|
|
Colapse all |
Post message
[SECURITY] [DSA 1778-1] New mahara packages fix cross-site scripting 2009-04-22 Nico Golde (nion debian org) FreeBSD Security Advisory FreeBSD-SA-09:07.libc 2009-04-22 FreeBSD Security Advisories (security-advisories freebsd org) [Tool] sqlmap 0.7rc1 released 2009-04-22 Bernardo Damele A. G. (bernardo damele gmail com) Hi, I am glad to release sqlmap version 0.7rc1. WARNING: This release is a candidate, it only works on Linux so please do not complain that it does not work on your Windows or Mac OS X systems. Introduction ============ sqlmap is an open source command-line automatic SQL injection tool. Its goal [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-09:08.openssl 2009-04-22 FreeBSD Security Advisories (security-advisories freebsd org) [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities 2009-04-22 Bkis (svrt bkav com vn) 010 Editor Multiple Buffer Overflow Vulnerabilities 1. General Information 010 Editor is a text editor and hex editor, with a lot of functions as view and edit binary files, analyze and edit binary data, import and export binary data in many different formats. Bkis has just found many vulnerabi [ more ] [ reply ] Re: [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities 2009-04-22 Tavis Ormandy (taviso sdf lonestar org) Bkis <svrt (at) bkav.com (dot) vn [email concealed]> wrote: > Bkis has just found many vulnerabilities in the software, related to the > processing of 010 Editor Binary Template files (?.bt?) and 010 Editor > Script Files (?.1sc?). These vulnerabilities are very dangerous due to the > fact that they allow hackers to execute mal [ more ] [ reply ] SAP Cfolders Multiple Stored XSS Vulnerabilies 2009-04-21 Digital Security Research Group [DSecRG] (research dsecrg com) SAP Cfolders Multiple Linked XSS Vulnerabilities 2009-04-21 Digital Security Research Group [DSecRG] (research dsecrg com) CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator 2009-04-21 CORE Security Technologies Advisories (advisories coresecurity com) MixedCMS 1.0--Multiple Remote Vulnerabilities--> 2009-04-21 y3nh4ck3r gmail com ---------------------------------------------------- MULTIPLE REMOTE VULNERABILITIES Mixed CMS 1.0 ---------------------------------------------------- CMS INFORMATION: -->WEB: http://sourceforge.net/projects/mixedcms/ -->DOWNLOAD: http://sourceforge.net/projects/mixedcms/ -->DEMO: N/A -->C [ more ] [ reply ] Python winappdbg module v1.0 is out! 2009-04-21 Mario Alejandro Vilas Jerez (mvilas gmail com) What is winappdbg? ================== The winappdbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threa [ more ] [ reply ] Trend Micro OfficeScan Client - DOS 2009-04-21 jplopezy gmail com (1 replies) Application: Trend Micro OfficeScan Client for Windows 8.0 sp1 OS: Windows XP ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description OfficeScan is a good antivirus that use [ more ] [ reply ] [SECURITY] [DSA 1777-1] New git-core packages fix privilege escalation 2009-04-21 Thijs Kinkhorst (thijs debian org) CVE-2009-0991 PoC 2009-04-20 Dennis Yurichev (dennis conus info) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. Oracle RDBMS CPUapr2009 came out. http://www.oracle.com/technology/deploy/security/critical-patch-updates/ cpuapr2009.html CVE-2009-0991 Listener vulnerability was discovered by me, and here is attached PoC for it (Python code). - -- My PGP public [ more ] [ reply ] [USN-763-1] xine-lib vulnerabilities 2009-04-20 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-763-1 April 20, 2009 xine-lib vulnerabilities CVE-2009-0698, CVE-2009-1274 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6 [ more ] [ reply ] [SECURITY] [DSA 1776-1] New slurm-llnl packages fix privilege escalation 2009-04-21 Thijs Kinkhorst (thijs debian org) [USN-762-1] APT vulnerabilities 2009-04-20 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-762-1 April 20, 2009 apt vulnerabilities CVE-2009-1300, https://launchpad.net/bugs/356012 =========================================================== A security issue affects the following Ubuntu rele [ more ] [ reply ] [USN-761-1] PHP vulnerabilities 2009-04-20 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-761-1 April 20, 2009 php5 vulnerabilities CVE-2008-5814, CVE-2009-0754, CVE-2009-1271 =========================================================== A security issue affects the following Ubuntu releases [ more ] [ reply ] Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) 2009-04-20 mcyr2 csc com (1 replies) Remote: Yes Local: No Credit: Mike Cyr, aka h00die Vulnerable: NASU2FW41 Loader 1.17 Not Vulnerable: Discussion: Addonics NAS Adapter Post-Auth DoS Addonics NAS Adapter is prone to several post authentication buffer overflows. Each of these buffer overflows will crash the entire TCP/IP [ more ] [ reply ] Re: Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) 2009-04-20 Jeremy Brown (0xjbrown41 gmail com) [security bulletin] HPSBMA02422 SSRT080146 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access 2009-04-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01707538 Version: 1 HPSBMA02422 SSRT080146 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access NOTICE: The information in [ more ] [ reply ] [security bulletin] HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges 2009-04-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01633084 Version: 1 HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges NOTICE: The information in this Security Bul [ more ] [ reply ] Addendum :[TZO-09-2009] Avast bypass / evasion (Limited details) 2009-04-20 Thierry Zoller (Thierry Zoller lu) URL: http://blog.zoller.lu/2009/04/release-mode-forced-release-vendor-has.htm l Update : After the reaction from avast, it is now clear that all versions and products are affected, however there is no plan to patch, the patch will come or will not come - sometime in the future. You are encour [ more ] [ reply ] Windows Update (re-)installs outdated Flash ActiveX on Windows XP 2009-04-20 Stefan Kanthak (stefan kanthak nexgo de) (1 replies) Windows Update (as well as Microsoft Update and the Automatic Update) installs an outdated (and from its manufacturer unsupported) Flash Player ActiveX control on Windows XP. Although this fact is nothing really new it but shows the lack of taking care for security problems and in general the chuz [ more ] [ reply ] Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP 2009-04-22 Vladimir '3APA3A' Dubrovin (3APA3A SECURITY NNOV RU) (1 replies) Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP 2009-04-22 Andrew Kuriger (a kuriger liquidphlux com) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA-1778-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Nico Golde
April 22nd, 2009
[ more ] [ reply ]