|
|
Colapse all |
Post message
İltaweb Alışveriş Sistemi (tr) Sql inj 2008-10-11 ozdemirtravel gmail com ************************************************************************ ************** Author : By nétRoot ~ Contact: msn (at) passw0rd (dot) info [email concealed] Greetz : BugBusters ~ Thanx : Dumenci ~ Sabneq ~ LaqNes ~ Neco ~ MecTruy ~ qopeLi ... Note : No War..! *********************************************** [ more ] [ reply ] [SECURITY] [DSA 1646-2] New squid packages fix array bounds check 2008-10-11 Devin Carraway (devin debian org) iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20 2008-10-10 Chris Clark (cclark isecpartners com) iSEC Partners Security Advisory - 2008-002-lenovornr https://www.isecpartners.com -------------------------------------------- Lenovo Rescue and Recovery Local Kernel Overflow Vendor: Lenovo Vendor URL: http://www.lenovo.com Versions affected: 4.20 Systems Affected: Windows XP, Windows Vista Seve [ more ] [ reply ] [LC-2008-04] Nokia Browser Array Sort Denial Of Service Vulnerability 2008-10-10 luca carettoni ikkisoft com ==================================================== Security Research Advisory Vulnerability name: Nokia Browser Array Sort Denial Of Service Vulnerability Advisory number: LC-2008-04 Advisory URL: http://www.ikkisoft.com ==================================================== 1) Affected [ more ] [ reply ] [USN-651-1] Ruby vulnerabilities 2008-10-10 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-651-1 October 10, 2008 ruby1.8 vulnerabilities CVE-2008-2376, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905 ==================================================== [ more ] [ reply ] ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability 2008-10-10 zdi-disclosures 3com com [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure 2008-10-09 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-3271: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.31 Tomcat 5.5.0 Tomcat 6.0.x is not affected The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions m [ more ] [ reply ] [ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability 2008-10-09 Robert Buchholz (rbu gentoo org) Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public. 2008-10-09 therese vanryne motorola com Thank you for revisiting this issue. Unfortunately your first message didn't make it to the right parties due to the then-recent acquisition of Netopia by Motorola. We take security seriously and have added in password protection to fix this problem. We are also investigating the root cause of the [ more ] [ reply ] [security bulletin] HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) 2008-10-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01567813 Version: 1 HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upo [ more ] [ reply ] PR07-31: Unauthenticated SQL Injection, XSS on Login Page and Username Enumeration on DPSnet Case Progress 2008-10-09 ProCheckUp Research (research procheckup com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR07-31: Unauthenticated SQL Injection, XSS and Username Enumeration on DPSnet Case Progress Vulnerabilities Found: 23 May 2007 Vendor Contacted: 10 July 2007, 31 August 2007, 17 September 2007, 12 December 2007 Note: the vendor stopped responding on [ more ] [ reply ] News Manager Remote SQL Injection Vulnerability 2008-10-09 Ghost hacker (ghost-r00t hotmail com) (1 replies) [security bulletin] HPSBMA02362 SSRT080044, SSRT080045, SSRT080042 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), Execute Arbitrary Code 2008-10-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01537275 Version: 2 HPSBMA02362 SSRT080044, SSRT080045, SSRT080042 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), Execute Arbitrary Code NOTICE: The informati [ more ] [ reply ] PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection 2008-10-09 ProCheckUp Research (research procheckup com) (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection Vulnerability found: 2 May 2008 Vendor informed: 2 May 2008, 1st August 2008 Vulnerability fixed: no response was received from the vendor. A workaround has been included in the "Fix" se [ more ] [ reply ] Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection 2008-10-09 Vladimir '3APA3A' Dubrovin (3APA3A SECURITY NNOV RU) (2 replies) Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection 2008-10-10 ProCheckUp Research (research procheckup com) Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection 2008-10-09 lee e rian census gov (1 replies) Re[2]: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection 2008-10-10 Vladimir '3APA3A' Dubrovin (3APA3A SECURITY NNOV RU) [security bulletin] HPSBMA02376 SSRT080099 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) 2008-10-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01570589 Version: 1 HPSBMA02376 SSRT080099 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin [ more ] [ reply ] FC2 BLOG Cross-Site Scripting Vulnerabilities 2008-10-09 xsp (xisigr gmail com) Subject: FC2 BLOG Cross-Site Scripting Vulnerabilities Application: FC2 BLOG Vendor:BLOG.FC2.COM Corporation: FC2, Inc. DATE : 9 Oct 2008 Description: FC2 BLOG Cross-Site Scripting Vulnerabilities Vulnerability: ============== They do not properly sanitize the potentially malicious input content to [ more ] [ reply ] ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability 2008-10-08 zdi-disclosures 3com com Token Kidnapping Windows 2003 PoC exploit 2008-10-08 Cesar (cesarc56 yahoo com) (From http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-toke n.html) It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf) was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under S [ more ] [ reply ] ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability 2008-10-08 zdi-disclosures 3com com ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability 2008-10-08 zdi-disclosures 3com com ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability 2008-10-08 zdi-disclosures 3com com Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public. 2008-10-08 Juha-Matti Laurio (juha-matti laurio netti fi) The vendor fixed the issue remarkable quickly, but Additionally, the Last modified field in directory listings disclosed the timestamp of location information too. Addresses like firstname.surname (at) domain (dot) com [email concealed] disclosed confidential information about the people working in specific organizations too. [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:211
http://www.mandriva.com/security/
_____________________________________________________________________
[ more ] [ reply ]