Arbitrary files deletion in HP OpenView Communication Broker

### Luigi Auriemma Application: HP OpenView Communication Broker http://www8.hp.com/us/en/software/enterprise-software.html Versions: ovbbccb.exe = 11.0.43.0 Platforms:Windows,

[SECURITY] [DSA 2272-1] bind9 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2272-1 secur...@debian.org http://www.debian.org/security/Florian Weimer July 05, 2011

Integer overflow in foobar2000 1.1.7

### Luigi Auriemma Application: foobar2000 http://www.foobar2000.org Versions: = 1.1.7 Platforms:Windows Bug: integer overflow Date: 03 Jul 2011 Author:

[security bulletin] HPSBUX02688 SSRT100513 rev.1 - HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02904002 Version: 1 HPSBUX02688 SSRT100513 rev.1 - HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted

Ubuntu: reseed(8), random.org, and HTTP request

Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The script is run when the package installed, and anytime su executes the script. reseed(8) performs a unsecured HTTP request to random.org for its bits, despite random.org offering HTTPS services. The Ubuntu Security Team took no

Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request

On Tue, Jul 5, 2011 at 9:04 PM, Jeffrey Walton noloa...@gmail.com wrote: Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The script is run when the package installed, and anytime su executes the script. ... someone thought this was a good idea. [an entropy pool remotely

IDrive Online Backup ActiveX control Insecure Method

Vulnerability ID: HTB23025 Reference: http://www.htbridge.ch/advisory/idrive_online_backup_activex_control_insecure_method.html Product: IDrive Online Backup Vendor: Pro Softnet Corporation ( http://www.idrive.com ) Vulnerable Version: 3.4.0 and probably prior Tested on: 3.4.0 Vendor

aTube Catcher ActiveX Control Insecure Method

Vulnerability ID: HTB23013 Reference: http://www.htbridge.ch/advisory/atube_catcher_activex_control_savedecrypted_insecure_method.html Product: aTube Catcher Vendor: Diego Uscanga ( http://atube-catcher.dsnetwb.com ) Vulnerable Version: 2.3.570 and probably prior Tested on: 2.3.570 Vendor

Re: in_midi multiple vulnerabilities in Winamp 5.61

On Wed, Jun 29, 2011 at 08:02:45PM +0100, Luigi Auriemma wrote: ### Luigi Auriemma Application: Winamp http://www.winamp.com Versions: = 5.61 Platforms:Windows Bugs:

Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request

On Wed, 2011-07-06 at 00:04 -0400, Jeffrey Walton wrote: Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The script is run when the package installed, and anytime su executes the script. reseed(8) performs a unsecured HTTP request to random.org for its bits, despite

Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar

On Mon, Jul 04, 2011 at 06:46:09AM +, sschu...@t-online.de wrote: Advisory: Multiple Cross-Site Scripting vulnerabilities in WebCalendar Advisory ID:SSCHADV2011-008 Author: Stefan Schurtz Affected Software: Version 1.2.3 and probably prior versions Vendor

Re: SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress

On Fri, Jul 01, 2011 at 11:23:40AM +0200, SEC Consult Vulnerability Lab wrote: SEC Consult Vulnerability Lab Security Advisory 20110701-0 === title: Multiple SQL Injection Vulnerabilities product:

Cisco Security Advisory: Cisco Content Services Gateway Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco Content Services Gateway Denial of Service Vulnerability Advisory ID: cisco-sa-20110706-csg Revision 1.0 For Public Release 2011 July 06 1600 UTC (GMT