SecurityFocus

The Smarter Safer Better Seminar Series 2010-08-27
Pete Herzog (lists isecom org)

ISECOM presents Smarter Safer Better!
http://www.isecom.org/seminars

The failure to figure out correctly who to trust, what is safe, and
how we are secure is how people get manipulated, cheated, scammed, and
stolen from all the time in so many ways. This doesn't just come from
thieves and hacker

[ more ] [ reply ]

[ MDVSA-2010:163 ] phpmyadmin 2010-08-30
security mandriva com

[SECURITY] [DSA 2098-1] New typo3-src packages fix several vulnerabilities 2010-08-29
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2098-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
August 29, 2010

[ more ] [ reply ]

[SECURITY] [DSA 2097-1] New phpmyadmin packages fix several vulnerabilities 2010-08-29
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-2097-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
August 29, 2010

[ more ] [ reply ]

Flash Player 9 DLL Hijacking Exploit (schannel.dll) 2010-08-27
info securitylab ir

=======================================================

Flash player 9.exe DLL Hijacking Exploit (schannel.dll)

=======================================================

Founded By: Securitylab.ir (Kamran Safaei Tabrizi)

=======================================================

include "stdafx.h"

[ more ] [ reply ]

wp-10-0001: Multiple Browser Wildcard Cerficate Validation Weakness 2010-08-27
Richard Moore (rich westpoint ltd uk)

Westpoint Security Advisory
---------------------------

Title: Multiple Browser Wildcard Cerficate Validation Weakness
Risk Rating: Low
Author: Richard Moore <rich (at) westpoint.ltd (dot) uk [email concealed]>
Test Cases: Simon Ward <simon (at) westpoint.ltd (dot) uk [email concealed]>
Date: 14 July 2010
Advisory ID#: wp-10-0001
U

[ more ] [ reply ]

[USN-979-1] okular vulnerability 2010-08-27
Steve Beattie (sbeattie ubuntu com)

===========================================================
Ubuntu Security Notice USN-979-1 August 27, 2010
kdegraphics vulnerability
CVE-2010-2575
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.1

[ more ] [ reply ]

[USN-974-2] Linux kernel regression 2010-08-26
Jamie Strandboge (jamie canonical com)

===========================================================
Ubuntu Security Notice USN-974-2 August 26, 2010
linux regression
https://launchpad.net/bugs/620994
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04

[ more ] [ reply ]

BugTracker.net 3.4.3 SQL Injection 2010-08-26
Mark van Tilburg (markvantilburg gmail com)

BugTracker.net 3.4.3 SQL Injection

Name BugTracker.NET
Vendor http://www.ifdefined.com/www/
Versions Affected < 3.4.4 (when custom fields are used)

Author Mark van Tilburg
Website http://markvt.info
Contact markvantilburg [at] gmail [dot

[ more ] [ reply ]

ZDI-10-167: RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities 2010-08-26
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-10-167: RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-10-167
August 26, 2010

-- CVE ID:
CVE-2010-3000

-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

-- Affected Vendors:
RealNetworks

-- Affected Products:
RealNetworks

[ more ] [ reply ]

ZDI-10-166: RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability 2010-08-26
ZDI Disclosures (zdi-disclosures tippingpoint com)

ZDI-10-166: RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-166
August 26, 2010

-- CVE ID:
CVE-2010-2996

-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

-- Affected Vendors:
RealNetworks

-- Affected Products:
RealNetwor

[ more ] [ reply ]

BlastChat Chat Client Component version 3.3 <= Cross Script Scripting (XSS) Vulnerability 2010-08-25
YGN Ethical Hacker Group (lists yehg net)

========================================================================
==================
BlastChat Chat Client Component version 3.3 <= Cross Script Scripting
(XSS) Vulnerability
========================================================================
==================

1. OVERVIEW

The BlastCha

[ more ] [ reply ]

Joomla! Component com_bc Cross Script Scripting (XSS) Vulnerability 2010-08-25
YGN Ethical Hacker Group (lists yehg net)

=====================================================================
Joomla! Component com_bc Cross Script Scripting (XSS) Vulnerability
=====================================================================

1. OVERVIEW

The Joomla! Component com_bc was vulnerable to Cross Script Scripting
(XSS)

[ more ] [ reply ]

[HITB-Announce] HITB2010 SIGNINT Sessions 2010-08-26
Hafez Kamal (aphesz hackinthebox org)

