SecurityFocus

[ MDKSA-2006:043 ] - Updated gnupg packages fix signature file verification vulnerability 2006-02-17
security mandriva com

[ MDKSA-2006:042 ] - Updated libtiff packages fix vulnerability 2006-02-17
security mandriva com

[ MDKSA-2006:041 ] - Updated bluez-hcidump packages fix buffer overflow vulnerability 2006-02-17
security mandriva com

[eVuln] CALimba Authentication Bypass Vulnerability 2006-02-17
alex evuln com

New eVuln Advisory:
CALimba Authentication Bypass Vulnerability
http://evuln.com/vulns/68/summary.html

--------------------Summary----------------
eVuln ID: EV0068
CVE: CVE-2006-0693
Software: CALimba
Sowtware's Web Site: http://www.errebit.com/opensource/index.php?rb=calimba
Versions: 0.99.2, 0.99

[ more ] [ reply ]

BCS Asia 2006 - Call for Papers 2006-02-17
Jim Geovedi (jim geovedi com)

Bellua Cyber Security Asia 2006 Call for Papers - http://www.bellua.net

For the second consecutive year, the Bellua Cyber Security Asia 2006
Conference will bring together in Indonesia internationally
recognized experts in the security community as well as leading
members of the local Indones

[ more ] [ reply ]

Uniden UIP1868P (VoIP phone/gateway) default easy-to-guess password vulnerability 2006-02-16
pagvac (unknown pentester gmail com)

Title: Uniden UIP1868P (VoIP phone/gateway) default easy-to-guess
password vulnerability

Author: pagvac (Adrian Pastor)

Date found: January 2006

Vendor contacted: Yes (no response received)

Description:

By default the web admin interface uses a password with a value equals
to "admin" (without q

[ more ] [ reply ]

[OpenPKG-SA-2006.001] OpenPKG Security Advisory (gnupg) 2006-02-17
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

Sending exact replicas of Distributed.net's worked OGR project files could increase individual's stats. 2006-02-15
spoilt jesus gmail com

Vulnerable: All Dnet clients when working on OGR project

Distributed.net was the Internet's first general-purpose distributed computing project.
Founded in 1997, the network has grown to include thousands of users around the world donating the power of their home computers to academic research an

[ more ] [ reply ]

[eVuln] SmE GB Host Authentication Bypass Vulnerability 2006-02-16
alex evuln com

New eVuln Advisory:
SmE GB Host Authentication Bypass Vulnerability
http://evuln.com/vulns/66/summary.html

--------------------Summary----------------
eVuln ID: EV0066
Software: SmE GB Host
Sowtware's Web Site: http://www.scriptme.com/
Versions: 1.21
Critical Level: Moderate
Type: SQL Injection
Cla

[ more ] [ reply ]

[eVuln] PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities 2006-02-17
alex evuln com

New eVuln Advisory:
PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities
http://evuln.com/vulns/67/summary.html

--------------------Summary----------------
eVuln ID: EV0067
Software: PHP/MYSQL Timesheet
Sowtware's Web Site: http://www.geocities.com/night247/
Versions: V1, V2
Critical Level: M

[ more ] [ reply ]

[ MDKSA-2006:040 ] - Updated kernel packages fix multiple vulnerabilities 2006-02-17
security mandriva com

Java script exploit 2006-02-17
gandalf digital net (2 replies)

Greetings and Salutations:

I just receieved this exploit, I have looked around and all I could find lately are the following Java issues:
Gentoo Linux Security Advisory GLSA 200601-10 - Sun and Blackdown Java: Applet privilege escalation

I don't have the Java knowledge to figure out what is going

[ more ] [ reply ]

Re: Java script exploit 2006-02-18
Jose Nazario (jose monkey org) (1 replies)

Re: Java script exploit 2006-02-18
Jose Nazario (jose monkey org)

Re: Java script exploit 2006-02-18
3APA3A (3APA3A SECURITY NNOV RU)

[SECURITY] [DSA 978-1] New GnuPG packages fix invalid success return 2006-02-17
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 978-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 17th, 2006

[ more ] [ reply ]

[security bulletin] SSRT051023 rev.6 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access 2006-02-17
security-alert hp com

Password disclosure and remote access in Netcool/NeuSecure Security information management platform 2006-02-16
D.Snezhkov (dsnezhkov gmail com)

Multiple security information disclosure paths and remote access
Netcool/NeuSecure Security information management platform .

Cleartext-storage of passwords in the configuration file
Cleartext reporting of user password in the log
Default backend Mysql database user and remote access.
Laxed file

[ more ] [ reply ]

[SECURITY] [DSA 979-1] New pdfkit.framework packages fix several vulnerabilities 2006-02-17
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 979-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 17th, 2006

[ more ] [ reply ]

Re: memory leak in IE? 2006-02-15
bcrawfordjr gmail com

I do not see any increase in iexplore memory usage. I kept the page in memory for at least one half hour.

[ more ] [ reply ]

Internet Explorer Phishing mouseover issue 2006-02-16
gandalf digital net (1 replies)

Greetings and Salutations:

See below for the entire phishing e-mail I received. When I hover the mouse over the link "https://secure.ebay.com/eBayISAPI.dll?action=verify&id=00626654&user=" in Internet Explorer at the bottom of the page I see:
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn

When I

[ more ] [ reply ]

Re: Internet Explorer Phishing mouseover issue 2006-02-18
Paul Szabo (psz maths usyd edu au)

Bugs/Security issues with PatchLink's Update Server 2006-02-15
Brian Boner (BBoner tbgfinancial com)

Security Focus,

I have been reporting issues to PatchLink Support for two years now with little & no resolution on most of the things I find. Because they are such a large patch management platform I think it is important that they be responsible for their coding practices. But even trying to wor

[ more ] [ reply ]

RUNCMS 1.3a SQL injection 2006-02-16
h e (het_ebadi yahoo com)

refrence:
http://www.runcms.org/public/modules/forum/viewtopic.php?topic_id=4003&f
orum=18
http://hamid.ir/security/
-----------------------------------------------
RUNCMS 1.3a SQL injection
Runcms Includes most things a webmaster would expect
from a cms: downloads, links, tutorials section,
polls, f

[ more ] [ reply ]

[USN-253-1] heimdal vulnerability 2006-02-17
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-253-1 February 17, 2006
heimdal vulnerability
CVE-2006-0677
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubunt

[ more ] [ reply ]

SNORT Incorrect fragmented packet reassembly 2006-02-17
siouxsie entheogen ru

Snort 2.4.3 has a bug in processing fragmented ip packets which has ip options. frag3 preprocessor of snort skips [ip_option_length] bytes from end of the ip options when reassembling packet, thus allowing anyone to evade ids.

Guys at snort.org already informed and are fixing the problem.

[ more ] [ reply ]

False positive signature verification in GnuPG 2006-02-15
Werner Koch (wk gnupg org)

False positive signature verification in GnuPG
==============================================

Summary
=======

The Gentoo project identified a security related bug in GnuPG. When
using any current version of GnuPG for unattended signature
verification (e.g. by scripts and mai

[ more ] [ reply ]