|
|
Prev week |
Colapse all |
Post message
ZDI-10-165: Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Vulnerability 2010-08-25 ZDI Disclosures (zdi-disclosures tippingpoint com) Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities 2010-08-25 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities Advisory ID: cisco-sa-20100825-cup Revision 1.0 For Public Release 2010 August 25 1600 UTC (GMT) +--------------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities 2010-08-25 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Advisory ID: cisco-sa-20100825-cucm Revision 1.0 For Public Release 2010 August 25 1600 UTC (GMT) +------------------------------------------------------ [ more ] [ reply ] Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll] 2010-08-24 glafkos astalavista com /* Exploit Title: Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll] Date: August 24, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: Latest Firefox v3.6.8 Tested on: Windows XP SP3 En Vulnerable extensions: .htm .html .jtx .mfp Greetz: Astalavista, OffSEC, Exploi [ more ] [ reply ] Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll) 2010-08-25 glafkos astalavista com /* Exploit Title: Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll) Date: August 24, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: Latest CS5 v3.0.0(376) Tested on: Windows 7 x64 Ultimate Vulnerable extensions: .adcp Greetz: Astalavista, OffSEC, Exploit-D [ more ] [ reply ] Re: Web Tool Announcement: ismymailsecure.com 2010-08-25 Holger Rabbach (hrabbach crossroad-networks com) Hi Kari, On 25/08/2010 11:30, Kari Hurtta wrote: > And because mail server name and email address does not need to be any > connection also checking of signature of certificate agaist CA does not > help much. It does not protect attack agaist MX records on DNS. true - so in an ideal world, we wou [ more ] [ reply ] GFI WebMonitor Admin UI Remote Script Code Injection 2010-08-25 Oliver Karow (oliver karow gmx de) GFI WebMonitor Admin UI Remote Script Code Injection ==================================================== Affected Products/Versions -------------------------- Product Name: GFI Webmonitor Version Number: 2009 Build Number: 20100324 Platform: Microsoft Windows Product/Company Information ------- [ more ] [ reply ] Re: Web Tool Announcement: ismymailsecure.com 2010-08-25 Kari Hurtta hurtta+bugtraq (at) leija.mh.fmi (dot) fi [email concealed] (hurtta+bugtraq leija mh fmi fi) Holger Rabbach <hrabbach (at) crossroad-networks (dot) com [email concealed]>: (Wed Aug 25 11:39:07 2010) [ Charset ISO-8859-1 converted... ] > Hi Kari, > > it does not - yet. This is actually what I'm working on at the moment. > However, since most MTAs at the moment don't do this kind of check, it > is not very useful. So th [ more ] [ reply ] Re: Web Tool Announcement: ismymailsecure.com 2010-08-25 Holger Rabbach (hrabbach crossroad-networks com) Hi Kari, it does not - yet. This is actually what I'm working on at the moment. However, since most MTAs at the moment don't do this kind of check, it is not very useful. So the tool currently only checks for encryption capabilities, it does *not* check for protection against MiTM attacks. The next [ more ] [ reply ] Re: Web Tool Announcement: ismymailsecure.com 2010-08-25 Kari Hurtta hurtta+bugtraq (at) leija.mh.fmi (dot) fi [email concealed] (hurtta+bugtraq leija mh fmi fi) Holger Rabbach <hrabbach (at) crossroad-networks (dot) com [email concealed]>: (Wed Aug 18 12:59:19 2010) [ Charset ISO-8859-1 converted... ] > Dear Bugtraq community, > > I am happy to announce the immediate availability of a web based email > security testing tool at http://www.ismymailsecure.com. The tool is an > end-user f [ more ] [ reply ] TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll) 2010-08-25 glafkos astalavista com /* Exploit Title: TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: Latest TeamViewer 5.0.8703 Tested on: Windows XP SP3 En Vulnerable extensions: .tvs .tvc Greetz: Astalavista, OffSEC, Exploit-DB */ [ more ] [ reply ] DLL hijacking on Linux 2010-08-24 Tim Brown (timb nth-dimension org uk) All, If you've seen the recent Microsoft advisory. I put together a nice post on a similar DLL hijacking issue that affects Linux (and other POSIX-alikes). You can read the full details on my blog (http://www.nth- dimension.org.uk/blog.php?id=87) but the key point is that an empty directory sp [ more ] [ reply ] iDefense Security Advisory 08.24.10: Adobe Shockwave Player Memory Corruption Vulnerability 2010-08-24 iDefense Labs (labs-no-reply idefense com) iDefense Security Advisory 08.24.10 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 24, 2010 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plugin. