Dokeos 1.8.6.2 fixes these 2 security holes. Dokeos 1.8.6.2 has been released
one day after we got informed about this security release.
Download @sourceforge http://bit.ly/dYOvDc
ZDI-11-043: Microsoft Excel 2007 Office Drawing Layer Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-043
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view mitigations
ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-044
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view mitigations for
ZDI-11-041: Microsoft Office Excel Office Art Object Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-041
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-045
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To
ZDI-11-046: IBM Lotus Domino Calendar Request Attachment Name Parsing Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-046
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To
ZDI-11-040: Microsoft Office Excel 2003 Invalid Object Type Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-040
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
ZDI-11-047: IBM Lotus Domino LDAP Bind Request Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-047
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view mitigations for this
Vulnerability ID: HTB22814
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_viart_shop.html
Product: ViArt Shop
Vendor: Viart Software ( http://www.viart.com/ )
Vulnerable Version: Enterprise v.4.0.5
Vendor Notification: 25 January 2011
Vulnerability Type: XSS (Cross Site
ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-048
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
R7-0038: Check Point Endpoint Security Server Information Disclosure
February 7, 2011
-- Vulnerability Details:
The Check Point Endpoint Security Server and Integrity Server products
inadvertently expose a number of private directories through the web interface.
These directories include the
ZDI-11-049: IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-049
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-050
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view mitigations
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-051
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view mitigations for this
Vulnerability ID: HTB22819
Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_webasyst_shop_script_1.html
Product: WebAsyst Shop-Script
Vendor: WebAsyst, LLC ( http://www.shop-script.ru/ )
Vulnerable Version: Current version 2011.01.23 (shop-script.ru/demo/)
Vendor Notification: 25
R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities
February 7, 2011
-- Vulnerability Details:
The Accellion File Transfer Appliance, prior to version FTA_8_0_562, suffers
from a number of security flaws that can lead to a remote root compromise.
1. Message Routing Daemon
ZDI-11-052: Lotus Domino Server diiop Client Request Operation Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-052
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
ZDI-11-053: Lotus Domino Server diiop getEnvironmentString Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-053
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-054
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To
rPath Security Advisory: 2011-0010-1
Published: 2011-02-07
Products:
rPath Appliance Platform Linux Service 2
rPath Linux 2
Rating: Informational
Exposure Level Classification:
Local User Non-deterministic
Updated Versions:
kernel=conary.rpath.com@rpl:2/2.6.32_71.7.1.el6-0.11-1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02711131
Version: 1
HPSBMA02629 SSRT100381 rev.1 - HP Power Manager (HPPM) Running on Linux and
Windows, Cross Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID: VMSA-2011-0002
Synopsis: Cisco Nexus 1000V VEM updates address denial of
service in
ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-056
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2011-004: EMC Replication Manager remote code execution vulnerability
EMC Identifier: ESA-2011-004
CVE Identifier: CVE-2011-0647
Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Affected products:
EMC Replication
Vulnerability ID: HTB22817
Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_webasyst_shop_script.html
Product: WebAsyst Shop-Script
Vendor: WebAsyst, LLC ( http://www.shop-script.ru/ )
Vulnerable Version: Current version 2011.01.23 (shop-script.ru/demo/)
Vendor Notification: 25
ZDI-11-058: SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-058
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view mitigations
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02712670
Version: 1
HPSBST02630 SSRT1000385 rev.1 - HP StorageWorks X9000 Network Storage Systems,
Remote Unauthenticated Access
NOTICE: The information in this Security Bulletin should be
Does this issue still exist ?
ZDI-11-060: Novell eDirectory Malformed NCP Request Denial of Service
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-060
February 7, 2011
-- CVE ID:
CVE-2010-4327
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
ZDI-11-055: Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-055
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
===
Ubuntu Security Notice USN-1059-1 February 07, 2011
dovecot vulnerabilities
CVE-2010-3304, CVE-2010-3706, CVE-2010-3707, CVE-2010-3779,
CVE-2010-3780
===
A security issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:023
http://www.mandriva.com/security/
===ADVISORY===
Advisory: Data Encryption Systems - DESLock+ - Local Kernel
Code Execution/Denial of Service
Advisory ID: DSEC-2011-0002
Author:Neil Kettle, Digit Security Ltd
Affected Software:
ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication
Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-057
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
Vulnerability ID: HTB22812
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_umi_cms.html
Product: UMI.CMS
Vendor: umisoft ( http://www.umi-cms.ru/ )
Vulnerable Version: 2.8.1.2
Vendor Notification: 25 January 2011
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Risk level: Low
ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-063
February 8, 2011
-- CVE ID:
CVE-2011-0092
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Other
-- Vulnerability Details:
This
ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-064
February 8, 2011
-- CVE ID:
CVE-2011-0045
-- CVSS:
6.8, (AV:L/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Windows XP
--
Vulnerability ID: HTB22818
Reference:
http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_webasyst_shop_script.html
Product: WebAsyst Shop-Script
Vendor: WebAsyst, LLC ( http://www.shop-script.ru/ )
Vulnerable Version: Current version 2011.01.23 (shop-script.ru/demo/)
Vendor
ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-059
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To
iDefense Security Advisory 02.08.11
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2011
I. BACKGROUND
The Windows Picture and Fax Viewer shimgvw.dll library is used by
Windows Explorer to generate thumbnail previews for media files.
II. DESCRIPTION
Remote exploitation of a
If I said you had a beautiful venue would you hold it against me?
OK, so the January social was not only good++ but it also confirmed that
we have an awesome new home!!! Place is big, but not too big - room for
growth but laid out so we can easily huddle in the meantime. Food is
good. Beer is
ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-061
February 7, 2011
-- CVE ID:
CVE-2011-0647
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
EMC
-- Affected Products:
EMC Replication
ZDI-11-042: Microsoft Office Excel Axis Properties Record Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-042
February 7, 2011 - This vulnerability is being disclosed publicly without a
patch in accordance with the ZDI 180 day deadline. To view
ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-062
February 8, 2011
-- CVE ID:
CVE-2010-4435
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Hewlett-Packard
IBM
Sun Microsystems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-001
MIT krb5 Security Advisory 2011-001
Original release: 2011-02-08
Last update: 2011-02-08
Topic: kpropd denial of service
CVE-2010-4022
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C
CVSSv2 Base Score: 5
Access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-002
MIT krb5 Security Advisory 2011-002
Original release: 2011-02-08
Last update: 2011-02-08
Topic: KDC denial of service attacks
CVE-2011-0281: KDC vulnerable to hang when using LDAP back end
CVSSv2 Vector:
46 matches
Mail list logo