 The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
List Archives
Latest Posts
Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation?
steve . povolny (Sep 03)
There's not a lot in the way of information about IIS settings required to exploit this. What I've gleaned so far is
IIS 5.1, and a request to a directory using the :$i30:$INDEX_ALLOCATION in the request...Can't seem to replicate this
though. Are there any other settings that you are aware of for IIS? Basic auth required? I'd like to find a way to
replicate this in our environment. Thanks!
VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249)
VUPEN Security Research (Sep 03)
VUPEN Security Research - Google Chrome Focus Processing Memory Corruption
Vulnerability (VUPEN-SR-2010-249)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Google Chrome is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier."
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a high risk vulnerability...
[ MDVSA-2010:170 ] wget
security (Sep 03)
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:170
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wget
Date : September 2, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0...
[SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution
Sebastien Delafond (Sep 03)
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2102-1 security () debian org
http://www.debian.org/security/ Sébastien Delafond
Sep 3, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : barnowl
Vulnerability : unchecked return value
Problem...
nullcon Goa dwitiya (2.0) Call For Papers
nullcon (Sep 03)
nullcon Dwitiya (2.0)
The Jugaad(hacking) Conference
nullcon is an initiative by null - The open security community.
Website:
http://nullcon.net
Calling all Jugaadus(hackers)
It's the time of the year when we welcome research done by the
community as paper submissions for nullcon.
So, sip your coffee, dust your debuggers, fire your tools, challenge
your grey cells and shoot us an email.
Tracks:
---------------
- Bakkar: 1 Hr Talks
-...
[ GLSA 201009-01 ] wxGTK: User-assisted execution of arbitrary code
Alex Legler (Sep 03)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201009-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: wxGTK: User-assisted execution of arbitrary code...
[security bulletin] HPSBMA02572 SSRT100082 rev.1 - HP Operations Agent Running on Windows, Local Elevation of Privileges and Remote Execution of Arbitrary Code
security-alert (Sep 03)
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02497800
Version: 1
HPSBMA02572 SSRT100082 rev.1 - HP Operations Agent Running on Windows, Local Elevation of Privileges and Remote
Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-09-02
Last Updated: 2010-09-02
Potential Security Impact: Local elevation of privileges and remote execution of...
Rooted CON 2011 - Call for Papers
Román Ramírez (Sep 03)
Rooted CON 2011 - Call for Papers
-=] About Rooted CON
Rooted CON is a security congress which will be held in Madrid (Spain)
from 3 to 5 March 2011, whose spectrum of participants ranging from
students to state forces and secret services, through professionals of
the security market, lawyers, or even technology enthusiasts (and others).
-=] Type of Presentations
The congress accepts two kinds of presentations:
- Fast talks: 20 minutes.
-...
Vulnerabilities in CMS WebManager-Pro
MustLive (Sep 02)
Hello Bugtraq!
I want to warn you about SQL Injection and Redirector (URL Redirector Abuse)
vulnerabilities in CMS WebManager-Pro (SecurityVulns ID:11108). It's
Ukrainian commercial CMS.
SQL Injection:
http://site/c.php?id=1%20and%20version()=5
Redirector:
http://site/c.php?id=1&url=http://websecurity.com.ua
Affected products: both systems CMS WebManager-Pro from two developers.
Vulnerable are versions CMS WebManager-Pro up to 8.1...
{PRL} Novell Netware OpenSSH Remote Stack Overflow
Francis Provencher (Sep 02)
#####################################################################################
Application: Novell Netware OpenSSH Remote Stack Overflow
Platforms: Netware 6.5
Exploitation: Remote code execution
CVE Number:
Novell TID: 7006756
ZeroDayInitiative: ZDI-10-169
Author: Francis Provencher (Protek Research Lab's)
Blog: http://www.protekresearchlab.com/...
Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll)
YGN Ethical Hacker Group (Sep 02)
1. OVERVIEW
The Moovida Media Player application is vulnerable to Insecure DLL
Hijacking Vulnerability. Similar terms that describe this
vulnerability
have been come up with Remote Binary Planting, Unsafe Library Loading,
and Insecure DLL Loading/Injection/Hijacking/Preloading.
2. PRODUCT DESCRIPTION
Moovida Media Player is a free and open source media center that
allows you to enjoy all of your music, video and pictures
in an awsome...
[ MDVSA-2010:168 ] openssl
security (Sep 02)
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:168
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : September 1, 2010
Affected: 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability has been found...
[ MDVSA-2010:169 ] mozilla-thunderbird
security (Sep 02)
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:169
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : September 2, 2010
Affected: 2008.0, 2009.0, 2010.0, 2010.1
_______________________________________________________________________
Problem...
[USN-982-1] Wget vulnerability
Marc Deslauriers (Sep 02)
===========================================================
Ubuntu Security Notice USN-982-1 September 02, 2010
wget vulnerability
CVE-2010-2252
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem...
XSS vulnerability in ArtGK CMS
advisory (Sep 01)
Vulnerability ID: HTB22588
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_artgk_cms_1.html
Product: ArtGK CMS
Vendor: ArtGK ( http://artgk-cms.ru/ )
Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions
Vendor Notification: 18 August 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking &...
More Lists
Dozens of other network security lists are archived at
SecLists.Org.
|