Re: Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure

Dokeos 1.8.6.2 fixes these 2 security holes. Dokeos 1.8.6.2 has been released one day after we got informed about this security release. Download @sourceforge http://bit.ly/dYOvDc

ZDI-11-043: Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability

ZDI-11-043: Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-043 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations

ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability

ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-044 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for

ZDI-11-041: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

ZDI-11-041: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-041 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability

ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-045 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To

ZDI-11-046: IBM Lotus Domino Calendar Request Attachment Name Parsing Remote Code Execution Vulnerability

ZDI-11-046: IBM Lotus Domino Calendar Request Attachment Name Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-046 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To

ZDI-11-040: Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability

ZDI-11-040: Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-040 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

ZDI-11-047: IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

ZDI-11-047: IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-047 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for this

HTB22814: XSS vulnerability in ViArt Shop

Vulnerability ID: HTB22814 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_viart_shop.html Product: ViArt Shop Vendor: Viart Software ( http://www.viart.com/ ) Vulnerable Version: Enterprise v.4.0.5 Vendor Notification: 25 January 2011 Vulnerability Type: XSS (Cross Site

ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability

ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-048 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

R7-0038: Check Point Endpoint Security Server Information Disclosure

R7-0038: Check Point Endpoint Security Server Information Disclosure February 7, 2011 -- Vulnerability Details: The Check Point Endpoint Security Server and Integrity Server products inadvertently expose a number of private directories through the web interface. These directories include the

ZDI-11-049: IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability

ZDI-11-049: IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-049 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability

ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-050 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations

ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-051 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for this

HTB22819: XSS vulnerability in WebAsyst Shop-Script

Vulnerability ID: HTB22819 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webasyst_shop_script_1.html Product: WebAsyst Shop-Script Vendor: WebAsyst, LLC ( http://www.shop-script.ru/ ) Vulnerable Version: Current version 2011.01.23 (shop-script.ru/demo/) Vendor Notification: 25

R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities

R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities February 7, 2011 -- Vulnerability Details: The Accellion File Transfer Appliance, prior to version FTA_8_0_562, suffers from a number of security flaws that can lead to a remote root compromise. 1. Message Routing Daemon

ZDI-11-052: Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability

ZDI-11-052: Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-052 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

ZDI-11-053: Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability

ZDI-11-053: Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-053 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability

ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-054 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To

rPSA-2011-0010-1 kernel

rPath Security Advisory: 2011-0010-1 Published: 2011-02-07 Products: rPath Appliance Platform Linux Service 2 rPath Linux 2 Rating: Informational Exposure Level Classification: Local User Non-deterministic Updated Versions: kernel=conary.rpath.com@rpl:2/2.6.32_71.7.1.el6-0.11-1

[security bulletin] HPSBMA02629 SSRT100381 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02711131 Version: 1 HPSBMA02629 SSRT100381 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF) NOTICE: The information in this Security Bulletin

VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2011-0002 Synopsis: Cisco Nexus 1000V VEM updates address denial of service in

ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability

ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-056 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

ESA-2011-004: EMC Replication Manager remote code execution vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2011-004: EMC Replication Manager remote code execution vulnerability EMC Identifier: ESA-2011-004 CVE Identifier: CVE-2011-0647 Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Affected products: EMC Replication

HTB22817: XSS vulnerability in WebAsyst Shop-Script

Vulnerability ID: HTB22817 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webasyst_shop_script.html Product: WebAsyst Shop-Script Vendor: WebAsyst, LLC ( http://www.shop-script.ru/ ) Vulnerable Version: Current version 2011.01.23 (shop-script.ru/demo/) Vendor Notification: 25

ZDI-11-058: SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability

ZDI-11-058: SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-058 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations

[security bulletin] HPSBST02630 SSRT1000385 rev.1 - HP StorageWorks X9000 Network Storage Systems, Remote Unauthenticated Access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02712670 Version: 1 HPSBST02630 SSRT1000385 rev.1 - HP StorageWorks X9000 Network Storage Systems, Remote Unauthenticated Access NOTICE: The information in this Security Bulletin should be

Re: Microsoft Terminal Services vulnerable to MITM-attacks.

Does this issue still exist ?

ZDI-11-060: Novell eDirectory Malformed NCP Request Denial of Service Vulnerability

ZDI-11-060: Novell eDirectory Malformed NCP Request Denial of Service Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-060 February 7, 2011 -- CVE ID: CVE-2010-4327 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell eDirectory

ZDI-11-055: Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability

ZDI-11-055: Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-055 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

[USN-1059-1] Dovecot vulnerabilities

=== Ubuntu Security Notice USN-1059-1 February 07, 2011 dovecot vulnerabilities CVE-2010-3304, CVE-2010-3706, CVE-2010-3707, CVE-2010-3779, CVE-2010-3780 === A security issue

[ MDVSA-2011:023 ] proftpd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:023 http://www.mandriva.com/security/

Data Encryption Systems - DESLock+ - Local Kernel Code Execution/Denial of Service

===ADVISORY=== Advisory: Data Encryption Systems - DESLock+ - Local Kernel Code Execution/Denial of Service Advisory ID: DSEC-2011-0002 Author:Neil Kettle, Digit Security Ltd Affected Software:

ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability

ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-057 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

HTB22812: XSRF (CSRF) in UMI.CMS

Vulnerability ID: HTB22812 Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_umi_cms.html Product: UMI.CMS Vendor: umisoft ( http://www.umi-cms.ru/ ) Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: CSRF (Cross-Site Request Forgery) Risk level: Low

ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability

ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-063 February 8, 2011 -- CVE ID: CVE-2011-0092 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Other -- Vulnerability Details: This

ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability

ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-064 February 8, 2011 -- CVE ID: CVE-2011-0045 -- CVSS: 6.8, (AV:L/AC:L/Au:S/C:C/I:C/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows XP --

HTB22818: Stored XSS vulnerability in WebAsyst Shop-Script

Vulnerability ID: HTB22818 Reference: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_webasyst_shop_script.html Product: WebAsyst Shop-Script Vendor: WebAsyst, LLC ( http://www.shop-script.ru/ ) Vulnerable Version: Current version 2011.01.23 (shop-script.ru/demo/) Vendor

ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability

ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-059 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To

iDefense Security Advisory 02.08.11: Microsoft Windows Picture and Fax Viewer Library

iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND The Windows Picture and Fax Viewer shimgvw.dll library is used by Windows Explorer to generate thumbnail previews for media files. II. DESCRIPTION Remote exploitation of a

DC4420 - London DEFCON - February meet - Tuesday 22nd February 2011

If I said you had a beautiful venue would you hold it against me? OK, so the January social was not only good++ but it also confirmed that we have an awesome new home!!! Place is big, but not too big - room for growth but laid out so we can easily huddle in the meantime. Food is good. Beer is

ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability

ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-061 February 7, 2011 -- CVE ID: CVE-2011-0647 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: EMC -- Affected Products: EMC Replication

ZDI-11-042: Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability

ZDI-11-042: Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-042 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view

ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability

ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-062 February 8, 2011 -- CVE ID: CVE-2010-4435 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard IBM Sun Microsystems

MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-001 MIT krb5 Security Advisory 2011-001 Original release: 2011-02-08 Last update: 2011-02-08 Topic: kpropd denial of service CVE-2010-4022 CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C CVSSv2 Base Score: 5 Access

MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-002 MIT krb5 Security Advisory 2011-002 Original release: 2011-02-08 Last update: 2011-02-08 Topic: KDC denial of service attacks CVE-2011-0281: KDC vulnerable to hang when using LDAP back end CVSSv2 Vector: