SecurityFocus

[BMSA 2009-04] Remote DoS in Internet Explorer 2009-04-11
Nam Nguyen (namn bluemoon com vn)

BLUE MOON SECURITY ADVISORY 2009-04
===================================

:Title: Remote Denial of Service in Internet Explorer
:Severity: Moderate
:Reporter: Blue Moon Consulting
:Products: Internet Explorer 7 and 8
:Fixed in: --

Description
-----------

We could not find out the definitive descr

[ more ] [ reply ]

Opening Intranets to attack by using Internet Explorer [paper] 2009-04-07
Cesar (cesarc56 yahoo com)

Hi

Just released a new paper I guess it will be very interesting for list members.

http://nomoreroot.blogspot.com/2009/04/opening-intranets-to-attacks-by-u
sing.html

I will be glad to hear your feedback.

Enjoy.

Cesar.

[ more ] [ reply ]

VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability 2009-04-10
VMware Security Team (security vmware com)

[ GLSA 200904-12 ] Wicd: Information disclosure 2009-04-10
Tobias Heinlein (keytoaster gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200904-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ MDVSA-2009:090 ] php 2009-04-10
security mandriva com

[SECURITY] [DSA 1768-1] New openafs packages potential code execution 2009-04-10
Florian Weimer (fw deneb enyo de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1768-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
April 10, 2009

[ more ] [ reply ]

Summer Camp Garrotxa 2009 event 2009-04-08
Gerardo García Peña (gerardo kung-foo dhs org)

======================================================================
SUMMER CAMP GARROTXA 2009
======================================================================

---------- overview --------------------------------------------------

Another year again, here comes Summer Camp Garrotxa, where

[ more ] [ reply ]

Loggix Project 9.4.5 Blind SQL Injection 2009-04-10
Salvatore \drosophila\ Fresta (drosophilaxxx gmail com)

******* Salvatore "drosophila" Fresta *******

[+] Application: Loggix Project
[+] Version: 9.4.5
[+] Website: http://loggix.gotdns.org

[+] Bugs: [A] Blind SQL Injection

[+] Exploitation: Remote
[+] Date: 10 Apr 2009

[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "dros

[ more ] [ reply ]

PHP-agenda <= 2.2.5 Remote File Overwriting 2009-04-10
Salvatore \drosophila\ Fresta (drosophilaxxx gmail com)

******* Salvatore "drosophila" Fresta *******

[+] Application: PHP-agenda
[+] Version: <= 2.2.5
[+] Website: http://php-agenda.sourceforge.net

[+] Bugs: [A] Remote File Overwriting

[+] Exploitation: Remote
[+] Date: 10 Apr 2009

[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Sal

[ more ] [ reply ]

PHP 5.2.9 curl safe_mode & open_basedir bypass 2009-04-10
cxib securityreason com

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

[ PHP 5.2.9 curl safe_mode & open_basedir bypass ]

Author: Maksymilian Arciemowicz

http://SecurityReason.com

Date:

- - Dis.: 31.12.2008

- - Pub.: 10.04.2009

Original URL:

http://securityreason.com/achievement_securityalert/61

- --- 0.De

[ more ] [ reply ]

Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities 2009-04-09
Salvatore \drosophila\ Fresta (drosophilaxxx gmail com)

******* Salvatore "drosophila" Fresta *******

[+] Application: Dynamic Flash Forum
[+] Version: 1.0 Beta
[+] Website: http://df2.sourceforge.net/

[+] Bugs: [A] Information Disclosure
[B] Authentication Bypass
[C] Multiple SQL Injection

[+] Exploitation: Remote
[+] Date: 09

[ more ] [ reply ]

Bid 34130 Invalid 2009-04-10
vpandey gmail com

Its a non issue.

http://code.google.com/p/chromium/issues/detail?id=8863

[ more ] [ reply ]

[DSECRG-09-036] Chance-i Techno Vision Security System - Directory Traversal File Download 2009-04-10
DSecRG (research dsecrg com)

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-036

original advisory: http://dsecrg.com/pages/vul/DSECRG-09-036.html

Application: Chance-i DiViS DVR System web-server
Versions Affected: 2.0
Vendor URL: http://www.chance-i.com/
Bug:

[ more ] [ reply ]

