[USN-1007-1] NSS vulnerabilities

=== Ubuntu Security Notice USN-1007-1 October 20, 2010 nss vulnerabilities CVE-2010-3170, CVE-2010-3173 === A security issue affects the following Ubuntu releases: Ubuntu

[ MDVSA-2010:208 ] pidgin

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:208 http://www.mandriva.com/security/

[USN-998-1] Thunderbird vulnerabilities

=== Ubuntu Security Notice USN-998-1 October 20, 2010 thunderbird vulnerabilities CVE-2010-3175, CVE-2010-3176, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183

[SecurityArchitect-009]: Microsoft Windows Mobile Double Free Vulnerability

Vendor: Microsoft Product: Windows Mobile Vulnerability: Double Free Tested vulnerable versions: Windows Mobile 6.1 and 6.5 Tested on : HTC Touch (WM 6.1), HTC Touch2 (WM 6.5) CREDITS: Celil Ünüver from SecurityArchitect.Org CONTACT: celilunuver[n0sp4m]gmail.com Vulnerability Details and

[ MDVSA-2010:207 ] glibc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:207 http://www.mandriva.com/security/

Micro CMS Persistent XSS Vulnerability.

Hi, SecPod Research Team has found a Persistent Cross-Site vulnerability in Micro CMS. Advisory details has been attached to this mail. Regards, SecPod Research Team http://www.secpod.com ## Micro CMS Persistent

[security bulletin] HPSBMA02592 SSRT100300 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows Running Adobe Flash, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unau

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02549485 Version: 1 HPSBMA02592 SSRT100300 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows Running Adobe Flash, Remote Execution of Arbitrary Code, Denial of Service

Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass

Hey, Michal thanks for the reply to defend credits :). I had some moderation issues when I tried to send some word about this. Just for sake of clarification: I sent the advisory to Oracle on 20th April 2010. Oracle acknowledged the issue on june. If Roberto sent the advisory to Oracle then

Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass

Hi Michael, Let me share some background on this advisory... I came to this result when I was looking into a way of exploiting the Apache Web Server Compatibility with older browser feature. A separate paper has been published here:

SEC Consult SA-20101021-0 :: Multiple critical vulnerabilities in Sawmill log analysis software

SEC Consult Security Advisory 20101021-0 === title: Multiple critical vulnerabilities product: Sawmill - Universal Log File Analysis vulnerable version: Sawmill Enterprise v8.1.7.3 fixed version

Java Multiple Issues

Hi all and sorry for cross post, after several months since I contacted Oracle informing them about ten issues on Java applet security, they finally released an Java 6 update 22 which fixes several security issues In particular the issues are the following, sorted by impact: * Information

[security bulletin] HPSBMA02596 SSRT100271 rev.1 - HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows , Remote Cross Site Scripting (XSS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02535850 Version: 1 HPSBMA02596 SSRT100271 rev.1 - HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows , Remote Cross Site Scripting (XSS) NOTICE: The information in

Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/20/2010 10:11 PM, Roberto Suggi Liverani wrote: snip / In Java SE 6 update 10, both the Java Web Start and Java Plug-In technologies contain preliminary support for cross-domain policy files, which specify how unsigned code may access web