-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Updated
Severity: Important (was moderate)
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.16
The
The DeepSec In Depth Security Conference is happy to announce the preliminary
schedule for this year's event from November 11th to 14th in Vienna, Austria.
The schedule which can be found at https://depsec.net/schedule offers bleeding
edge talks from international speakers on topics including
From: Theo de Raadt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 09 September, 2008 17:28
To: B 650
Cc: bugtraq@securityfocus.com
I apologise if I'm misunderstanding you, but it seems to me that
this
issue can only be initiated by a privileged user on a domain.
If one domain can be
Razi Shaban a écrit :
I can confirm that the PoC _does_ crash Chrome 0.2.149.29 Build 1798
running on XP SP2.
Perhaps it's the build?
--
Razi
I can confirm that the PoC _doesn't_ crash Chrome 0.2.149.29 Build 1798
on XP SP3
--
Julien
- Original Message -
From: Theo de Raadt [EMAIL PROTECTED]
To: B 650 [EMAIL PROTECTED]
Cc: bugtraq@securityfocus.com
Sent: Tuesday, September 09, 2008 4:27 PM
Subject: Re: Sun M-class hardware denial of service
snip
You stated in your original message that this is a high-end
ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-061
September 9, 2008
-- CVE ID:
CVE-2008-3627
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- Vulnerability Details:
This vulnerability allows
We released a research paper a few months ago, regarding a sub-class
of SQL Injection that has not received attention till now. The crux is
that when it comes to SQLi, protection and detection do not typically
take the architecture into account; this can allow smuggling attacks
which are not
iDefense Security Advisory 09.09.08
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 09, 2008
I. BACKGROUND
Quicktime is Apple's media player product, and is used to render video
and other media. The PICT file format was developed by Apple Inc. in
1984. PICT files can contain both
Multiple vulnerabilities: LedgerSMB
Synopsis: Two vulnerabilities announced in LedgerSMB for versions
prior to 1.2.15
Status: Corrected in version 1.2.15 and later (vendor fix available).
Impact: Resource exhaustion on server, arbitrary SQL command execution.
Other software affected:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:189
http://www.mandriva.com/security/
iDefense Security Advisory 09.09.08
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 09, 2008
I. BACKGROUND
The GDI+ library, or GdiPlus.dll, provides access to a number of
graphics methods, via a class-based API. Vector Markup Language (VML)
is a component of the Extensible Markup
There is a memory corruption vulnerability with GIF file processing in
Microsoft GDI+ that can be used to crash a vulnerable application and
potentially execute arbitrary code.
###
#The vulnerability#
###
The vulnerability is caused due to improper handling of
#2008-012 Horde, Popoon frameworks common input sanitization errors (XSS)
Two cross-site scripting (XSS) vulnerabilities were reported in Horde
Framework. The first of which is that the Horde framework fails to properly
sanitize the filename of MIME attachments on received emails. The second
Already discovered:
http://packetstormsecurity.org/0809-exploits/ephpb2b-sql.txt
cceb7b553c51129e88d5553fdcb5129d E-PHP B2B Trading Marketplace Scripts suffers
from a remote SQL injection vulnerability in listings.php. nbsp;Homepage: a
href=http://www.darkc0de.com/;
* Theo de Raadt:
That is WRONG. The long-term uptime of all other domains on the
machine are eventually impacted because the entire physical machine
must, after a service call to Sun, eventually be powered down.
Management eventually has to decide to impact the SLA's of all domains.
That
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:190
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1635-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
September 10, 2008
... ciao:
: on 9-9-2008 B 650 writ:
: I think it's a bit of a leap to call this a DoS vulnerability.
: The power cycle of the remainder of the frame can be done at your leisure
which, convenient if nothing else, still has to be done. so, at some
point, all 'mission critical applications',
ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-057
September 9, 2008
-- CVE ID:
CVE-2008-3635
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- Vulnerability Details:
This vulnerability allows
19 matches
Mail list logo