 The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
List Archives
Latest Posts
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
VMware Security Team (Nov 20)
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0016
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
Issue date: 2009-11-20
Updated on: 2009-11-20 (initial release of advisory)
CVE numbers: --- JRE ---...
IE7
info (Nov 20)
<!--
securitylab.ir
K4mr4n_st () yahoo com
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML xmlns="http://www.w3.org/1999/xhtml">
<HEAD>
<script>
function load(){
var e;
e=document.getElementsByTagName("STYLE")[0];...
[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access
security-alert (Nov 20)
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01931960
Version: 1
HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-11-18
Last Updated: 2009-11-18
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team...
PHP "multipart/form-data" denial of service
Bogdan Calin (Nov 20)
Description
------------
PHP version 5.3.1 was just released. This release contains a patch for a
denial of service condition we've reported on 27 October 2009. The
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).
When you send a POST request to a PHP script with the content-type of
"multipart/form-data" and include a list of files in that request, PHP
will create a temporary file for each file from...
Firefox 3.5.3 Remote Array Overrun (UPDATE)
cxib (Nov 20)
Please update CVE-2009-1563 BID:36851 and BID:36843
Mozilla has changed credit.
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
and add correct CVE: CVE-2009-0689.
CVE-2009-1563 shouldn't never exists. It is duplicate.
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
cxib (Nov 20)
[ KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software:
- KDELibs 4.3.3
NOTE: Prior versions may also be affected.
Original URL:
http://securityreason.com/achievement_securityalert/74
--- 0.Description ---
KDELibs is a collection of libraries built on top of...
K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
cxib (Nov 20)
[ K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software:
- K-Meleon 1.5.3
NOTE: Prior versions may also be affected.
Original URL:
http://securityreason.com/achievement_securityalert/72
--- 0.Description ---
K-Meleon is an extremely fast, customizable,...
SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
cxib (Nov 20)
[ SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software:
- SeaMonkey 1.1.18
Fixed in:
- SeaMonkey 2.0
NOTE: Prior versions may also be affected.
Original URL:
http://securityreason.com/achievement_securityalert/71
--- 0.Description ---
The SeaMonkey project is...
Opera 10.01 Remote Array Overrun (Arbitrary code execution)
cxib (Nov 20)
[ Opera 10.01 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software:
- Opera 10.01
- Opera 10.10 Beta
NOTE: Prior versions may also be affected.
Original URL:
http://securityreason.com/achievement_securityalert/73
--- 0.Description ---
Opera is a Web browser and Internet suite...
NSA Iraqi Computer Attacks And U.S. Defense
Gadi Evron (Nov 19)
In a recent article in the National Journal Magazine, the NSA
supposedly admits to using computer attacks in Iraq, attacking
cellular systems. Aside to the hacking part, which is obviously
"cool", the impact on the US cyber defense stance as well as
international relations is staggering.
I spent some time trying to figure out what facts were given in the
story, and analyze it.
Original story:...
AssetsSoSimple supplier_admin.php Supplier Field XSS
Bugs NotHugs (Nov 19)
product: AssetsSoSimple
version tested: 0.33
vendor URL: http://assetssosimple.sourceforge.net/
script: supplier_admin.php
field: Supplier
ooo
BugsNotHugs
Shared Vulnerability Disclosure Account
Auto Manager admin.cgi Multiple Field XSS
Bugs NotHugs (Nov 19)
vendor: interactivetools.com, inc.,
http://www.interactivetools.com/products/automanager/
product: Auto Manager
version: 2.52
script: admin.cgi
fields: Vehicle, Year, Price, Drive Train, Transmission, Body, Engine,
Description, Color, Miles
***
BugsNotHugs
Shared Vulnerability Disclosure Account
[security bulletin] HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
security-alert (Nov 19)
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01926980
Version: 2
HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-11-17
Last Updated: 2009-11-18
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response...
[security bulletin] HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service
security-alert (Nov 19)
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01886100
Version: 1
HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-11-18
Last Updated: 2009-11-18
Potential Security Impact: Remote unauthorized access to data, Denial of Service (DoS)
Source:...
[USN-860-1] Apache vulnerabilities
Jamie Strandboge (Nov 19)
===========================================================
Ubuntu Security Notice USN-860-1 November 19, 2009
apache2 vulnerabilities
CVE-2009-3094, CVE-2009-3095, CVE-2009-3555
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu,...
More Lists
Dozens of other network security lists are archived at
SecLists.Org.
|