While discussion of the vulnerability is great, it would be nice for us to
retain some credit; the advisory represents the culmination of a lot of
research work. The PDF that accompanies the hacking-lab movie is basically just
a copy paste from our advisory with no attribution. Anyone that
SEC Consult Security Advisory 20100208-0
===
title: Backdoor and Vulnerabilities in Xerox
WorkCentre Printers Web Interface
products: Xerox WorkCentre 5665/5675/5687
vulnerable
-BEGIN PGP SIGNED MESSAGE-
CA20100222-01: Security Notice for CA Service Desk
Issued: February 22, 2010
CA's support is alerting customers to a security risk with CA Service
Desk r12.1. The release of Tomcat as included with CA Service Desk
r12.1 is potentially susceptible to a
==
Secunia Research 22/02/2010
- Bournal ccrypt Information Disclosure Security Issue -
==
Table of Contents
Affected
==
Secunia Research 22/02/2010
- Bournal Insecure Temporary Files Security Issue -
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:044
http://www.mandriva.com/security/
===
Ubuntu Security Notice USN-902-1 February 22, 2010
pidgin vulnerabilities
CVE-2010-0277, CVE-2010-0420, CVE-2010-0423
===
A security issue affects the following Ubuntu
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( _ ) Y Y \
/__ /\___|__ / \___ /|__|_| /
\/ \/.-.\/ \/:wq
Hacktics Research Group Security Advisory
http://www.hacktics.com/#view=Resources%7CAdvisory
By Irene Abezgauz, Hacktics.
22-Feb-2010
===
I. Overview
===
During a penetration test performed by Hacktics' experts, a persistent
cross-site scripting vulnerability was identified in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-2003-1secur...@debian.org
http://www.debian.org/security/ Dann Frazier
February 22, 2010
Hi Andrew,
As you might not be aware, there are more of these 'flaws' in the
microsoft windows operating systems. Having admin priviliges means that
you can do anything with the system you want, for your actions to work
you need to have these rights and as suchs the flaw can only be
described as
* Other vulnerabilities covered in bid:38262 *
=== Infos ===
Credit: loneferret
Found: 18/02/10
Versions affected = 1.7.0.2
=== Description ===
Lack of input length checks for the CWD command result in a buffer overflow
vulnerability, allowing the execution of arbitrary code by a
+--+
ADVISORY – jQuery Validate 1.6.0 Demo Code
AFFECTED PACKAGES
jQuery Validate 1.6.0
SilverStripe 2.3.X to 2.3.5
ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-019
February 19, 2010
-- CVE ID:
CVE-2009-3988
-- Affected Vendors:
Mozilla Firefox
-- Affected Products:
Mozilla Firefox 3.0.x
-- TippingPoint(TM) IPS Customer
Hello, folks,
I've just posted a revision of the Security Assessment of the
Transmision Control Protocol (TCP) IETF Internet-Draft. It's
available at the usual places (including:
http://tools.ietf.org/id/draft-ietf-tcpm-tcp-security-01.txt). (It is
a derivative of the CPNI TCP-security document
I think we can safely say that last month's meet was a huge success and
the new venue was heartily approved by all... Attendance was back up and
talks were excellent, as was food/drink/socialising etc., so thanks to
all that made it!
This month we hope to continue in the same vein, with the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:043
http://www.mandriva.com/security/
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-039
Application:Symantec Antivirus Client Proxy
Versions Affected: Version 10
Vendor URL: http://symantec.com
Bugs: Buffer Overflow
Exploits:
#
# Securitylab.ir
#
# Application Info:
# Name: Official Portal 2007
#
# Vulnerability Info:
#
Last week Czech researchers released information on a new worm which
exploits CPE devices (broadband routers) by means such as default
passwords, constructing a large DDoS botnet. Today this story hit
international news.
Original Czech:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:045
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:046
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:047
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
CA20100223-01: Security Notice for CA eHealth Performance Manager
Issued: February 23, 2010
CA's support is alerting customers to a security risk with CA eHealth
Performance Manager. A cross-site scripting vulnerability exists that
can allow a remote attacker
VUPEN Security Research - Symantec Products SYMLTCOM.dll Buffer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. DESCRIPTION
-
VUPEN Vulnerability Research Team discovered a vulnerability in various
Symantec security products.
The vulnerability is
Please find attached a detailed advisory of the vulnerability.
Alternatively, the advisory can also be found at:
http://www.trapkit.de/advisories/TKADV2010-003.txt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: avast! 4.8 and 5.0 aavmker4.sys Kernel Memory
[=] Affected software :
Name : Kojoney
Description : Low interaction SSH honeypot
Version : 0.0.4.2
Service : TCP/22
[=] Patched version :
http://sourceforge.net/projects/kojoney/files/kojoney-0.0.4.2.tar.gz/download
[=] Technical details :
Emulation of
It's no secret that there are tons of broadband routers/modems with
exposed admin interfaces (HTTP/SSH/Telnet/whatever) using default/weak
credentials.
While the Chuck Norris botnet is interesting in that it shows that the
problem is real, it shouldn't surprise anyone who has researched the
ZDI-10-021: Novell NetStorage xsrvd Long Pathname Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-021
February 23, 2010
-- Affected Vendors:
Novell
-- Affected Products:
Novell NetStorage
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS
ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-020
February 23, 2010
-- CVE ID:
CVE-2010-0620
-- Affected Vendors:
EMC
-- Affected Products:
EMC HomeBase Server
-- Vulnerability Details:
This
30 matches
Mail list logo