[USN-444-1] OpenOffice.org vulnerabilities

=== Ubuntu Security Notice USN-444-1 March 27, 2007 openoffice.org(2)/-amd64, ia32-libs-openoffice.org vulnerabilities CVE-2007-0238, CVE-2007-0239 === A security issue

[USN-446-1] NAS vulnerabilities

=== Ubuntu Security Notice USN-446-1 March 28, 2007 nas vulnerabilities CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547 === A security issue

ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability

ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-011.html March 28, 2007 -- CVE ID: CVE-2007-1675 -- Affected Vendor: IBM -- Affected Products: IBM Lotus Domino Server 6.5 IBM Lotus

Re: [SECURITY ALERT] osTicket bugs

Solution found here: http://eticket.sourceforge.net/

Re: SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000).

3APA3A wrote: 11.10.2006Vendor response: We believe this is not a security vulnerability but in fact a deliberate security feature to mitigate problems with invalid data propagating through the system. Proving once again that MS has ordered all of it's copies of KR

Update: ViewCVS and ViewVC 'checkout view' content type fixation issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi! Moritz Naumann wrote: This does not impact how much the rest of my report applies. My findings are now being discussed on the ViewVC developers mailing list [1]. They apparently also impact ViewVC. Whether and to which degree what I am

Re: [viewvc-users] Update: ViewCVS and ViewVC 'checkout view' content type fixation issue

Moritz Naumann wrote: I recommend that users and distributors of earlier ViewVC and ViewCVS versions should either backport the patch which disables the 'checkout view' or the one which makes it optional and deactivate it by default. A less simple but less restrictive patch would introduce a

iDefense Security Advisory 03.28.07: IBM Lotus Domino Web Access Cross Site Scripting Vulnerability

IBM Lotus Domino Web Access Cross Site Scripting Vulnerability iDefense Security Advisory 03.28.07 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 28, 2007 I. BACKGROUND IBM Lotus Domino Web Access is a web-based messaging and collaboration interface for the Lotus Domino server. More

[SECURITY] [DSA 1270-2] New OpenOffice.org packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1270-2[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze March 28th, 2007

Arbitrary Command Execution in DataDomain Administrator Interface

SUMMARY === An arbitrary command execution vulnerability exists in the command line administration interface of the software used by DataDomain appliances. An attacker who is able to access the administration interface could exploit this vulnerability to install malicious software and use the

Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)

TrueCrypt 4.3 for Linux from http://www.truecrypt.org/ It seems to be possible to perform various denial of service attacks on a Linux computer running TrueCrypt in set-uid root mode, or possible introduce evil binaries into normally trusted locations. I tested this on the latest version, 4.3,

[USN-445-1] XMMS vulnerabilities

=== Ubuntu Security Notice USN-445-1 March 27, 2007 xmms vulnerabilities CVE-2007-0653, CVE-2007-0654 === A security issue affects the following Ubuntu releases: Ubuntu

Re: Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC

The Articles module has been updated to v1.03, which contains some input sanitising and should negate this exploit. Version 1.03 can be downloaded from http://support.sirium.net/modules/mydownloads/viewcat.php?cid=2

Re: Multiple Vulnerabilities In osTicket

I've fixed these bugs in eTicket... see: http://eticket.sourceforge.net/

iDefense Security Advisory 03.28.07: IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability

IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability iDefense Security Advisory 03.28.07 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 28, 2007 I. BACKGROUND IBM Lotus Domino Server software provides messaging, calendaring and scheduling capabilities

Cisco Security Advisory: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities Advisory ID: cisco-sa-20070328-voip http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml Revision 1.0 For Public Release

Bypass phishing protection in Firefox / Opera

Hi, i've tested a simple way to bypass the phishing protection in Firefox 2.0.0.3 and Opera 9.10. Aparently both browsers fails to detect a phishing site if it is embeded in an IFRAME / OBJECT label. I've released some demostrations to test the above:

Corel Wordperfect Office X3 Stack Overflow

Product Name: Wordperfect X3 (13.0.0.565) Vendor: http://www.corel.com Date: 28 March, 2007 Author: Jonathan So jonny [ @ ] nop-art [ dot] net Advisory URL: http://www.nop-art.net/advisories/wpwinX3.txt I. DESCRIPTION A stack

[Full-Disclosure] Another XSS vulnerability in italian Libero.it

Permanent Url: http://www.lastknight.com/libero-xss/ After the report of Rosario Valotta on this ML, another XSS vulnerability has been found on Libero.it, one of the most important italian ISP (www.libero.it). Nothing more than a trivial error but, since Libero.it staff used the printed media