XSS vulnerability in Zimplit CMS

2010-12-08 Thread advisory
Vulnerability ID: HTB22715 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms.html Product: Zimplit CMS Vendor: Zimplit ( http://www.zimplit.com/ ) Vulnerable Version: Current at 22.11.2010 and Probably Prior Versions Vendor Notification: 22 November 2010 Vulnerability

LFI in Exponent CMS

2010-12-08 Thread advisory
Vulnerability ID: HTB22717 Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms.html Product: Exponent CMS Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ ) Vulnerable Version: 2.0.0pr2 Vendor Notification: 22 November 2010 Vulnerability Type: Local File Inclusion

[ MDVSA-2010:248 ] openssl

2010-12-08 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:248 http://www.mandriva.com/security/

Multiple XSS in Solarwinds Orion NPM 10.1

2010-12-08 Thread John Blakley
Values placed in the URI of the browser are rendered correctly. Orion NPM 10.1 has just been released, so there is no known fix available as of yet. Examples: Most variable= that I've checked are vulnerable:

Re: [Full-disclosure] Linux kernel exploit

2010-12-08 Thread Marcus Meissner
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote: Anyone tested this in sandbox yet? 00:37 linups:../expl/kernel cat /etc/*release* openSUSE 11.3 (i586) VERSION = 11.3 00:37 linups:../expl/kernel uname -r 2.6.34.4-0.1-desktop 00:37 linups:../expl/kernel gcc _2.6.37.local.c -o

LFI in Exponent CMS

2010-12-08 Thread advisory
Vulnerability ID: HTB22718 Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms_1.html Product: Exponent CMS Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ ) Vulnerable Version: 2.0.0pr2 Vendor Notification: 22 November 2010 Vulnerability Type: Local File Inclusion

[ MDVSA-2010:249 ] clamav

2010-12-08 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:249 http://www.mandriva.com/security/

[USN-1026-1] Python Paste vulnerability

2010-12-08 Thread Marc Deslauriers
=== Ubuntu Security Notice USN-1026-1 December 07, 2010 paste vulnerability CVE-2010-2477 === A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS This

[USN-1027-1] Quagga vulnerabilities

2010-12-08 Thread Marc Deslauriers
=== Ubuntu Security Notice USN-1027-1 December 07, 2010 quagga vulnerabilities CVE-2010-2948, CVE-2010-2949 === A security issue affects the following Ubuntu releases: Ubuntu

www.eVuln.com : HTTP Response Splitting in WWWThreads (php version)

2010-12-08 Thread bt
www.eVuln.com advisory: HTTP Response Splitting in WWWThreads (php version) Summary: http://evuln.com/vulns/156/summary.html Details: http://evuln.com/vulns/156/description.html ---Summary--- eVuln ID: EV0156 Software: n/a Vendor: WWWThreads Version: 2006.11.25

[USN-1028-1] ImageMagick vulnerability

2010-12-08 Thread Marc Deslauriers
=== Ubuntu Security Notice USN-1028-1 December 07, 2010 imagemagick vulnerability CVE-2010-4167 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS

Linux kernel exploit

2010-12-08 Thread Dan Rosenberg
Hi all, I've included here a proof-of-concept local privilege escalation exploit for Linux. Please read the header for an explanation of what's going on. Without further ado, I present full-nelson.c: Happy hacking, Dan --snip-- /* * Linux Kernel = 2.6.37 local privilege escalation * by

Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability

2010-12-08 Thread Secunia Research
== Secunia Research 08/12/2010 - QuickTime Track Dimensions Buffer Overflow Vulnerability - == Table of Contents Affected

Re: [Full-disclosure] Linux kernel exploit

2010-12-08 Thread Cal Leeming [Simplicity Media Ltd]
Anyone tested this in sandbox yet? On 07/12/2010 20:25, Dan Rosenberg wrote: Hi all, I've included here a proof-of-concept local privilege escalation exploit for Linux. Please read the header for an explanation of what's going on. Without further ado, I present full-nelson.c: Happy hacking,

Re: [Full-disclosure] Linux kernel exploit

2010-12-08 Thread Ryan Sears
Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel 2.6.35-22-generic). Works as expected. Great job Dan. You're full of win! Regards, Ryan Sears - Original Message - From: Cal Leeming [Simplicity Media Ltd] cal.leem...@simplicitymedialtd.co.uk To: Dan Rosenberg

Re: [Full-disclosure] Linux kernel exploit

2010-12-08 Thread Kai
Anyone tested this in sandbox yet? 00:37 linups:../expl/kernel cat /etc/*release* openSUSE 11.3 (i586) VERSION = 11.3 00:37 linups:../expl/kernel uname -r 2.6.34.4-0.1-desktop 00:37 linups:../expl/kernel gcc _2.6.37.local.c -o test 00:37 linups:../expl/kernel ./test [*] Failed to open file

iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability

2010-12-08 Thread labs-no-reply
iDefense Security Advisory 12.07.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 07, 2010 I. BACKGROUND QuickTime is Apple's media player product used to render video and other media. The PICT file format was developed by Apple Inc. in 1984. PICT files can contain both

[security bulletin] HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial of Service (DoS)

2010-12-08 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02586517 Version: 1 HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as

[USN-1029-1] OpenSSL vulnerabilities

2010-12-08 Thread Steve Beattie
=== Ubuntu Security Notice USN-1029-1 December 08, 2010 openssl vulnerabilities CVE-2008-7270, CVE-2010-4180 === A security issue affects the following Ubuntu releases: Ubuntu