|
|
Colapse all |
Post message
iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability 2005-09-30 iDEFENSE Labs (labs-no-reply idefense com) Buffer-overflow and directory traversal bugs in Virtools Web Player 3.0.0.100 2005-09-30 Luigi Auriemma (aluigi autistici org) [SECURITY] [DSA 831-1] New mysql-dfsg packages fix arbitrary code execution 2005-09-30 joey infodrom org (Martin Schulze) Announce: Bluetooth mailing list - Bluetraq 2005-09-30 Adam Laurie (adam laurie thebunker net) Hi, By popular demand, we (the trifinite group) have set up a public (moderated) mailing list for discussion of all things Bluetooth. This is not intended as a replacement for any existing disclosure lists, but more for discussions about research into Bluetooth issues etc. The list can be found [ more ] [ reply ] Citrix Metaframe Presentation Server bypassing policies 2005-09-30 gustavog grupoitpro com ar DESCRIPTION: ============ Vulnerability in Presentation Server allow to user bypass citrix policy which is applied to client name. SOFTWARE: Citrix Metaframe Presentation Server 3.0 / 4.0 ========= INFO: ===== Citrix Presentation Server policy is used for admins to restrict the user environme [ more ] [ reply ] RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein 2005-09-30 Sergey V. Gordeychik (gordey itsecurity ru) Hi list. I checked some ideas and think that reflected XSS in user-agent and other http request headers fileds (cookies for example) can be exploited via http request smuggling\splitting cache poisoning attacks using described techniques. So vendors who discard such vulnerabilities as not explotabl [ more ] [ reply ] [USN-192-1] Squid vulnerability 2005-09-30 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-192-1 September 30, 2005 squid vulnerability CAN-2005-2917 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu [ more ] [ reply ] [SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilities 2005-09-29 Michael Stone (mstone klecker debian org) Re: PocketPC exploitation 2005-09-30 Joel Maslak (jmaslak antelope net) On Fri, 30 Sep 2005, Denis Jedig wrote: > Although it is a Good Idea (tm) to uncover design deficiencies in > current AV products, we never should forget that "antivirus" is *by > definition* a reactive thing and thus cannot protect from unknown > threats. If we wanted to have a *really* proactive [ more ] [ reply ] Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure 2005-09-30 security curmudgeon (jericho attrition org) : I believe that this thing has been discovered and fixed long time ago. : check this out, maybe I am wrong: : http://www.gnucitizen.org/writings/php-fusion-messages.php-sql-injection -vulnerability.xhtml Your advisory: POST fields pm_email_notify and pm_save_sent are not properly sanitized. Rgo [ more ] [ reply ] [ GLSA 200509-21 ] Hylafax: Insecure temporary file creation in xferfaxstats script 2005-09-30 Thierry Carrez (koon gentoo org) Multiple vulnerabilities in Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 2005-09-30 ss_contacts hotmail com ShineShadow Security Report 30092005-06 TITLE: Multiple vulnerabilities in Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1. BACKGROUND Merak Mail Server, with the revolutionary Merak Mail Server GroupWare Server, cutting- edge Merak Mail Server Instant Antispam and much more, is the fastest [ more ] [ reply ] [SECURITY] [DSA 830-1] New ntlmaps packages fix information leak 2005-09-30 joey infodrom org (Martin Schulze) apachetop insecure temporary file creation 2005-09-30 ZATAZ Audits (exploits zataz net) ######################################################### apachetop insecure temporary file creation Vendor: http://clueful.shagged.org/apachetop/ Advisory: http://www.zataz.net/adviso/apachetop-09022005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low ############# [ more ] [ reply ] [SECURITY] [DSA 832-1] New gopher packages fix several buffer overflows 2005-09-30 joey infodrom org (Martin Schulze) Zone Labs response to "Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC" 2005-09-29 Zone Labs Security Team (security zonelabs com) Zone Labs response to "Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC" Overview: Debasis Mohanty published a notice about a potential security issue with personal firewalls to several security email lists on September 28th, 2005. Zone Labs has investigated his claims and has dete [ more ] [ reply ] Lucid CMS 1.0.11 SQL Injection / Login Bypass / remote code execution 2005-09-29 retrogod aliceposta it Lucid CMS 1.0.11 SQL Injection / Login Bypass / remote code execution software: site: http://lucidcms.net/ description: lucidCMS is a simple and flexible content management system for the individual or organization that wishes to manage a collection of web pages without the overhead and complexity [ more ] [ reply ] [USN-191-1] unzip vulnerability 2005-09-29 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-191-1 September 29, 2005 unzip vulnerability CAN-2005-2475 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu [ more ] [ reply ] [USN-190-1] SNMP vulnerability 2005-09-29 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-190-1 September 29, 2005 net-snmp vulnerability CAN-2005-2177 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Wartho [ more ] [ reply ] [USN-189-1] cpio vulnerabilities 2005-09-29 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-189-1 September 29, 2005 cpio vulnerabilities CAN-2005-1111, CAN-2005-1229 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty [ more ] [ reply ] [USN-188-1] AbiWord vulnerability 2005-09-29 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-188-1 September 29, 2005 abiword vulnerability CAN-2005-2964 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] [SECURITY] [DSA 825-1] New loop-aes-utils packages fix privilege escalation 2005-09-29 joey infodrom org (Martin Schulze) Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC 2005-09-29 warl0ck linuxmail org (1 replies) It is issue with almost all the firewalls firewalls don't protect the running applications themselves.I think i don't get is what does it have to do with DDE ?.Also one can read firewall ACL from the settings and inject code into the running trusted process. [ more ] [ reply ] Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC 2005-09-29 Paul Laudanski (zx castlecops com) |
|
Privacy Statement |
iDEFENSE Security Advisory 09.30.05
www.idefense.com/application/poi/display?id=311&type=vulnerabilities
September 30, 2005
I. BACKGROUND
RealPlayer is an application for playing various media formats,
developed by RealNetwo
[ more ] [ reply ]