SecurityFocus

Problems with syscall filtering technologies on Linux 2009-01-23
Chris Evans (scarybeasts gmail com)

Hi,

There's a trick which may permit the bypassing of policies in
technologies which do syscall filtering on the Linux x86_64 kernel.

The trick is made possible by the fact that the 32-bit and 64-bit
kernel tables are different, combined with the fact that a 64-bit
process can make a 32-bit syscal

[ more ] [ reply ]

ZDI-09-009: EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability 2009-01-23
zdi-disclosures 3com com

ZDI-09-009: EMC AutoStart Backbone Engine Trusted Pointer Code Execution

Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-09-009

January 23, 2009

-- Affected Vendors:

EMC

-- Affected Products:

EMC AutoStart

-- TippingPoint(TM) IPS Customer Protection:

TippingPoint IPS cu

[ more ] [ reply ]

Oblog XSS valnerability 2009-01-23
arash setayeshi gmail com

Product Name : Oblog System

Vendor : www.oblog.cn

Oblog XSS valnerability (in err.asp page)

example : http://example/oblog/err.asp?message=XSS

[ more ] [ reply ]

[ MDVSA-2009:026 ] phpMyAdmin 2009-01-23
security mandriva com

BBSxp Xss vulnerability 2009-01-23
arashps0 gmail com

Product name: BBSxp System
Vendor: www.bbsxp.com

BBSxp 5.13 & prior versions XSS bug (in error.asp page)

Example:
http://example/bbs/error.asp?message=xss

[ more ] [ reply ]

PHP-Nuke 8.0 Downloads Blind Sql Injection 2009-01-23
r3d w0rm yahoo com

########################################################################
#############
#### PHP-Nuke 8.0 Downloads Blind Sql Injection ####
########################################################################
#############
#

[ more ] [ reply ]

Secunia Research: AXIS Camera Control "image_pan_tilt" Property Buffer Overflow 2009-01-23
Secunia Research (remove-vuln secunia com)

======================================================================

Secunia Research 23/01/2009

- AXIS Camera Control "image_pan_tilt" Property Buffer Overflow -

======================================================================
Table of Contents

Affected Softwar

[ more ] [ reply ]

[ MDVSA-2009:025 ] pidgin 2009-01-23
security mandriva com

[TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities 2009-01-22
Tobias Klein (tk trapkit de)

Please find attached a detailed advisory of the vulnerabilities.

Alternatively, the advisory can also be found at:
http://www.trapkit.de/advisories/TKADV2009-003.txt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory: GStreamer Heap Overflow and Array Index out of

[ more ] [ reply ]

ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability 2009-01-21
zdi-disclosures 3com com

ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption

Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-09-007

January 21, 2009

-- CVE ID:

CVE-2009-2006

-- Affected Vendors:

Apple

-- Affected Products:

Apple Quicktime

-- TippingPoint(TM) IPS Customer Protectio

[ more ] [ reply ]

[ MDVSA-2009:023 ] php 2009-01-22
security mandriva com

[ MDVSA-2009:021 ] php 2009-01-21
security mandriva com

ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability 2009-01-21
zdi-disclosures 3com com

ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption

Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-09-005

January 21, 2009

-- CVE ID:

CVE-2009-0002

-- Affected Vendors:

Apple

-- Affected Products:

Apple Quicktime

-- TippingPoint(TM) IPS Customer Protect

[ more ] [ reply ]

VUPlayer 2.49 .ASX local universal BOF exploit 2009-01-22
maroc-anti-connexion hotmail com

/*simo36.c
* spercial tnx to ANOUARE & ISMAIL my best friends
*email : maroc-anti connexion (at) tmil (dot) com [email concealed]
* greetz : anouare & ismail & djekmani & stack & mr.5rab
*/
#include<stdio.h>
#include<string.h>
#include<windows.h>

char header1[]=
"\x3C\x61\x73\x78\x20\x76\x65\x72\x73\x69\x6F\x6E\x20\x3D\x20

[ more ] [ reply ]

ZDI-09-008: Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability 2009-01-21
zdi-disclosures 3com com

ZDI-09-008: Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-09-008

January 21, 2009

-- CVE ID:

