Bugtraq | Bugtraq

Bugtraq | Bugtraq Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/bugtraq/bugtraq/ en-us (c) Gossamer Threads Inc. All rights reserved. 25 Nov 2009 05:36:24 -0800 120 Gossamer Threads | Bugtraq | Bugtraq 75 23 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg rPSA-2008-0018-1 mysql mysql-bench mysql-server rPath Security Advisory: 2008-0018-1 Published: 2008-01-17 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Determi 17 Jan 2008 07:32:21 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26774 [SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 17 Jan 2008 06:38:45 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26771 [security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00727143 Version: 7 HPSBMA02133 SSRT061201 re 17 Jan 2008 05:30:57 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26770 Clever Copy <=3.0 Multiple Remote Vulnerabilities #################################################################### # # # 17 Jan 2008 00:54:46 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26777 PHPEchoCMS Multible remote vulnerabilitis Hello,, PHPEchoCMS Multible remote vulnerabilitis Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address 16 Jan 2008 21:07:58 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26773 JoomlaFlash Component Multiple Remote File Inclusion Autore: Smasher Sito: http://warwolfz.altervista.org Tipo: Remote File Inclusion Rischio: Alto A remote attacker can gain access to your website thro 16 Jan 2008 16:06:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26772 [ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 16 Jan 2008 15:30:09 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26775 [USN-570-1] boost vulnerabilities =========================================================== Ubuntu Security Notice USN-570-1 January 16, 2008 boost vulnerabilities CVE-200 16 Jan 2008 14:45:38 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26768 [ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 16 Jan 2008 14:29:34 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26769 [ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 16 Jan 2008 14:16:50 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26767 Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit [+] Info: [~] Software: Gradman <= 0.1.3 [~] HomePage: http://gradman.xe1ido.com.mx/ [~] Exploit: Local File Inclusion [High] [~] Where: agregar_info 16 Jan 2008 13:11:31 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26766 SQL scalar function to convert big int to dot notation For those of you logging ISA (or whatever) to SQL, you'll have no doubt noted that the source and destination IP's are logged as long integers, and no 16 Jan 2008 12:20:15 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26764 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 =============================================================================== Author: 16 Jan 2008 12:19:44 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26762 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 =============================================================================== Author: J 16 Jan 2008 12:18:40 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26765 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 January 16, 2008 -- CVE ID: 16 Jan 2008 12:12:32 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26763 Country by Country Computer Sets now available for ISA 2004 I've updated the HoG site to include Country-by-country sets for ISA 2004 for those still using that version of the product. http://hammerofgod.com/d 16 Jan 2008 12:00:25 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26761 Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 ####################################################################### Luigi Auriemma Applications: BitTorrent and uTo 16 Jan 2008 10:47:28 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26760 mcGuestbook v1.2 Remote File Inc. Author: BLaSTER a.K.a Gokhan Title: mcGuestbook v1.2 Remote File Inc. Download: http://www.hotscripts.com/jump.php?listing_id=13439&jump_type=1 Contac 16 Jan 2008 10:44:01 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26759 Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow Document ID: 16 Jan 2008 08:15:00 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26758 RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit [+] Info: [~] Software: RichStrong CMS [~] HomePage: http://www.hzrich.cn [~] Exploit: Remote Sql Injection [High] [~] Where: showproduct.asp?cat= [~ 16 Jan 2008 03:36:08 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26748 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities Digital Security Research Group [DSecRG] Advisory #DSECRG-08-003 Application: Blogcms Versions Affected: Blogc 16 Jan 2008 03:02:40 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26747 [DSECRG-08-002] Local File Include in arias 0.99-6 Digital Security Research Group [DSecRG] Advisory #DSECRG-08-002 Application: aria-0.99-6 (Web based ERP) Versions Affected 16 Jan 2008 02:37:35 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26753 cPanel Hosting Manager (dohtaccess.html) Aria-Security Team http://Aria-Security.Net ----------------------------------- Vendor: http://cPanel.com cPanel Hosting Manager (dohtaccess.html) Cro 15 Jan 2008 20:09:29 