Hack In The Box is proud to announce, a brand new lightning session
called HITB SIGINT (Signal Intelligence/Interrupt)! HITB SIGINT
sessions are designed to provide a quick 15 minute overview for
material and research that's up and coming - stuff that isn't quite
ready for the mainstream tracks of t

[ more ] [ reply ]

SQL injection vulnerability in CompuCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22585
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_compucms_
2.html
Product: CompuCMS
Vendor: CompuSoft A/S ( http://www.compusoft.dk/ )
Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulner

[ more ] [ reply ]

SQL injection vulnerability in CompuCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22582
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_compucms.
html
Product: CompuCMS
Vendor: CompuSoft A/S ( http://www.compusoft.dk/ )
Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerab

[ more ] [ reply ]

File Content Disclosure in TCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22579
Reference: http://www.htbridge.ch/advisory/file_content_disclosure_in_tcms.html
Product: TCMS
Vendor: Target CMS ( http://targetcms.com/ )
Vulnerable Version: 100728 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: File Content Disclosu

[ more ] [ reply ]

SQL injection vulnerability in TCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22578
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_4.ht
ml
Product: TCMS
Vendor: Target CMS ( http://targetcms.com/ )
Vulnerable Version: 100728 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: SQL Injection
S

[ more ] [ reply ]

SQL injection vulnerability in TCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22577
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_3.ht
ml
Product: TCMS
Vendor: Target CMS ( http://targetcms.com/ )
Vulnerable Version: 100728 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: SQL Injection
S

[ more ] [ reply ]

SQL injection vulnerability in TCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22576
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_2.ht
ml
Product: TCMS
Vendor: Target CMS ( http://targetcms.com/ )
Vulnerable Version: 100728 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: SQL Injection
S

[ more ] [ reply ]

XSS vulnerability in CompuCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22583
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_compucms_2.html
Product: CompuCMS
Vendor: CompuSoft A/S ( http://www.compusoft.dk/ )
Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability

[ more ] [ reply ]

XSS vulnerability in CompuCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22581
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_compucms_1.html
Product: CompuCMS
Vendor: CompuSoft A/S ( http://www.compusoft.dk/ )
Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability

[ more ] [ reply ]

SQL injection vulnerability in CompuCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22580
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_compucms_
1.html
Product: CompuCMS
Vendor: CompuSoft A/S ( http://www.compusoft.dk/ )
Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulner

[ more ] [ reply ]

Multiple vulnerabilities in eSitesBuilder 2010-08-25
MustLive (mustlive websecurity com ua)

Hello Bugtraq!

I want to warn you about multiple vulnerabilities in eSitesBuilder. After
previous vulnerabilities in eSitesBuilder (SecurityVulns ID:10940), which I
wrote earlier in June, there are Insufficient Anti-automation, Cross-Site
Scripting, SQL Injection and Full path disclosure vulnerabil

[ more ] [ reply ]

Local File Inclusion in TCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22573
Reference: http://www.htbridge.ch/advisory/local_file_inclusion_in_tcms.html
Product: TCMS
Vendor: Target CMS ( http://targetcms.com/ )
Vulnerable Version: 100728 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: Local File Inclusion
Sta

[ more ] [ reply ]

XSS vulnerability in TCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22574
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_tcms.html
Product: TCMS
Vendor: Target CMS ( http://targetcms.com/ )
Vulnerable Version: 100728 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: XSS (Cross Site Scripting)

[ more ] [ reply ]

SQL injection vulnerability in TCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22572
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_1.ht
ml
Product: TCMS
Vendor: Target CMS ( http://targetcms.com/ )
Vulnerable Version: 100728 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: SQL Injection
S

[ more ] [ reply ]

SQL injection vulnerability in TCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22571
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms.html

Product: TCMS
Vendor: Target CMS ( http://targetcms.com/ )
Vulnerable Version: 100728 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: SQL Injection
Sta

[ more ] [ reply ]

XSS vulnerability in TCMS 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22575
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_tcms_1.html
Product: TCMS
Vendor: Target CMS ( http://targetcms.com/ )
Vulnerable Version: 100728 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: Stored XSS (Cross Site Sc

[ more ] [ reply ]

XSS vulnerability in Webmatic 2010-08-26
advisory htbridge ch

Vulnerability ID: HTB22569
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webmatic_1.html
Product: Webmatic
Vendor: Valarsoft ( http://www.valarsoft.com/ )
Vulnerable Version: 3.0.5 and Probably Prior Versions
Vendor Notification: 09 August 2010
Vulnerability Type: Stored XSS (Cro

[ more ] [ reply ]