Multiple Vendor X Server fonts.dir File Parsing Integer Overflow
Vulnerability
iDefense Security Advisory 04.03.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 03, 2007
I. BACKGROUND
The X Window System (or X11) is a graphical windowing system used on
Unix-like systems. It is
rPath Security Advisory: 2007-0063-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated Versions:
krb5=/[EMAIL PROTECTED]:devel//1/1.4.1-7.6-1
krb5-server=/[EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:075
http://www.mandriva.com/security/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200704-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP RFC_START_PROGRAM RFC Function Multiple
Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability
iDefense Security Advisory 04.03.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 03, 2007
I. BACKGROUND
The X Window System (or X11) is a graphical windowing system used on
Unix-like systems. It is based on
===
Ubuntu Security Notice USN-449-1 April 04, 2007
krb5 vulnerabilities
CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
===
A security issue affects the following Ubuntu
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:074
http://www.mandriva.com/security/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200704-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
By Hasadya Raed
Contact : [EMAIL PROTECTED]
Israel
--
Script : phpexplorator_2_0
Download : http://phpexplorator.sourceforge.com
Dork : Copyright (c) 2006, Tchouamou Eric Herve
--
B.File :
phpexplorator.php
--
Expl :
:: :::
:: :: :: : ::
:: :: : :
:: :: ::: ::: :: :: :: ::::
:: :: :: : : : :: ::
Xmor$ Security Vulnerability Research
:: :::
:: :: :: : ::
:: :: : :
:: :: ::: ::: :: :: :: ::::
:: :: :: : : : :: ::
Xmor$ Security Vulnerability Research TM
rPath Security Advisory: 2007-0066-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Information Exposure
Updated Versions:
kdelibs=/[EMAIL PROTECTED]:devel//1/3.4.2-5.14-1
qt-x11-free=/[EMAIL
rPath Security Advisory: 2007-0065-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Local Root Deterministic Unauthorized Access
Updated Versions:
freetype=/[EMAIL PROTECTED]:devel//1/2.1.10-5.1-1
xorg-x11=/[EMAIL
:: :::
:: :: :: : ::
:: :: : :
:: :: ::: ::: :: :: :: ::::
:: :: :: : : : :: ::
Xmor$ Security Vulnerability Research
On Sun, 1 Apr 2007, Pavel Kankovsky wrote:
You do not have to rely on some other user running your trojan horse.
You can replace a program run automatically (e.g. by cron). Or something
even better: replace system dynamic libraries (e.g. /lib/tls) and run a
dynamically linked setuid program
On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[EMAIL PROTECTED] wrote:
And there's a patch for that Realtek already to go on the download
site. (read the caveat section). So far all I've seen/heard is that one.
Yes, I forgot to mention the patch.
This is patching 7 graphics
On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[EMAIL PROTECTED] wrote:
the community need that they are reacting to. Gadi and the crew work
hard and have my respect for their efforts.
Agreed. Previous patches worked as advertised with no adverse side
effects here.
If you are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1277-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
April 04, 2007
-
#Title : Gazi Okul Sitesi 2007(tr)(fotokategori.asp) Remote SQL Injection
Vulnerability
#Author : CoNqUeRoR
#Demo Page : http://www.gazilogo.com
#Script Page : http://www.aspindir.com/indir.asp?id=4746
#Date : 30-03-2007
#Vulnerability:
#Username Password :
http://www.gnucitizen.org/blog/firebug-goes-evil
There is critical vulnerability in Firefox/Firebug which allows
attackers to inject code inside the browser chrome. This can lead to a
lot of problems. Theoretically everything is possible, from modifying
the user file system to launching
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:077
http://www.mandriva.com/security/
rPath Security Advisory: 2007-0067-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Local User Deterministic Denial of Service
Updated Versions:
nas=/[EMAIL PROTECTED]:devel//1/1.8b-0.2-1
References:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- ---
VMware Security Advisory
Advisory ID: VMSA-2007-0003
Synopsis: VMware ESX 3.0.1 and 3.0.0 server security updates
Issue date:2007-04-02
:: :::
:: :: :: : ::
:: :: : :
:: :: ::: ::: :: :: :: ::::
:: :: :: : : : :: ::
Xmor$ Security Vulnerability Research
:: :::
:: :: :: : ::
:: :: : :
:: :: ::: ::: :: :: :: ::::
:: :: :: : : : :: ::
Xmor$ Security Vulnerability Research
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:078
http://www.mandriva.com/security/
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP TRUSTED_SYSTEM_SECURITY RFC Function
Hey all,
For anyone that's interested I've just written three papers relating to
Oracle forensics. More will follow...
Oracle Forensics Part 1: Dissecting the Redo Logs
Oracle Forensics Part 2: Locating Dropped Objects
Oracle Forensics Part 3: Isolating Evidence of Attacks Against the
Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability
iDefense Security Advisory 04.03.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 03, 2007
I. BACKGROUND
The X Window System (or X11) is a graphical windowing system used on
Unix-like systems. It is based on a
-
Mariano Nuñez Di Croce
CYBSEC S.A. Security Systems
Email: [EMAIL PROTECTED]
Tel/Fax: (54-11) 4371-
Web: http://www.cybsec.com
PGP: http://www.cybsec.com/pgp/mnunez.txt
-
(The following pre-advisory is also
32 matches
Mail list logo
