[USN-582-2] Thunderbird vulnerabilities

=== Ubuntu Security Notice USN-582-2 March 06, 2008 mozilla-thunderbird https://launchpad.net/bugs/197504 === A security issue affects the following Ubuntu releases: Ubuntu

Re: Multiple vulnerabilities in Double-Take 5.0.0.2865

Luigi Auriemma wrote: Application: Double-Take Double Take responded: You may be aware of a recent posting of “vulnerabilities” in Double-Take 5.0 by an Italian gentleman, Luigi Auriemma. Essentially he found that sending packets of malformed data to our service will crash the service. He

[ MDVSA-2008:061 ] - Updated mailman packages fix multiple XSS vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:061 http://www.mandriva.com/security/ ___

[SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1513-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp March 06, 2008

Directory traversal in MicroWorld eScan Server 9.0.742.98

### Luigi Auriemma Application: MicroWorld eScan Server (aka eScan Management Console) http://www.mwti.net Versions: <= 9.0.742.98 Platforms:Windows Bug: directory tra

RE: Firewire Attack on Windows Vista

>>Roger, you should note that Adam's "Hit by a Bus" paper includes information about how Linux users can load their OS' Firewire driver in a way that should disallow physical memory DMA access, and close this attack vector. What are the implications for firewire device compatibility of doing this

RE: Firewire Attack on Windows Vista

Actually they can be prevented by instructing the controller to filter the adresses the devices send. Then again, that's work, and physical attacks are typically considered low-risk, so I guess it's not found worth it. The obvious reason to mention Vista is of course that Microsoft likes to ta

Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability

Hi Alexandr! I added a "monkey-patch" for this in the Metasploit source tree -- even if you use Metasploit 3.1 with an unpatched version of Ruby, the patched handler code is loaded into memory on top of the existing module. Since the msfweb service will bind to 127.0.0.1 by default, this is not

PHP-Nuke KutubiSitte "kid" SQL Injection

RBT-4 Crew rbt-4.net PHP-Nuke KutubiSitte "kid" SQL Injection http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3058 AUTHOR : Lovebug # modules.php?name=KutubiSitte&h_op=hadisgoster&kid= Exploit : -1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2

Re: Firewire Attack on Windows Vista

Salut, Roger, On Wed, 5 Mar 2008 16:30:35 -0500, Roger A. Grimes wrote: > As somewhat indicated in the paper itself, these types of physical > DMA attacks are possible against any PC-based OS, not just Windows. > If that's true, why is the paper titled around Windows Vista? That's very easy: beca

Sun JDK image parsing vulnerabilities

Hi, A couple more JPEG ICC parsing bugs were fixed in the latest JDK updates. Full technical details: http://scary.beasts.org/security/CESA-2007-005.html The most interesting part is the faulty code: Limit = SpGetUInt32 (Buf); ... UInt16Ptr = (KpUInt16_t *)SpMalloc (Limit * (KpInt32_t)sizeof

Checkpoint VPN-1 UTM Edge cross-site scripting

Louhi Networks Security Advisory Advisory: Checkpoint VPN-1 UTM Edge cross-site scripting Release Date: 2008/03/06 Last Modified: 2008/03/06 Authors: Henri Lindberg, Associate of (ISC)² [EMAIL PROTECTED] Application

Re: Firewire Attack on Windows Vista

On Thu, 6 Mar 2008, Roger A. Grimes wrote: > As somewhat indicated in the paper itself, these types of physical > DMA attacks are possible against any PC-based OS, not just Windows. > If that's true, why is the paper titled around Windows Vista? > > I guess it makes headlines faster. But isn't as

Re: Firewire Attack on Windows Vista

On Wed, Mar 05, 2008 at 04:30:35PM -0500, Roger A. Grimes wrote: > As somewhat indicated in the paper itself, these types of physical DMA > attacks are possible against any PC-based OS, not just Windows. If that's > true, why is the paper titled around Windows Vista? > > I guess it makes headlin

[DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-018 Application:Ruby 1.8.6 (WEBrick Web server Toolkit and applications that used WEBrick, like Metasploit 3.1) Versions Affected: Ruby 1.8.4 and all prior versi

[ GLSA 200803-11 ] Vobcopy: Insecure temporary file creation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[USN-584-1] OpenLDAP vulnerabilities

=== Ubuntu Security Notice USN-584-1 March 05, 2008 openldap2.2, openldap2.3 vulnerabilities CVE-2007-6698, CVE-2008-0658 === A security issue affects the following Ubuntu r

[ MDVSA-2008:060 ] - Updated Joomla! packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:060 http://www.mandriva.com/security/ ___

[ GLSA 200803-12 ] Evolution: Format string vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -