|
|
Prev week |
Colapse all |
Post message
[SECURITY] [DSA 811-2] New common-lisp-controller packages fix arbitrary code injection 2005-11-21 joey infodrom org (Martin Schulze) [SECURITY] [DSA 902-1] New xmail packages fix arbitrary code execution 2005-11-21 joey infodrom org (Martin Schulze) cracking safes with thermal imaging 2005-11-21 Michal Zalewski (lcamtuf dione ids pl) Somewhat on the silly side of life, but some subscribers might find it amusing... and a subset of that subset may even find it relevant to their jobs (hopefully in risk management, but possibly in safe cracking): http://lcamtuf.coredump.cx/tsafe/ Cheers, /mz (pluggity plug) http://lcamtuf.core [ more ] [ reply ] Security Advisory: Struts Error Message Cross Site Scripting 2005-11-21 Irene Abezgauz (irene Hacktics com) Background ========== Struts is an open source framework for building web applications. The core of the Struts framework is a flexible control layer based on standard technologies such as Java Servlets, JavaBeans, resource bundles, and the Extensible Markup Language (XML). Struts can be used with di [ more ] [ reply ] Metro Olografix Crypto Meeting 2006 CFP 2005-11-20 Angelo Dell'Aera (buffer olografix org) Metro Olografix, an Italian no-profit association which has been working for spreading the knowledge of information technology and networking since 1994, is looking for high-quality speech submissions for the 2006 edition of the Metro Olografix CryptoMeeting (MOCM). The deadline is set on December [ more ] [ reply ] [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ 2005-11-19 tk trapkit de [security - exponentcms] 2005-11-19 Hans Wolters (hans wolters xs4all nl) A number of security issues have been discovered in ExponentCMS ------------------------------------------------------------------------ --------------------- Exponent is a fully-featured, modern CMS written in PHP, that enables non-technical people to manage and update their websites with minima [ more ] [ reply ] [ GLSA 200511-15 ] Smb4k: Local unauthorized file access 2005-11-18 Sune Kloppenborg Jeppesen (jaervosz gentoo org) MDKSA-2005:214 - Updated gdk-pixbuf/gtk+2.0 packages fix vulnerability 2005-11-18 Mandriva Security Team (security mandriva com) Mambo 0day Exploit out in the wild - mambo/skype hacked 2005-11-18 rebarz99 gmail com Mambo 0day Exploit out in the wild http://www.fnse.org/news.php http://share.skype.com/cache/main.htm http://mamboserver.com/modules/main.htm mambo server hacked by a philippine/filipino hacker - the great rebarz99 Hacked By Rebarz99 rebarz99 (at) gmail (dot) com [email concealed] Mabuhay ang Masang Pilipino! T [ more ] [ reply ] [SECURITY] [DSA 901-1] New gnump3d packages fix several vulnerabilities 2005-11-19 joey infodrom org (Martin Schulze) Google Base 2005-11-18 Petko Petkov (ppetkov gnucitizen org) OK, I need to start this subject since nobody else has discussed anything yet on the mailing list. Do you guys know about Google Base?: Google our big hacker friend that helps us to find malicious scripts and open proxies just like that. Well, Google has a new service: Google Base. And there are man [ more ] [ reply ] PHP-Fusion <= 6.00.206 Multiple Vulnerabilities 2005-11-18 r verton gmail com PHP-Fusion <= 6.00.206 Multiple Vulnerabilities =============================================== Software: PHP-Fusion <= 6.00.206 Severity: SQL Injection(s), Path disclosure Risk: High Author: Robin Verton <r.verton (at) gmail (dot) com [email concealed]> Date: Nov. 16 2005 Vendor: http://sourceforge.net/proj [ more ] [ reply ] Snagging Security Tokens to Elevate Privileges 2005-11-18 David Litchfield (davidl ngssoftware com) I've just put up a Database Security Brief; the first of many to come. http://www.databasesecurity.com/dbsec-briefs.htm It's called a brief because there's enough meat to make it interesting but not enough to make it a paper ;) This brief, Snagging Security Tokens to Elevate Privileges, details h [ more ] [ reply ] Secunia Research: Winmail Server Multiple Vulnerabilities 2005-11-18 Secunia Research (vuln secunia com) Secunia Research: MailEnable Buffer Overflow and DirectoryTraversal Vulnerabilities 2005-11-18 Secunia Research (vuln secunia com) [SECURITY] [DSA 900-1] New fetchmail packages fix potential information leak 2005-11-18 joey infodrom org (Martin Schulze) iDEFENSE Security Advisory 11.17.05: Qualcomm WorldMail IMAP Server Directory Traversal Vulnerability 2005-11-17 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Qualcomm WorldMail IMAP Server Directory Traversal Vulnerability iDEFENSE Security Advisory 11.17.05 www.idefense.com/application/poi/display?id=341&type=vulnerabilities November 17, 2005 I. BACKGROUND Qualcomm WorldMail is an email and messaging server designed for use in small to large enterpri [ more ] [ reply ] [SECURITY] [DSA 899-1] New egroupware packages fix several vulnerabilities 2005-11-17 joey infodrom org (Martin Schulze) [SECURITY] [DSA 898-1] New phpgroupware packages fix several vulnerabilities 2005-11-17 joey infodrom org (Martin Schulze) [KAPDA::#13] - XMB HTML Injection & Path Disclosure. 2005-11-17 alireza hassani (trueend5 yahoo com) [KAPDA::#13] - XMB (extreme message board) HTML Injection & Path Disclosure. KAPDA New advisory Vendor: http://www.xmbforum.com Bug: HTML Injection & Path Disclosure Exploitation: Remote with browser Description: -------------------- XMB is a free message board powered by PHP and MySQL. Vulnerab [ more ] [ reply ] MDKSA-2005:213 - Updated php packages fix multiple vulnerabilities 2005-11-17 Mandriva Security Team (security mandriva com) ShmooCon 2006 - Washington DC 2005-11-16 B Potter (gdead shmoo com) Bugtraq'rs, ShmooCon 2006 is upon us! ShmooCon 2005 (aka: the first one) was a huge success and we've decided to push our luck and have another one. The second annual ShmooCon will be January 13-15, in Washington, D.C., at the Marriott Wardman Park Hotel. In a nutshell, over three days, the [ more ] [ reply ] [security bulletin] SSRT5979 - HP-UX Running IPSec Remote Denial of Service (DoS) 2005-11-16 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00555601 Version: 1 HPSBUX02076 SSRT5979 - HP-UX Running IPSec Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release [ more ] [ reply ] [ GLSA 200511-14 ] GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities 2005-11-16 Thierry Carrez (koon gentoo org) MDKSA-2005:212 - Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities 2005-11-16 Mandriva Security Team (security mandriva com) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 811-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 21st, 2005
[ more ] [ reply ]