IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability
iDefense Security Advisory 07.26.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 26, 2007
I. BACKGROUND
The capture program is a setuid root application, installed by default
under multiple versions of IBM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0034-1
Published: 2007-07-26
Rating: Major
Updated Versions:
lighttpd=/[EMAIL PROTECTED]:devel//1/1.4.15-0.3-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.6-2
References:
-Original Message-
From: Williams, James K
Sent: Tuesday, July 24, 2007 7:56 PM
To: 'bugtraq@securityfocus.com'
Subject: [CAID 35525, 35526]: CA Products Arclib Library
Denial of Service Vulnerabilities
Title: [CAID 35525, 35526]: CA Products Arclib Library Denial of
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200707-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:150
http://www.mandriva.com/security/
Guidance Software Response to iSEC Report
Guidance Software received and reviewed the report drafted by two presenters at
the upcoming Black Hat USA conference. We have also spoken to Alex Stamos, one
of the testing leaders. The report authors disclose that they conducted, over a
period of
+
+ PhpHostBot (login_form) Remote File Inclusion
+
+ Download link : http://www.idevspot.com/PhpHostBot.php
+
+
+
+
+ Bug Found By
Since I published this report it has come to my attention that
Thunderbird 1.5, unlike Thunderbird 2.0, has not been patched with the
osint security flag. As such all Thunderbird 1.5 users are vulnerable
against this attack and those exploits. Now would be a good time to
upgrade to Thunderbird
iSEC Partners Security Advisory - 2007-003-libvorbis
http://www.isecpartners.com
libvorbis 1.1.2 - Multiple memory corruption flaws
Vendor: Xiph.org
Vendor URL: http://www.xiph.org
Systems Affected: All tested software based upon libvorbis 1.1.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00727143
Version: 5
HPSBMA02133 SSRT061201 rev.5 - HP Oracle for OpenView (OfO) Critical Patch
Update
NOTICE: The information in this Security Bulletin should be acted upon as soon
as
IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities
iDefense Security Advisory 07.26.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 26, 2007
I. BACKGROUND
The ftp program is a client application for accessing data stored on FTP
servers. This client is responsible for
_
A R I A - S E C U R I T Y
_
Dependet Forums (Username Field) RemotE SQL Injection
DORK: Powered by: Dependent Forums v1.02
Insert Your SQL Injection Code into the Username field.
For Example
' union select * from members where member=1
Credits:
IBM AIX pioout Arbitrary Library Loading Vulnerability
iDefense Security Advisory 07.26.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 26, 2007
I. BACKGROUND
The pioout program is a setuid root application, installed by default
under multiple versions of IBM AIX, that is used to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1341-2[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
July 25th, 2007
[HSC] PHPSysInfo Index.php Cross Site Scripting
PhpSysInfo is a PHP script that displays information about the host being
accessed.
An attacker may leverage this issue to have arbitrary script code execute
in the browser of an unsuspecting user in the context of the affected site.
This may
15 matches
Mail list logo