[SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2116-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 12, 2010

Collabtive Multiple Vulnerabilities

ANATOLIA SECURITY ADVISORY ### ADVISORY INFO ### + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact: Gaining Administrative

ubuntu 10.04 xterm heap overflow,can it be exploit ?

Hi,all ! I find xterm on ubuntu 10.04 have a local heap overflow, I don't known that can it be exploit on glibc 2.11 . detail : watercl...@ubuntu:~/Downloads$ ls -l `which xterm` -rwxr-sr-x 1 root utmp 35 2010-03-31 17:47 /usr/bin/xterm watercl...@ubuntu:~/Downloads$ xterm -fb `perl -e

Secunia Research: Microsoft Excel Ghost Record Type Parsing Vulnerability

== Secunia Research 12/10/2010 - Microsoft Excel Ghost Record Type Parsing Vulnerability - == Table of Contents Affected

DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service (CVE-2010-3509)

Title - DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service (CVE-2010-3509) Severity High Date Discovered --- November 3, 2009 Discovered By - Digital Defense, Inc. Vulnerability Research Team Credit: Alex Kaszczuk,

Secunia Research: Microsoft Excel Record Parsing Integer Overflow Vulnerability

== Secunia Research 12/10/2010 - Microsoft Excel Record Parsing Integer Overflow Vulnerability - == Table of Contents Affected

[SECURITY] [DSA 2120-1] New postgresql-8.3 packages fix privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2120-1 secur...@debian.org http://www.debian.org/security/ Florian Weimer October 12, 2010

Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Internet Explorer Uninitialized Memory Corruption Vulnerability

IBWAS'10 CfTraining - Deadline Approaching

Dear all, the deadline for submitting Training proposals for IBWAS'10 is approaching. Please advertise this. (sorry for the spam and for receiving multiple copies of this) Best regards, - 2nd. OWASP Ibero-American

Secunia Research: Microsoft Excel Extra Out of Boundary Record Vulnerability

== Secunia Research 12/10/2010 - Microsoft Excel Extra Out of Boundary Record Vulnerability - == Table of Contents Affected

Secunia Research: Microsoft Excel Lotus 1-2-3 File Parsing Vulnerability

== Secunia Research 12/10/2010 - Microsoft Excel Lotus 1-2-3 File Parsing Vulnerability - == Table of Contents Affected

Re: ubuntu 10.04 xterm heap overflow,can it be exploit ?

This has already been made public: http://lists.grok.org.uk/pipermail/full-disclosure/2010-September/076294.html On Ubuntu, xterm is setgid utmp, which might make it an interesting target for local attacks. However, you'll need to check if it's already dropped group utmp privileges by the time

Directory Traversal Vulnerability in FreshFTP

Vulnerability ID: HTB22628 Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_freshftp.html Product: FreshFTP Vendor: FreshWebMaster ( http://www.freshwebmaster.com ) Vulnerable Version: 5.36 and Probably Prior Versions Vendor Notification: 27 September 2010

XSS vulnerability in PluXml

Vulnerability ID: HTB22632 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pluxml_1.html Product: PluXml Vendor: PluXml Team ( http://pluxml.org/ ) Vulnerable Version: 5.0.1 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: XSS (Cross Site

[ MDVSA-2010:200 ] wireshark

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:200 http://www.mandriva.com/security/

Directory Traversal Vulnerability in AnyConnect

Vulnerability ID: HTB22629 Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_anyconnect.html Product: AnyConnect Vendor: AnyConnect ( http://www.anyconnect.net ) Vulnerable Version: 1.2.3.0 and Probably Prior Versions Vendor Notification: 27 September 2010

XSRF (CSRF) in Lara

Vulnerability ID: HTB22619 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_lara.html Product: Lara Vendor: Geographical Media ( http://getlara.com/ ) Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 27 September 2010 Vulnerability Type: CSRF

[ MDVSA-2010:202 ] krb5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:202 http://www.mandriva.com/security/

Directory Traversal Vulnerability in Robo-FTP

Vulnerability ID: HTB22627 Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_robo_ftp.html Product: Robo-FTP Vendor: Serengeti Systems Incorporated ( http://www.robo-ftp.com ) Vulnerable Version: 3.7.3 and Probably Prior Versions Vendor Notification: 27 September

Re: XSS in Oracle default fcgi-bin/echo

I wrote about a week ago: Many Oracle web server installations have a fcgi-bin/echo script left over from default demo (google for inurl:fcgi-bin/echo). That script seems vulnerable to XSS. (PoC exploit and explanation of impact withheld now.) I asked secur...@oracle.com and they said

[ MDVSA-2010:201 ] freetype2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:201 http://www.mandriva.com/security/