===
Ubuntu Security Notice USN-444-1 March 27, 2007
openoffice.org(2)/-amd64, ia32-libs-openoffice.org vulnerabilities
CVE-2007-0238, CVE-2007-0239
===
A security issue
===
Ubuntu Security Notice USN-446-1 March 28, 2007
nas vulnerabilities
CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547
===
A security issue
ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-011.html
March 28, 2007
-- CVE ID:
CVE-2007-1675
-- Affected Vendor:
IBM
-- Affected Products:
IBM Lotus Domino Server 6.5
IBM Lotus
Solution found here: http://eticket.sourceforge.net/
3APA3A wrote:
11.10.2006Vendor response:
We believe this is not a security vulnerability but in fact a
deliberate security feature to mitigate problems with invalid data
propagating through the system.
Proving once again that MS has ordered all of it's copies of KR
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi!
Moritz Naumann wrote:
This does not impact how much the rest of my report applies. My
findings are now being discussed on the ViewVC developers mailing list
[1]. They apparently also impact ViewVC. Whether and to which degree
what I am
Moritz Naumann wrote:
I recommend that users and distributors of earlier ViewVC and ViewCVS
versions should either backport the patch which disables the 'checkout
view' or the one which makes it optional and deactivate it by default.
A less simple but less restrictive patch would introduce a
IBM Lotus Domino Web Access Cross Site Scripting Vulnerability
iDefense Security Advisory 03.28.07
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 28, 2007
I. BACKGROUND
IBM Lotus Domino Web Access is a web-based messaging and collaboration
interface for the Lotus Domino server. More
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1270-2[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 28th, 2007
SUMMARY
===
An arbitrary command execution vulnerability exists in the command line
administration interface of the software used by DataDomain appliances.
An attacker who is able to access the administration interface could
exploit this vulnerability to install malicious software and use the
TrueCrypt 4.3 for Linux from http://www.truecrypt.org/
It seems to be possible to perform various denial of service attacks on a Linux
computer running TrueCrypt in set-uid root mode, or possible introduce evil
binaries into normally trusted locations. I tested this on the latest
version, 4.3,
===
Ubuntu Security Notice USN-445-1 March 27, 2007
xmms vulnerabilities
CVE-2007-0653, CVE-2007-0654
===
A security issue affects the following Ubuntu releases:
Ubuntu
The Articles module has been updated to v1.03, which contains some input
sanitising and should negate this exploit.
Version 1.03 can be downloaded from
http://support.sirium.net/modules/mydownloads/viewcat.php?cid=2
I've fixed these bugs in eTicket... see: http://eticket.sourceforge.net/
IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow
Vulnerability
iDefense Security Advisory 03.28.07
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 28, 2007
I. BACKGROUND
IBM Lotus Domino Server software provides messaging, calendaring and
scheduling capabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Cisco Unified CallManager and
Presence Server Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20070328-voip
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml
Revision 1.0
For Public Release
Hi, i've tested a simple way to bypass the phishing protection in Firefox
2.0.0.3 and Opera 9.10. Aparently both browsers fails to detect a phishing site
if it is embeded in an IFRAME / OBJECT label.
I've released some demostrations to test the above:
Product Name: Wordperfect X3 (13.0.0.565)
Vendor: http://www.corel.com
Date: 28 March, 2007
Author: Jonathan So jonny [ @ ] nop-art [ dot] net
Advisory URL: http://www.nop-art.net/advisories/wpwinX3.txt
I. DESCRIPTION
A stack
Permanent Url: http://www.lastknight.com/libero-xss/
After the report of Rosario Valotta on this ML, another XSS vulnerability
has been found on Libero.it, one of the most important italian ISP
(www.libero.it).
Nothing more than a trivial error but, since Libero.it staff used the
printed media
19 matches
Mail list logo