 The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
List Archives
Latest Posts
Tftpd32 DHCP Server Denial Of Service Vulnerability
demonalex (May 22)
Title: Tftpd32 DHCP Server Denial Of Service Vulnerability
Software : Tftpd32
Software Version : v4.00
Vendor: http://tftpd32.jounin.net/
Vulnerability Published : 2012-05-21
Vulnerability Update Time :
Status :
Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)
Bug Description :
Tftpd32 is a free tftp and dhcp server for windows, freeware tftp server.
The tftpd32's dhcp server does not identify whether the real source...
DC4420 - London DEFCON - May meet - Tuesday May 22nd 2012
Major Malfunction (May 22)
Back at the Phoenix!!!! Sorry for the late notice, but you know the
score by now.... :)
Speakers:
'Why Industrial System air-gaps suck.'
Eireann Leverett of IOActive
A talk on why industrial systems can increasingly be found on the
internet, and how to work with CERTs to change it.
We've also got room for a 30min fun talk, so ping me when you get there
if you have one...
Venue is here:
The Phoenix
37 Cavendish...
[Announcement] CHMag's Issue 28, May 2012 Released
abhijeet (May 22)
Dear All,
Here we are with our 28th issue of ClubHack Magazine.
This issue covers following articles:-
0x00 Tech Gyan - Steganography over converted channels
0x01 Tool Gyan - Kautilya
0x02 Mom's Guide - HTTPS (Hyper Text Transfer Protocol Secure)
0x03 Legal Gyan - Section 66C - Punishment for identity theft
0x04 Code Gyan - Dont Get Injected Fix Your Code
0x05 Poster - "Look both side before crossing one way track"
Check...
[SECURITY] [DSA 2477-1] sympa security update
Florian Weimer (May 22)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2477-1 security () debian org
http://www.debian.org/security/ Florian Weimer
May 20, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : sympa
Vulnerability : authorization bypass
Problem type...
PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
admin (May 22)
<?php
######################################### www.bugreport.ir
########################################
#
# Title: PHP CGI Argument Injection Remote Exploit
V0.3 - PHP Version
# Vendor: http://www.php.net
# Vulnerable Version: PHP up to version 5.3.12 and 5.4.2
# Exploitation: Remote
# Original Advisory:
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
# Original Exploit...
Acuity CMS 2.6.x <= Arbitrary File Upload
YGN Ethical Hacker Group (May 22)
1. OVERVIEW
Acuity CMS 2.6.x (ASP-based) versions are vulnerable to Arbitrary File Upload.
2. BACKGROUND
Acuity CMS is a powerful but simple, extremely easy to use, low
priced, easy to deploy content management system. It is a leader in
its price and feature class.
3. VULNERABILITY DESCRIPTION
Acuity CMS 2.6.x (ASP-based) version contain a flaw that may allow an
attacker to upload .asp/.aspx files without restrictions, which will
execute...
Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access
YGN Ethical Hacker Group (May 22)
1. OVERVIEW
Acuity CMS 2.6.x (ASP-based) versions are vulnerable to Path Traversal.
2. BACKGROUND
Acuity CMS is a powerful but simple, extremely easy to use, low
priced, easy to deploy content management system. It is a leader in
its price and feature class.
3. VULNERABILITY DESCRIPTION
The issue is due to the script, /admin/file_manager/browse.asp, not
properly sanitizing user input, specifically directory traversal style
attacks (e.g.,...
[SECURITY] [DSA 2476-1] pidgin-otr security update
Jonathan Wiltshire (May 22)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2476-1 security () debian org
http://www.debian.org/security/ Jonathan Wiltshire
May 19, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : pidgin-otr
Vulnerability : format string vulnerability...
Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012)
Call for papers (May 22)
Call for Papers: The 7th International Conference for Internet
Technology and Secured Transactions (ICITST-2012)
Apologies for cross-postings.
Kindly email this call for papers to your colleagues,
faculty members and postgraduate students.
CALL FOR PAPERS
*********************************************************
Papers: The 7th International Conference for Internet Technology and
Secured Transactions (ICITST-2012)
Technical Co-Sponsored by...
[ MDVSA-2012:079 ] sudo
security (May 22)
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:079
http://www.mandriva.com/security/
_______________________________________________________________________
Package : sudo
Date : May 21, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A...
New Open Source Web Application Vulnerability Scanner Available
webvulscan (May 18)
Hi All,
There is a new web application vulnerability scanner available. It is called WebVulScan and it is open source. Here is
the link for it if you want to check it out: http://code.google.com/p/webvulscan/
Regards,
Dermot Blair
SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-2149
SEC Consult Vulnerability Lab (May 18)
SEC Consult Vulnerability Lab Security Advisory < 20120518-0 >
=======================================================================
title: libwpd WPXContentListener::_closeTableRow() memory
overwrite
product: OpenOffice.org
vulnerable version: 3.3.0/3.4 Beta 1 and probably earlier versions
fixed version: 3.4
CVE: CVE-2012-2149
impact: high...
H2HC Brazil 9th Edition - Call for Papers
Rodrigo Rubira Branco \(BSDaemon\) (May 18)
CALL FOR PAPERS - Hackers 2 Hackers Conference 9th edition
The call for papers for H2HC 9th edition is now open. H2HC is a hacker
conference taking place in Sao Paulo, Brazil, from 18 to 23 October 2012.
[ - Introduction - ]
For the ninth consecutive year and past success we have been having,
the annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
from 18 to 23 October 2012 and aims to get together industry,
government,...
Re: [oss-security] CVE Request: Planeshift buffer overflow
Kurt Seifried (May 18)
That's a very different scenario than this one as I understand it.
TORCS actually has a realistic requirement for using TORCS files
supplied by the user (that are downloaded from remote sites/etc.).
In the case of Planeshift the chatbubbles.xml is not supplied by the
user, it comes with the program and is installed into a system
directory. This is very different from the TORCS situation. If you can
convince a user to start replacing system...
Re: [oss-security] CVE Request: Planeshift buffer overflow
Kurt Seifried (May 18)
It doesn't sounds like any security boundary is being crossed.
If you can edit that file I'm guessing you can also modify the other
game files (executables, libraries, etc.), so there is no escalation
of privilege as far as I can tell. If the ifle is owned by a unique
user (e.g. it's a local config thing) again, if you can edit a users
files you already have access, so no escalation of privilege. If this
is correct then I will not...
More Lists
Dozens of other network security lists are archived at
SecLists.Org.
| 
Current Month
RSS Feed
About List
All Lists