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26750 [Aria-Security.Net] Real Estate Web SQL Injection Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: Vendor: http://www.site2nite.com/ Google Search: Website Dev 15 Jan 2008 19:42:43 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26756 8e6 Technologies R3000 Internet Filter Bypass by Request Split 8e6 Technologies R3000 Internet Filter Bypass by Request Split Product: 8e6 Technologies R3000 Internet Filter http://www.8e6.com/network-security/ 15 Jan 2008 18:55:20 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26755 [SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 15 Jan 2008 15:47:39 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26746 iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND Quicktime is Apple's media pla 15 Jan 2008 15:15:44 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26757 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/TPTI-08-01.html January 15 Jan 2008 15:02:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26754 rPSA-2008-0017-1 libxml2 rPath Security Advisory: 2008-0017-1 Published: 2008-01-15 Products: rPath Appliance Platform Linux Service 1 rPath Linux 1 Rating: Minor Exp 15 Jan 2008 14:54:33 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26752 rPSA-2008-0016-1 postgresql postgresql-server rPath Security Advisory: 2008-0016-1 Published: 2008-01-15 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Determ 15 Jan 2008 14:53:57 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26751 rPSA-2008-0015-1 cairo rPath Security Advisory: 2008-0015-1 Published: 2008-01-15 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User 15 Jan 2008 14:52:53 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26749 iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND TIBCO SmartSockets is a messag 15 Jan 2008 11:18:52 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26743 iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND TIBCO SmartSockets is a messag 15 Jan 2008 11:12:38 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26742 iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND TIBCO SmartSockets is a messag 15 Jan 2008 11:04:42 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26741 iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability iDefense Security Advisory 01.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 15, 2008 I. BACKGROUND TIBCO SmartSockets is a messag 15 Jan 2008 11:01:23 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26740 Pipe to FOR Crashes CMD Pipe the output of a command to FOR in (), and you crash the Windows Vista Windows Command Processor (CMD.exe) with a DEP violation. I expect it works 15 Jan 2008 07:41:06 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26732 MicroNews Admin Direct Access vulnerability # MicroNews Authentication Bypass # Homepage: http://phptoys.com/ # Download: http://www.phptoys.com/download.php?view.31 # Found by Xcross87 | xcross 15 Jan 2008 07:33:33 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26731 Max's File Uploader File Upload Vulnerability # Max's File Uploader File Upload Vulnerability # Homepage: http://www.phpf1.com/ # Download: http://www.phpf1.com/download.html?item=9 # Dork: intitl 15 Jan 2008 07:12:26 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26730 [security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01325239 Version: 1 HPSBST02304 SSRT080003 re 15 Jan 2008 06:10:00 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26712 [security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01323725 Version: 1 HPSBUX02303 SSRT071468 re 15 Jan 2008 06:09:13 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26711 Article DashBoard all version SQL Injection Vulnerability ########################################################################## # ArticleDashBoard all version SQL Injection Vulnerability # 15 Jan 2008 05:36:22 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26729 SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS)] Author: sp3x Date: - - 15 Jan 2008 00:33:08 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26727 Exploiting the SpamBam plugin for wordpress The attached exploit demonstrates that the WordPress SpamBam plugin can be bypassed due to relying on the client for security. Vulnerable software: S 14 Jan 2008 22:01:53 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26721 Defeating audio captcha systems Hi all, Some days ago I wrote an advisory which demonstrates how the Peter's Math Antispam Spinoff plugin for wordpress (http://www.theblog.ca/math-a 14 Jan 2008 22:01:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26719 [USN-569-1] libxml2 vulnerability =========================================================== Ubuntu Security Notice USN-569-1 January 14, 2008 libxml2 vulnerability CVE-200 14 Jan 2008 16:13:03 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26717 FreeBSD Security Advisory FreeBSD-SA-08:02.libc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:02.libc 14 Jan 2008 15:09:43 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26716 FreeBSD Security Advisory FreeBSD-SA-08:01.pty -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:01.pty 14 Jan 2008 15:09:39 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26715 [ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 