|
|
Colapse all |
Post message
[SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities 2008-10-08 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 1648-1] New mon packages fix insecure temporary files 2008-10-08 thijs debian org (Thijs Kinkhorst) Windows Mobile 6 insecure password handling and too short WLAN-password 2008-10-08 MC Iglo (mc iglo googlemail com) hi list, I noticed on my HTC Hermes with latest available WM6 (not 6.1!), that after I entered the password for my WLAN, auto-copletion knows the phrase and suggests my WLAN-password for almost any input-field. Further, the memory for passwordstorage is way too small. I can enter my whole password [ more ] [ reply ] Advisory: Graphviz Buffer Overflow Code Execution 2008-10-08 roeeh il ibm com The graphviz team has just released a patch to a critical security issue I reported to them. The following is the advisory (also available at http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execut ion.html): Background ========== Graphviz is an open-source multi-platform [ more ] [ reply ] Cisco Security Advisory: Authentication Bypass in Cisco Unity 2008-10-08 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Authentication Bypass in Cisco Unity Advisory ID: cisco-sa-20081008-unity http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml Revision 1.0 For Public Release 2008 October 08 1600 UTC (GMT) Summary ======= A [ more ] [ reply ] Re: HostAdmin 3.* Remote File Include Vulnerabilities 2008-10-07 admin majorsecurity de Dear SecurityFocus moderators. Unfortunelly this bug was not found by Am!r (IrIsT?) like it has been credited in this advisory. It was originally discovered by David Vieira-Kurz of MajorSecurity and published on June 3rd 2006. BugTraq-iD: 345993 --> http://www.securityfocus.com/archive/1/435993 a [ more ] [ reply ] ANNOUNCE - RFIDIOt version 0.1t released 2008-10-08 Adam Laurie (adam algroup co uk) Folks, I'm pleased to announce the release of RFIDIOt version 0.1t This was delayed waiting for vonJeek to release his epassport tools, which he has now done (http://freeworld.thc.org/thc-epassport/), so here goes... As you've probably guessed, the main highlights here are integration with the [ more ] [ reply ] [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow) 2008-10-07 vulns wintercore com [ HTML FORMATED Advisory ] http://www.wintercore.com/advisories/advisory_W021008.html [TEXT VERSION] GearSoftware Powered Products Local Privilege Escalation + GEARASpiWDM.sys Insecure Method + Microsoft Windows Kernel IopfCompleteRequest Integer Overflow :: Summary 1. Background 2. N [ more ] [ reply ] Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public. 2008-10-07 artful38 yahoo com Re: iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability 2008-10-07 Lostmon gmail com [ GLSA 200810-01 ] WordNet: Execution of arbitrary code 2008-10-07 Tobias Heinlein (keytoaster gentoo org) [OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability 2008-10-07 Matteo Beccati (php beccati com) [security bulletin] HPSBUX02375 SSRT080122 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS) 2008-10-07 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01570585 Version: 1 HPSBUX02375 SSRT080122 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as pos [ more ] [ reply ] Yerba SACphp <= 6.3 / Local File Inclusion Exploit 2008-10-06 Pepelux (pepelux enye-sec org) #! /usr/bin/perl # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Yerba SACphp <= 6.3 / Local File Inclusion Exploit # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Program: Yerba SACphp # Version: <= 6.3 # File affected: index.php # Download: http://sourceforge.net/projects/yerb [ more ] [ reply ] HostAdmin 3.* Remote File Include Vulnerabilities 2008-10-07 admin irist ir Dear securityfocus moderator, a bug in HostAdmin that allows to us to occur a Remote File Include on a Remote machin. this bug tested with the Vulnerable Software 3.1.1. A Full Description Can be found in the attached document. ############################################################### [ more ] [ reply ] Firefox Privacy Broken If Used to Open Web Page File 2008-10-07 Liu Die Yu (liudieyu com gmail com) Brief from my Twitter: The effect is exposing any location, incl your browsing history(about:cache etc) 04:54 AM October 05, 2008 from web Workaround: Do not use Firefox to open HTM/HTML - not from RAR package, not from remote Windows share folder, not from local, etc. 04:36 AM October [ more ] [ reply ] [SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities 2008-10-07 thijs debian org (Thijs Kinkhorst) [SECURITY] [DSA-1646-1] New squid packages fix array bounds check 2008-10-07 Devin Carraway (devin debian org) Motorola Timbuktu's Internet Locator Service real-time data exposed to public. 2008-10-06 vulns wintercore com We just want to make a public warning to those users of Motorola/Netopia Timbuktu Remote Control Software who are using the Internet Locator service. This service allows to locate any Timbuktu's user just by knowing the email. More than five months ago we notified Netopia's customer support (http [ more ] [ reply ] [SECURITY] [DSA-1644-1] New mplayer packages fix integer overflows 2008-10-05 Devin Carraway (devin debian org) [SECURITY] [DSA 1643-1] New feta packages fix denial of service 2008-10-05 Moritz Muehlenhoff (jmm debian org) FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities 2008-10-05 Pepelux (pepelux enye-sec org) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -= FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -= Program: FOSS Gallery Public Version Version: <= 1.0 File affected: proces [ more ] [ reply ] FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability 2008-10-05 Pepelux (pepelux enye-sec org) #! /usr/bin/perl # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - # FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - # Program: FOSS Gallery Admin Version # Version: <= [ more ] [ reply ] FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit 2008-10-05 crimson loyd gmail com Name : FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit Credit : suN8Hclf (DaRk-CodeRs Group), crimson.loyd (at) gmail (dot) com [email concealed] Download: : http://www.FastStone.org Greetz : Luigi Auriemma, 0in, cOndemned, e.wiZz!, Gynvael Coldwind, Katharsis, all from #dark-coders and oth [ more ] [ reply ] [ENABLESECURITY] Apple's Mail.app stores your S/MIME encrypted emails in clear text 2008-10-06 publists enablesecurity com Just published the below advisory describing an issue with Mail.app and a solution. I comment on the flaw on my blog: http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/ An up to date version of the advisory can be found: http://resources.enablesecurity.com/advisories/apple-m [ more ] [ reply ] [SECURITY] [DSA-1645-1] New lighttpd packages fix various problems 2008-10-06 Steve Kemp (skx debian org) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1649-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 08, 2008
[ more ] [ reply ]