-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] seamonkey (SSA:2011-195-01)
New seamonkey packages are available for Slackware 13.37, and -current to
fix security issues.
Here are the details from the Slackware 13.37 ChangeLog:
+--+
patches/packages/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2011-195-02)
New mozilla-firefox packages are available for Slackware 13.0 and 13.1 to
fix security issues.
Here are the details from the Slackware 13.1 ChangeLog:
+--+
patches/pack
iDefense Security Advisory 07.14.11
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 14, 2011
I. BACKGROUND
Citrix's Access Gateway solution provides remote access to customers via
the Web browser. This is accomplished through the use of an ActiveX
control that enables an SSL based VPN.
#2011-001 Chyrp input sanitization errors
Description:
The Chyrp framework, an open source blogging engine, suffers from cross-site
scripting (XSS) and local file inclusion (LFI) vulnerabilities.
Insufficient input sanitization on the parameters passed to pages related to
administration setting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-2526: Apache Tomcat Information disclosure and availability
vulnerabilities
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 7.0.0 to 7.0.18
Tomcat 6.0.0 to 6.0.32
Tomcat 5.5.0 to 5.0.33
Previous
On 13/07/11 18:47, Major Malfunction wrote:
When:
Tuesday 25th January 2011
OMG I'm a f*kwit (again).
I meant Tuesday 19th July 2011, obviously!!!
cheers,
MM
--
"In DEFCON, we have no names..." errr... well, we do... but silly ones...
OK, you know the drill... We have monthly meetings. This is one of them.
Be there!
What:
Shaun Colley - Jumping the guard page for fun and profit
"Stack overflows, generally due to recursion, have long been brushed
aside as 'not exploitable..DoS only'. This isn't true - stack overflows
AR
This appears to be a duplicate of bug 5374[1], originally reported by Alexander
Koeppe. It was fixed in Wireshark 1.4.2, which was released on November 19,
2010. I can reproduce the problem here with Wireshark 1.4.0 and 1.4.1 but not
Wireshark 1.4.2 or the current 1.4 code.
[1] https://bugs.w
Name: Torque Server Buffer Overflow Vulnerability
Author:Adam Zabrocki ()
Bartlomiej Balcerek ()
Maciej Kotowicz
()
Date: March 27, 2011
Risk: Moderate
CVE:
Vulnerability ID: HTB23026
Reference:
http://www.htbridge.ch/advisory/paltalk_messenger_activex_control_multiple_insecure_methods.html
Product: Paltalk Messenger
Vendor: Paltalk ( http://www.paltalk.com )
Vulnerable Version: 10.0 and probably prior
Tested on: 10.0
Vendor Notification: 22 June 201
Hello All,
As you know, we recently released the July issue with Metasploit as the theme
(http://chmag.in/issue/jul2011).
And ClubHack Mag is seeking submissions for next issue, Issue19-August 2011.
Topics of interest include, but not limited to:-
Mobile (Cellular), VOIP Exploitation and Securit
Advisory: Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment
File Uploading Module- E-Business Suite
CVE-2010-2404
Version Affected - 11.5.10.2, 12.0.6, 12.1.3
About: Oracle I-Recruitment Suite
Oracle iRecruitment is a web based full-cycle recruiting solution that
gives manag
German ISP 'Alice' has been shipping custom embedded devices (DSL
modems/routers etc.) for the past few years. Their first self-branded
DSL modem, Alice Modem , using firmware version 4.19, is prone to at
least the following two security vulnerabilities (after it has passed
initial configuratio
NIST is preparing the fourth Static Analysis Tool Expostion (SATE IV).
Briefly, participating tool makers run their tool on a set of programs.
Researchers led by NIST analyze the tool reports. The results and experiences
are reported at a workshop. The tool reports and analysis are made public
14 matches
Mail list logo