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browsers [ more ] [ reply ] Nagios XI users.php SQL Injection 2010-08-24 Adam Baldwin (adam_baldwin ngenuity-is com) Nagios XI users.php SQL Injection Advisory Information Advisory ID: NGENUITY-2010-008 Date published: 8/24/2010 Vulnerability Information Class: SQL Injection (SQLi) Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Descriptio [ more ] [ reply ] ZDI-10-164: Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-164: Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-164 August 24, 2010 -- CVE ID: CVE-2010-2876 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products [ more ] [ reply ] ZDI-10-163: Adobe Shockwave Director tSAC Chunk Parsing Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-163: Adobe Shockwave Director tSAC Chunk Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-163 August 24, 2010 -- CVE ID: CVE-2010-2874 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave P [ more ] [ reply ] ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-162 August 24, 2010 -- CVE ID: CVE-2010-2873 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player - [ more ] [ reply ] ZDI-10-161: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-161: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-161 August 24, 2010 -- CVE ID: CVE-2010-2872 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player - [ more ] [ reply ] ZDI-10-160: Adobe Shockwave Player Director File FFFFFF45 Record Processing Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-160: Adobe Shockwave Player Director File FFFFFF45 Record Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-160 August 24, 2010 -- CVE ID: CVE-2010-2871 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Adobe -- Affected Product [ more ] [ reply ] TPTI-10-15: Adobe Shockwave Director mmap Trusted Chunk Size Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-10-15: Adobe Shockwave Director mmap Trusted Chunk Size Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-15 August 24, 2010 -- CVE ID: CVE-2010-2870 -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- Vulnerability Details: This vuln [ more ] [ reply ] TPTI-10-13: Adobe Shockwave Director tSAC Chunk Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-10-13: Adobe Shockwave Director tSAC Chunk Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-13 August 24, 2010 -- CVE ID: CVE-2010-2866 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- Vu [ more ] [ reply ] TPTI-10-12: Adobe Shockwave TextXtra Allocator Integer Overflow Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-10-12: Adobe Shockwave TextXtra Allocator Integer Overflow Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-12 August 24, 2010 -- CVE ID: CVE-2010-2879 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwav [ more ] [ reply ] TPTI-10-14: Adobe Shockwave Director rcsL Chunk Pointer Offset Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-10-14: Adobe Shockwave Director rcsL Chunk Pointer Offset Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-14 August 24, 2010 -- CVE ID: CVE-2010-2867 -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- Vulnerability Details: This vu [ more ] [ reply ] TPTI-10-10: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-10-10: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-10 August 24, 2010 -- CVE ID: CVE-2010-2878 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Sh [ more ] [ reply ] TPTI-10-11: Adobe Shockwave tSAC Chunk Pointer Offset Memory Corruption Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-10-11: Adobe Shockwave tSAC Chunk Pointer Offset Memory Corruption Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-11 August 24, 2010 -- CVE ID: CVE-2010-2874 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe [ more ] [ reply ] TPTI-10-09: Adobe Shockwave CSWV Chunk Memory Corruption Remote Code Execution Vulnerability 2010-08-24 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-10-09: Adobe Shockwave CSWV Chunk Memory Corruption Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-09 August 24, 2010 -- CVE ID: CVE-2010-2877 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Playe [ more ] [ reply ] [SECURITY] [DSA 2096-1] New zope-ldapuserfolder packages fix authentication bypass 2010-08-24 Sebastien Delafond (seb debian org) t2â?²10 Challenge to be released 2010-08-28 10:00 EEST 2010-08-24 Tomi Tuominen (tomi tuominen t2 fi) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Since the dawn of our species (well 2005, if you want to be picky about it) t2 has been granting free admission to the elite of their kind, the winners of the t2 Challenges. Donâ??t be suckered in by all the cheap imitations out there, their snooze [ more ] [ reply ] WinAppDbg 1.4 is out! 2010-08-24 Mario Vilas (mvilas gmail com) What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threa [ more ] [ reply ] |
|
Privacy Statement |
http://www.zerodayinitiative.com/advisories/ZDI-10-165
August 25, 2010
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Trend Micro
-- Affected Products:
Trend Micro Internet Se
[ more ] [ reply ]