[Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Outlook mailto Command Line Switch Injection

iDefense Security Advisory 03.11.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 11, 2008 I. BACKGROUND Microsoft Outlook provides an integrated solution for managing and organizing e-mail messages, schedules, tasks, notes, contacts, and other information. More information is availa

[Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability

iDefense Security Advisory 03.11.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 11, 2008 I. BACKGROUND Microsoft Excel is the spreadsheet application that is included with Microsoft Corp's Office productivity software suite. More information is available at the following website.

[Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Excel DVAL Heap Corruption Vulnerability

iDefense Security Advisory 03.11.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 11, 2008 I. BACKGROUND Microsoft Excel is the spreadsheet application that is included with Microsoft Corp's Office productivity software suite. More information is available at the following website.

[Full-disclosure] [SECURITY] [DSA 1515-1] New libnet-dns-perl packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1515-1 [EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer March 11, 2008

[Full-disclosure] [ GLSA 200803-20 ] International Components for Unicode: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] [ GLSA 200803-19 ] Apache: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability

ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-008 March 11, 2008 -- CVE ID: CVE-2008-0113 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Excel Viewer -- TippingPoint(TM)

[Full-disclosure] Offensive Security Backtrack Training

I had to post this, this is actually my first post. You guys need to check this out, Muts the main creator of the backtrack live distro is starting to hold in person classes at a few locations around the US. http://www.offensive-security.com/ilt.php I took his online course and its amazing. I

[Full-disclosure] CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs Timbuktu Pro Remote Path Traversal and Log Injection *Advisory Information* Title: Timbuktu Pro Remote Path Traversal and Log Injection Advisory ID

[Full-disclosure] Advisory Adobe LiveCycle Workflow XSS Vulnerability

Summary Name: Adobe LiveCycle Workflow XSS Vulnerability Release Date: 11 March 2008 Reference: LSD002-2008 CVE Number: CVE-2008-1202 Discover: Dave Lewis Vendor: Adobe Systems Product: LiveCycle Workflow 6.2 Management Web Interface Systems Affected: version 6.2 (as tested) NB. Other versions may

[Full-disclosure] Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability

___ Rapid7 Security Advisory Visit http://www.rapid7.com/ to download NeXpose, SC Magazine Winner of Best Vulnerability Management product. ___

[Full-disclosure] [DailyDave] cheese

[Forwarded from DailyDave] Here's another shellcode paper for people who like that sort of thing: It's good, although it will be swarms of people asking about SILICA. A year from now it will fail on certain 2k/XP configurations with a particular thread and just hard-kill it. Anyways, this is just

Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5

<[EMAIL PROTECTED]> wrote: > http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=589 "Motorola Inc. has addressed this vulnerability by releasing version 8.6.5 of Timbuktu Pro for Windows. For more information, consult the release notes at the following URL." I have tested versio

Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5

> > Luigi Auriemma > > Application: Timbuktu Pro Remote Control Software > [...snip...] > - > B] limited upload directory traversal > - > [...snip...] > Currently I

[Full-disclosure] Advisory: Remote Command Execution in Mapbender

Advisory: Remote Command Execution in Mapbender During a penetration test RedTeam Pentesting discovered a remote command execution vulnerability in Mapbender. An unauthorized user can create arbitrary PHP-files on the Mapbender webserver, which can later be executed. Details === Product: Ma

[Full-disclosure] Advisory: SQL-Injections in Mapbender

Advisory: SQL-Injections in Mapbender During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in Mapbender. A remote attacker is able to execute arbitrary SQL commands and therefore can get e.g. valid usernames and password hashes of the Mapbender users. Details ===

[Full-disclosure] Wired.com and History.com Getting RBN-ed

Monitoring last week's IFRAME injection attack at high page rank-ed sites, reveals a simple truth, that persistent simplicity seems to work. The attack is still ongoing, this time successfully injecting a multitude of new domains into Wired Magazine, and History.com's search engines, which are agai