-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2116-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
October 12, 2010
ANATOLIA SECURITY ADVISORY
### ADVISORY INFO ###
+ Title: Collabtive Multiple Vulnerabilities
+ Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt
+ Advisory ID: 2010-003
+ Version: 0.65
+ Date: 12/10/2010
+ Impact: Gaining Administrative
Hi,all !
I find xterm on ubuntu 10.04 have a local heap overflow,
I don't known that can it be exploit on glibc 2.11 .
detail :
watercl...@ubuntu:~/Downloads$ ls -l `which xterm`
-rwxr-sr-x 1 root utmp 35 2010-03-31 17:47 /usr/bin/xterm
watercl...@ubuntu:~/Downloads$ xterm -fb `perl -e
==
Secunia Research 12/10/2010
- Microsoft Excel Ghost Record Type Parsing Vulnerability -
==
Table of Contents
Affected
Title
-
DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service
(CVE-2010-3509)
Severity
High
Date Discovered
---
November 3, 2009
Discovered By
-
Digital Defense, Inc. Vulnerability Research Team
Credit: Alex Kaszczuk,
==
Secunia Research 12/10/2010
- Microsoft Excel Record Parsing Integer Overflow Vulnerability -
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2120-1 secur...@debian.org
http://www.debian.org/security/ Florian Weimer
October 12, 2010
Dear List,
I'm writing on behalf of the Check Point Vulnerability Discovery Team to
publish the following vulnerability.
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
Internet Explorer Uninitialized Memory Corruption Vulnerability
Dear all,
the deadline for submitting Training proposals for IBWAS'10 is approaching.
Please advertise this.
(sorry for the spam and for receiving multiple copies of this)
Best regards,
-
2nd. OWASP Ibero-American
==
Secunia Research 12/10/2010
- Microsoft Excel Extra Out of Boundary Record Vulnerability -
==
Table of Contents
Affected
==
Secunia Research 12/10/2010
- Microsoft Excel Lotus 1-2-3 File Parsing Vulnerability -
==
Table of Contents
Affected
This has already been made public:
http://lists.grok.org.uk/pipermail/full-disclosure/2010-September/076294.html
On Ubuntu, xterm is setgid utmp, which might make it an interesting
target for local attacks. However, you'll need to check if it's
already dropped group utmp privileges by the time
Vulnerability ID: HTB22628
Reference:
http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_freshftp.html
Product: FreshFTP
Vendor: FreshWebMaster ( http://www.freshwebmaster.com )
Vulnerable Version: 5.36 and Probably Prior Versions
Vendor Notification: 27 September 2010
Vulnerability ID: HTB22632
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pluxml_1.html
Product: PluXml
Vendor: PluXml Team ( http://pluxml.org/ )
Vulnerable Version: 5.0.1 and probably prior versions
Vendor Notification: 29 September 2010
Vulnerability Type: XSS (Cross Site
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:200
http://www.mandriva.com/security/
Vulnerability ID: HTB22629
Reference:
http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_anyconnect.html
Product: AnyConnect
Vendor: AnyConnect ( http://www.anyconnect.net )
Vulnerable Version: 1.2.3.0 and Probably Prior Versions
Vendor Notification: 27 September 2010
Vulnerability ID: HTB22619
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_lara.html
Product: Lara
Vendor: Geographical Media ( http://getlara.com/ )
Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions
Vendor Notification: 27 September 2010
Vulnerability Type: CSRF
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:202
http://www.mandriva.com/security/
Vulnerability ID: HTB22627
Reference:
http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_robo_ftp.html
Product: Robo-FTP
Vendor: Serengeti Systems Incorporated ( http://www.robo-ftp.com )
Vulnerable Version: 3.7.3 and Probably Prior Versions
Vendor Notification: 27 September
I wrote about a week ago:
Many Oracle web server installations have a fcgi-bin/echo script
left over from default demo (google for inurl:fcgi-bin/echo). That
script seems vulnerable to XSS. (PoC exploit and explanation of
impact withheld now.)
I asked secur...@oracle.com and they said
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:201
http://www.mandriva.com/security/
21 matches
Mail list logo