[USN-690-1] Firefox and xulrunner vulnerabilities

=== Ubuntu Security Notice USN-690-1 December 17, 2008 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511,

[TKADV2008-015] Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer dereference

Please find attached a detailed advisory of the vulnerability. Alternatively, the advisory can also be found at: http://www.trapkit.de/advisories/TKADV2008-015.txt -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Advisory: Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer

Firefox cross-domain text theft (CESA-2008-011)

Hi, Firefoxes 2.0.0.19 and 3.0.5 fix a cross-domain theft of textual data. The theft is via cross-domain information leaks in JavaScript error messages for scripts executed via script src=remote_domain.org. The JavaScript error messages are made available to the window.onerror handler. In some

[USN-692-1] Gadu vulnerability

=== Ubuntu Security Notice USN-692-1 December 17, 2008 ekg, libgadu vulnerability CVE-2008-4776 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS

Re: Joomla: Session hijacking vulnerability, CVE-2008-4122

Yes, I can reproduce this behavior. The application should reinitialize the cookie after the login but instead it will keep the previous cookie. An interesting thing this is valid only for the login_module, the administrator login page does not automatically redirect to HTTPS by configuration.

[USN-693-1] LittleCMS vulnerability

=== Ubuntu Security Notice USN-693-1 December 17, 2008 LittleCMS vulnerability CVE-2008-5317 === A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu

[USN-690-2] Firefox vulnerabilities

=== Ubuntu Security Notice USN-690-2 December 18, 2008 firefox vulnerabilities CVE-2008-5500, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513

[USN-690-3] Firefox vulnerabilities

=== Ubuntu Security Notice USN-690-3 December 18, 2008 firefox vulnerabilities CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5511, CVE-2008-5512 === A

[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Update 2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Update 2 Severity: Important Vendor: Multiple (was The Apache Software Foundation) Versions Affected: Various Description (new information): This vulnerability was originally

[USN-694-1] libvirt vulnerability

=== Ubuntu Security Notice USN-694-1 December 18, 2008 libvirt vulnerability CVE-2008-5086 === A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04

[USN-695-1] shadow vulnerability

=== Ubuntu Security Notice USN-695-1 December 18, 2008 shadow vulnerability https://launchpad.net/bugs/306082 === A security issue affects the following Ubuntu releases:

php python extension safe_mode bypass

?php /* php_python_bypass.php php python extension safe_mode bypass Amir Salmani - amir[at]salmani[dot]ir */ //python ext. installed? if (!extension_loaded('python')) die(python extension is not installed\n); //eval python code $res = python_eval(' import os pwd = os.getcwd() print pwd

EasySiteNetwork (joke.php?id) Remote SQL injection Vulnerability

### IRANIN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## EasySiteNetwork (joke.php?id) ##

[ MDVSA-2008:245 ] firefox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:245 http://www.mandriva.com/security/

CONFidence 2009, CFP

Attention! Calling all practitioners in the field of IT security! The 5th edition of the best Polish IT security conference, CONFIDENCE 2008, is taking place in May 15/16, 2008. We invite all to send the proposed topic and abstracts of presentation till the end of January. Please, remember