14 Jan 2008 15:04:52 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26714 [ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 14 Jan 2008 14:56:08 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26713 Country by Country ISA Computer Sets Recently, David Litchfield asked me to help him out a bit with a research project he was working on by having me set up a network capture in my DMZ to 14 Jan 2008 14:20:50 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26720 [USN-568-1] PostgreSQL vulnerabilities =========================================================== Ubuntu Security Notice USN-568-1 January 14, 2008 postgresql vulnerabilities CV 14 Jan 2008 13:31:06 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26709 [SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 14 Jan 2008 10:51:52 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26706 ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-001.htm 14 Jan 2008 10:51:37 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26705 Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily [+] Info: [~] Software: Binn SBuilder [~] HomePage: http://www.cms.ge/ [~] Exploit: Blind Sql Injection [High] [~] Where: full_text.php?nid= [~] Bug 14 Jan 2008 08:59:40 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26701 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) <vjt@openssl.it> wrote: > By the way, even with "Transport setup" -> "Automatic", the software > doesn't crash nor loops after 14 Jan 2008 06:56:17 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26686 F5 BIG-IP Web Management List Search XSS F5 BIG-IP Web Management List Search XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a c 14 Jan 2008 06:36:46 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26678 SQID v0.3 - SQL Injection Digger. SQL injection digger is a command line program that looks for SQL injections and common errors in websites. This version now can perform the following 14 Jan 2008 06:17:36 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26685 Re: [Full-disclosure] what is this? Dear crazy frog crazy frog, Clear your computer from trojan, change FTP password for you site hosting access, because it's stolen, access 14 Jan 2008 01:34:48 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26682 [SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 13 Jan 2008 09:14:11 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26675 [SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 13 Jan 2008 08:57:16 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26710 what is this? Hi, Recently on opening one of my site,my antivirus pops up saying that it has found on malicious script.the url is random and i have managed to get 13 Jan 2008 08:01:34 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26676 [SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 13 Jan 2008 07:45:01 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26681 [SECURITY] [DSA 1459-1] New gforge packages fix SQL injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 13 Jan 2008 07:07:24 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26693 Hacking The Interwebs http://www.gnucitizen.org/blog/hacking-the-interwebs When the victim visits a malicious SWF file, a 4 step ATTACK will silently execute in the backgr 13 Jan 2008 00:27:05 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26704 [ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 12 Jan 2008 14:06:23 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26679 Garment Center (index.cgi) Local File Inclusion [+] Discovered by Smasher [+] WarWolfz Crew. [+] http://warwolfz.altervista.org/ Hey wassup....i've found a vulnerability in Garmentcenter in index. 12 Jan 2008 08:44:24 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26674 Safari 2 Denial of Service ############################################################## - S21Sec Advisory - ############################################ 12 Jan 2008 07:30:14 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26671 [ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 11 Jan 2008 17:19:37 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26670 [ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 11 Jan 2008 17:05:25 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26669 Cross site scripting (XSS) in Moodle 1.8.3 Source URL of this announcement: http://int21.de/cve/CVE-2008-0123-moodle.html References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0123 11 Jan 2008 15:51:55 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26668 [ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 11 Jan 2008 15:00:29 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26672 [ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 11 Jan 2008 13:56:07 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26673 RE: At long last - Extra Outlooks! FYI - this works for 2007, not 2003. We're seeing about writing one for 2003, but it may be a few weeks. Thanks! t > -----Original Message----- > F 11 Jan 2008 11:07:38 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26688 Naymz multiple XSS Naymz is a online profile system with positive and accurate information that you want others to find when they search for you online. Community Sear 11 Jan 2008 09:11:32 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26665 Member Area System (MAS) Remote File Include Vulnerability (view_func.php) ---------------------------------------------------------------------- Member Area System (MAS) Remote File Include Vulnerability (view_func.php) -- 11 Jan 2008 03:12:20 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26663 CFP: EuroSec Workshop (March 31st, 2008) [. Our anticipate apologies if you receive this call for paper more than once! ] CALL FOR PAPERS - EUROSEC WORKSHOP EuroSec (http://www.cs.vu.nl/eu 11 Jan 2008 01:12:14 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26662 At long last -- Extra Outlooks! As long as Outlook has been around, people have been trying to get two instances running at the same time. Not multiple profiles that you can load whe 10 Jan 2008 22:28:34 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26656 [ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 10 Jan 2008 21:44:54 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26657 re-resting of zzuf results I've also posted this to my blog: http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html About one year ago, Sam Hocevar pos 10 Jan 2008 21:06:33 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26655 ImageAlbum Remote SQL Injection Vulnerabilities ImageAlbum Remote SQL Injection Vulnerabilities ------------------------------------------------------------------------- Product: ImageAlbum Version 10 Jan 2008 19:09:20 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26664 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability] Author: sp3x Date 10 Jan 2008 15:30:59 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26658 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability ] Author: sp3x Date: - - Wr 10 Jan 2008 15:29:25 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26660 [USN-567-1] Dovecot vulnerability =========================================================== Ubuntu Security Notice USN-567-1 January 10, 2008 dovecot vulnerability CVE-200 10 Jan 2008 14:01:59 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26653 [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 10 Jan 2008 12:47:39 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26650 [ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 10 Jan 2008 12:06:32 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26651 Buffer-overflow in Quicktime Player 7.3.1.70 ####################################################################### Luigi Auriemma Application: Quicktime Player 10 Jan 2008 10:45:17 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26648 MTCMS <=2.0 SQL Injection Vulnerbility ######################################################################## # 10 Jan 2008 10:18:23 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26649 Word 2007 Email as PDF path disclosure flaw Intro: Word 2007 is the latest installment of Microsoft's word processing program Bug: Word 2007 with the "save as pdf" add-on is vulnerable to a pat 10 Jan 2008 08:07:12 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26647 BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-5 It's known that UPnP [1] is inherently insecure for a very simple reason: adminis 10 Jan 2008 04:20:37 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26646 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager 10 Jan 2008 04:00:12 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26642 uCon 2008 call for participation - Recife, Brazil .--. : .--' .-..-.: : .--. ,-.,-. : :; :: :__ ' .; :: ,. : `.__.'`.__.'`.__.':_;:_; CALL FOR PARTICIPATION uCon 2008, 1st 10 Jan 2008 03:02:21 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26640 Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit Challenge pubblication is 01.04.200 10 Jan 2008 02:36:44 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26644 Simple Machines Forum Cross-Site Scripting Vulnerabilities [HSC] Simple Machines Forum XSS Vulnerabilities Simple Machines Forum allows attackers to exploiting this vulnerability by cross-site scripting and 09 Jan 2008 18:12:49 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26641 [USN-566-1] OpenSSH vulnerability =========================================================== Ubuntu Security Notice USN-566-1 January 09, 2008 openssh vulnerability CVE-200 09 Jan 2008 18:00:28 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26643 [ GLSA 200801-06 ] Xfce: Multiple vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-06:02 - - - 09 Jan 2008 15:26:26 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26645 [ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 09 Jan 2008 14:56:13 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26638 [USN-565-1] Squid vulnerability =========================================================== Ubuntu Security Notice USN-565-1 January 09, 2008 squid vulnerability CVE-2007- 09 Jan 2008 14:22:24 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26636 [ GLSA 200801-05 ] Squid: Denial of Service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisor 09 Jan 2008 14:17:52 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26635 [SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 09 Jan 2008 14:15:23 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26639 [SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 09 Jan 2008 14:02:37 -0800 http://www.gossamer-threads.com/lists/bugtraq/bugtraq/26634