 rev.1 - HP Insight Diagnostics Online Edition, Remote Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon [ more ] [ reply ] django in combination with mod wsgi on apache on default debian and ubuntu installations does not place any bounds on the maximum size of a file upload 2010-08-31 dave b (db pub mail gmail com) Summary: In the default setup of wsgi, apache and django (at least on ubuntu and debian) by default there are no limits on the size of a file that an attacker can upload. http://cwe.mitre.org/top25/#CWE-770 and see example 2 at http://cwe.mitre.org/data/definitions/770.html Vendor response: " If yo [ more ] [ reply ] [USN-981-1] libwww-perl vulnerability 2010-08-31 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-981-1 August 31, 2010 libwww-perl vulnerability CVE-2010-2253 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu [ more ] [ reply ] [USN-980-1] bogofilter vulnerability 2010-08-31 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-980-1 August 31, 2010 bogofilter vulnerability CVE-2010-2494 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu [ more ] [ reply ] [security bulletin] HPSBMA01212 SSRT5998 rev.4 - HP System Management Homepage Running PHP, Remote Denial of Service (DoS), Cross Site Scripting (XSS), Execution of Arbitrary Code 2010-08-31 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01034748 Version: 4 HPSBMA01212 SSRT5998 rev.4 - HP System Management Homepage Running PHP, Remote Denial of Service (DoS), Cross Site Scripting (XSS), Execution of Arbitrary Code NOTICE: The in [ more ] [ reply ] [security bulletin] HPSBUX02552 SSRT100062 rev.1 - HP-UX running Software Distributor (sd), Local Privilege Increase, Unauthorized Access 2010-08-30 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02285980 Version: 1 HPSBUX02552 SSRT100062 rev.1 - HP-UX running Software Distributor (sd), Local Privilege Increase, Unauthorized Access NOTICE: The information in this Security Bulletin should [ more ] [ reply ] [SECURITY] [DSA 2100-1] New openssl packages fix double free 2010-08-30 Moritz Muehlenhoff (jmm debian org) Re: [Full-disclosure] QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll) 2010-08-30 security curmudgeon (jericho attrition org) : 1. OVERVIEW : : The QtWeb Browser application is vulnerable to Insecure DLL Hijacking : Vulnerability. Similar terms that describe this vulnerability have been : come up with Remote Binary Planting, and Insecure DLL : Loading/Injection/Hijacking/Preloading. : 3. VULNERABILITY DESCRIPTION : [ more ] [ reply ] {Lostmon - Groups} Safari for windows Invalid SGV text style Webkit.dll DoS 2010-08-30 Lostmon lords (lostmon gmail com) ################################################### Safari for windows Invalid SGV text style Webkit.dll DoS Vendor URL:www.apple.com Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-invalid- sgv-text.html Vendor notify :Yes exploit available :YES ##################################### [ more ] [ reply ] R7-0036: FCKEditor.NET File Upload Code Execution 2010-08-30 HD Moore (HD_Moore rapid7 com) R7-0036: FCKEditor.NET File Upload Code Execution August 30, 2010 -- Vulnerability Details: FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote [ more ] [ reply ] [0day] Apple QuickTime "_Marshaled_pUnk" backdoor param arbitrary code execution 2010-08-30 Reversemode (advisories reversemode com) _____________________________________ HTML Version http://www.reversemode.com/index.php?option=com_content&task=view&id=69& Itemid=1 ______________________________________ The scenario would be as follows: Victim prerequisites: * Internet Explorer. * XP,Vista,W7. * Apple Quicktime 7.x, 6.x ( 20 [ more ] [ reply ] [SECURITY] [DSA 2099-1] New OpenOffice.org packages fix arbitrary code execution 2010-08-30 joey infodrom org (Martin Schulze) Notepad++ version 5.7 Insecure DLL Hijacking Vulnerability 2010-08-28 YGN Ethical Hacker Group (lists yehg net) 1. OVERVIEW The Notepad++ application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION Based on the powerful editing [ more ] [ reply ] Maxthon Browser version 2.5.15.1000 Insecure DLL Hijacking Vulnerability (dwmapi.dll) 2010-08-28 YGN Ethical Hacker Group (lists yehg net) 1. OVERVIEW The Maxthon Browser application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION Maxthon Browser is a po [ more ] [ reply ] ekoparty Security Conference 2010 Announcements 2010-08-30 Federico Kirschbaum (fedek infobyte com ar) [ * ] ekoparty Security Conference and Trainings - 6th edition [ * ] http://www.ekoparty.org Trainings: September 13-15 / Conference: September 16-17, 2010 Ciudad Autonoma de Buenos Aires, Argentina [*] WHAT? ekoparty is a one-of-a-kind event in South America; an annual security conference he [ more ] [ reply ] QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll) 2010-08-28 YGN Ethical Hacker Group (lists yehg net) 1. OVERVIEW The QtWeb Browser application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION QtWeb Browser is a lightw [ more ] [ reply ] Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll) 2010-08-27 info securitylab ir ===================================================================== Founded By: Kamran Safaei Tabrizi(k4mr4n_st(at)yahoo(dot)com) Securitylab Security Research Team Website: http://www.securitylab.ir Special Thanks: Mazo shinozuki, BangoDragon ====================================================== [ more ] [ reply ] Re: SQL injection vulnerability in TCMS 2010-08-28 security curmudgeon (jericho attrition org) : Vulnerability ID: HTB22576 : Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_2.ht ml : Vulnerability ID: HTB22571 : Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms.html Aside switching from GET to a POST request, what is the differenc [ more ] [ reply ] Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability 2010-08-28 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability Advisory ID: cisco-sa-20100827-bgp Revision 1.0 For Public Release 2010 August 27 2200 UTC (GMT) +------------------------------------------------------------------ [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0013
Synopsis: VMware ESX third party updates for Service Console
Issue date: 2010-08-31
[ more ] [ reply ]