CVE-2009-0007

-- Affected Vendors:

Apple

-- Affected Products:

Apple Quicktime

-- TippingPoint(TM) IPS Customer Protection:

Ti

[ more ] [ reply ]

ZDI-09-006: Apple QuickTime AVI Header nBlockAlign Heap Corruption Vulnerability 2009-01-21
zdi-disclosures 3com com

ZDI-09-006: Apple QuickTime AVI Header nBlockAlign Heap Corruption

Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-09-006

January 21, 2009

-- CVE ID:

CVE-2009-0003

-- Affected Vendors:

Apple

-- Affected Products:

Apple Quicktime

-- TippingPoint(TM) IPS Customer Prote

[ more ] [ reply ]

[ MDVSA-2009:020 ] xine-lib 2009-01-21
security mandriva com

Asp-project Cookie Handling 2009-01-22
r3d w0rm yahoo com

########################################################################
#############
#### Asp-project Cookie Handling ####
########################################################################
#############
#

[ more ] [ reply ]

[ MDVSA-2009:022 ] php 2009-01-21
security mandriva com

[ MDVSA-2009:024 ] php4 2009-01-22
security mandriva com

[ GLSA 200901-15 ] Net-SNMP: Denial of Service 2009-01-21
Pierre-Yves Rofes (py gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200901-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[IMF 2009] Call for Papers 2009-01-21
Oliver Goebel (goebel cert uni-stuttgart de)

Dear all,

for your information.

Please excuse possible cross postings.

========================================================================

CALL FOR PAPERS

IMF 2009

5th International Conference
on IT S

[ more ] [ reply ]

[ GLSA 200901-14 ] Scilab: Insecure temporary file usage 2009-01-21
Pierre-Yves Rofes (py gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200901-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Digital Security opens a site of its research center DSec Research Group 2009-01-21
Digital Security Research Group (research dsec ru)

Digital Security opens a site of its research center DSec Research Group

Digital Security opens a site of its research center DSec Research
Group [DSecRG], the main mission of which is to conduct researches of different application and system vulnerabilities.
The result of this work is then used by

[ more ] [ reply ]

Re: [Full-disclosure] Oracle Containers For Java DirectoryTraversal (OC4J) Oracle Application Server 10g (10.1.3.1.0)Oracle HTTP Server 2009-01-21
Mark Thomas (markt apache org)

Eduardo Vela wrote:
> Probably one of this are the vulnerabilty descriptions of the bugs:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5460
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4017

Looks to be an exact match with
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200

[ more ] [ reply ]

Joomla component beamospetition 1.0.12 Sql Injection 2009-01-21
vds_s yahoo com

Joomla component beamospetition 1.0.12 Sql Injection / Xss

Author : vds_s

Dork : "Powered by beamospetition 1.0.12"

Dl : http://joomlacode.org/gf/project/beamospetition/

Xss : http://[site]/?option=com_beamospetition&func=sign&pet='><script>alert('
Xss')</script>

Sql Injection : http://[site]/?o

[ more ] [ reply ]

Cisco Security Advisory: Cisco Security Manager Vulnerability 2009-01-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Security Manager Vulnerability

Advisory ID: cisco-sa-20090121-csm

http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml

Revision 1.0

For Public Release 2009 January 21 1600 UTC (GMT)

- ---------------------

[ more ] [ reply ]

[DSECRG-09-004] AXIS 70U Network Document Server - Privilege Escalation and XSS 2009-01-21
Digital Security Research Group (research dsec ru)

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-004
AXIS 70U Network Document Server - Privilege Escalation and XSS

http://dsecrg.com/pages/vul/show.php?id=60

Application: AXIS 70U Network Document Server (Web Interface)
Versions Affected: 3.0
V

[ more ] [ reply ]

[SECURITY] [DSA 1693-2] New phppgadmin packages fix regression 2009-01-21
thijs debian org (Thijs Kinkhorst)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1693-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
January 21, 2009

[ more ] [ reply ]

[SECURITY] [DSA 1709-1] New shadow packages fix privilege escalation 2009-01-21
thijs debian org (Thijs Kinkhorst)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1709-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
January 21, 2009

[ more ] [ reply ]