[DSECRG-09-035] Chance-i DiViS DVR ActiveX - Heap Overflow 2009-04-10
DSecRG (research dsecrg com)

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-035

original advisory: http://dsecrg.com/pages/vul/DSECRG-09-035.html

Application: Chance-i DiViS-Web DVR System ActiveX control
Versions Affected: 3,0,0,7
Vendor URL: http://www.chance-i.c

[ more ] [ reply ]

Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3 2009-04-10
prabhup athisayampark com

FGT have not released MR7-Patch 6. The have released till Patch4 only.Some wrong information

[ more ] [ reply ]

[ MDVSA-2009:089 ] opensc 2009-04-10
security mandriva com

[SECURITY] [DSA 1754-1] New roundup packages fix privilege escalation 2009-04-09
Florian Weimer (fw deneb enyo de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1754-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
April 09, 2009

[ more ] [ reply ]

Reminder: RAID 2009 CFP 2009-04-09
Corrado Leita (corrado_leita symantec com)

(We apologize if you receive multiple copies of this message)

================================================================

CALL FOR PAPERS
RAID 2009

12th International Symposium on
Recent Advances in Intrusion Det

[ more ] [ reply ]

[ MDVSA-2009:088 ] wireshark 2009-04-09
security mandriva com

Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow 2009-04-09
Secunia Research (remove-vuln secunia com)

======================================================================

Secunia Research 09/04/2009

- Ghostscript jbig2dec JBIG2 Processing Buffer Overflow -

======================================================================
Table of Contents

Affected Software...

[ more ] [ reply ]

[security bulletin] HPSBMA02420 SSRT071458 rev.1 - HP ProCurve Manager and HP ProCurve Manager Plus, Remote Unauthorized Access to Data 2009-04-09
security-alert hp com

[SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service 2009-04-09
Nico Golde (nion debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA-1767-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Nico Golde
April 9th, 2009

[ more ] [ reply ]

[ GLSA 200904-10 ] Avahi: Denial of Service 2009-04-08
Robert Buchholz (rbu gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200904-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

IBM BladeCenter Advanced Management Module Multiple vulnerabilities 2009-04-09
Henri Lindberg - Smilehouse Oy (henri lindberg smilehouse com)

Louhi Networks Information Security Research
Security Advisory

Advisory: IBM BladeCenter Advanced Management Module
Multiple vulnerabilities
(XSS type 2 & 1, CSRF, Information Disclosure)
Release Date: 2009-04-09
Last Modified: 2009-0

[ more ] [ reply ]

[security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code 2009-04-09
security-alert hp com

[ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities 2009-04-08
Robert Buchholz (rbu gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200904-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit 2009-04-09
nospam gmail it

<?php

/*

Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit

by Nine:Situations:Group::bookoo

our site: http://retrogod.altervista.org/

software site: http://www.geeklog.net/

credit goes to rgod, bug found more than a year ago

working again

[ more ] [ reply ]

Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability 2009-04-09
nospam gmail it

As the vendor stated, see:

http://www.geeklog.net/article.php/geeklog-1.5.2sr2

geeklog is also vulnerable to this:

http://www.securityfocus.com/bid/34361/info

actually this should be renamed in

glFusion 'SESS_updateSessionTime()' SQL Injection Vulnerability

[ more ] [ reply ]

AdaptBB 1.0 Beta Multiple Remote Vulnerabilities 2009-04-09
Salvatore \drosophila\ Fresta (drosophilaxxx gmail com)

******* Salvatore "drosophila" Fresta *******

[+] Application: AdaptBB
[+] Version: 1.0 Beta
[+] Website: http://sourceforge.net/projects/adaptbb/

[+] Bugs: [A] Multiple Blind SQL Injection
[B] Multiple Dynamic Code Execution
[C] Arbitrary File Upload

[+] Exploitation: Rem

[ more ] [ reply ]

OpenVAS now beyond 10000 Network Vulnerability Tests 2009-04-09
Michael Wiegand (michael wiegand intevation de)

Hello,

Passing the 10000th Network Vulnerability Test (NVT) is a perfect
occasion to report about the progress of the OpenVAS project[1].

In October 2008 the systematic development of new NVTs started with a
base of around 5800 Tests. With the release of OpenVAS 2.0 in December
2008, the developme

[ more ] [ reply ]