Hi,
Symantec researcher Elia Florip has warned, at the company's weblog
[1],of a 0day attack in Windows XP and 2003 that allows unprivileged
users to gain SYSTEM privileges via a buggy driver installed by default.
In his/her post, Elia brings us an important clue:At the moment, it's
still not
#
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#
#
# Product: IP Softphone
# Vendor: Nortel
# Subject: UNIStim IP Softphone Buffer-Overflow
# Risk:High
#
#
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#
#
# Product: IP Phone
# Vendor: Nortel
# Subject: IP Phone Surveillance Mode
# Risk:High
# Effect:
#
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#
#
# Product: IP Phone
# Vendor: Nortel
# Subject: IP Phone Flooding Denial of Service
# Risk:High
# Effect:
#
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#
#
# Product: IP Phone
# Vendor: Nortel
# Subject: IP Phone forced re-authentication
# Risk:High
# Effect:
Following are the latest addition to the Web Hacking Incidents Database
(WHID), a Web Application Security Consortium project. For further
information about the incidents including reference to further
information about each incident, refer to WHID's site at
#
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#
#
# Product: Telephony Server
# Vendor: Nortel
# Subject: Telephony Server Denial of Service
# Risk:High
#
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA 1388-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
October 18th, 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01182588
Version: 2
HPSBUX02273 SSRT071476 rev.2 - HP-UX Running Apache, Remote Unauthorized Denial
of Service (DoS)
NOTICE: The information in this Security Bulletin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01183265
Version: 2
HPSBMA02274 SSRT071445 rev.2 - HP System Management Homepage (SMH) for HP-UX,
Remote Cross Site Scripting (XSS)
NOTICE: The information in this
Hi,
Symantec researcher Elia Florio has warned, at the company's weblog,of a
0day attack in Windows XP and 2003 that allows unprivileged users to
gain SYSTEM privileges via a buggy driver installed by default.
In his/her post, Elia brings us an important clue:At the moment, it’s
still not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
C H A S E - 2 0 0 7
Lahore
December 07-08 2007
http://www.chase.org.pk/
CHASE-2007 is a unique information and network security
event of its kind being
On Tuesday 16 October 2007, James Lay wrote:
Nothing in my logs..just out of curiosity, are you running sshd with
protocol version 1, 2, or both?
I'm running SSH with protocol version 2 only. But as someone else mentioned,
this is obviously not an attack against SSH anyways. It just arrived on
Am Mittwoch 17 Oktober 2007 schrieb [EMAIL PROTECTED]:
SimplePHPBlog
Cross Site Request Forgeries
Tested on v0.4.9
What's the purpose on reporting issues on old versions?
I don't know simplephpblog, but a quick look on their page tells me that
they've released a bunch of security related
Dear Felix,
While I love your comment and really welcome constructive criticism,
I actually think you should keep the focus on the Fox News style
question marks. Nowhere is being said that this is the end of
Defence in Depth (as a paradigm), we ask the question.
Then again you seem to be judging
rPath Security Advisory: 2007-0219-1
Published: 2007-10-18
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Denial of Service
Updated Versions:
[EMAIL PROTECTED]:1/1.2.22-1-0.1
rPath Issue Tracking System:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1389-1[EMAIL PROTECTED]
http://www.debian.org/security/Thijs Kinkhorst
October 18th, 2007
The Windows binary GSV48W32.EXE of gsview
http://pages.cs.wisc.edu/~ghost/gsview/
ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/ghostgum/gsv48w32.exe
ships with a zlib32.dll (originally named zlib.dll) v1.2.2
http://www.zlib.net/ which is vulnerable to CAN-2005-2096.
The zlib32.dll is dated
At least the freeware version of Softwin's anti-virus solution
BitDefender Free Edition
http://www.bitdefender.com/site/view/Download-Free-Products.html
http://download.bitdefender.com/windows/free/winfree/en/bitdefender_free_v10.exe
ships with a completely outdated zlib 1.1.3 http://www.zlib.net/
All,
As a result of a short security audit of SiteBar, a number of security holes
were found. The holes included code execution, a malicious redirect and
multiple cases of Javascript injection.
After liasing with the developers, the holes have been patched. Attached are
the advisory and
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
The Windows binaries of curl, built by the author and maintainer of
curl and available for download at http://curl.haxx.se/download.html
are linked with zlib 1.2.2 http://www.zlib.net/, which is but
vulnerable to CAN-2005-2096:
| x:\curl -V
| curl 7.17.0 (i586-pc-mingw32msvc) libcurl/7.17.0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
##
- S21Sec Advisory -
##
Title: Alcatel Omnivista 4760 Cross-Site Scripting
ID: S21SEC-038-en
Severity: Medium -
History:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:200
http://www.mandriva.com/security/
25 matches
Mail list logo