Full Disclosure

[USN-911-1] MoinMoin vulnerabilities

Fri, 12 Mar 2010 02:01:49 GMT

Posted by Jamie Strandboge on Mar 11

===========================================================
Ubuntu Security Notice USN-911-1 March 11, 2010
moin vulnerabilities
CVE-2010-0668, CVE-2010-0669, CVE-2010-0717
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu,...

iDefense Security Advisory 03.11.10: Multiple Vendor WebKit HTML Element Use After Free Vulnerability

Fri, 12 Mar 2010 00:22:11 GMT

Posted by iDefense Labs on Mar 11

iDefense Security Advisory 03.11.10
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 11, 2010

I. BACKGROUND

WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.

http://webkit.org/

II. DESCRIPTION

Remote exploitation of a memory corruption vulnerability in WebKit, as
included with...

Last day to download WinScanX Basic or WinScanX Pro... forever.

Thu, 11 Mar 2010 23:42:40 GMT

Posted by Reed Arvin on Mar 11

I have received a cease and desist letter regarding certain tools on
http://windowsaudit.com. Regardless of the validity of the
accusations, I do not have the financial means to support legal
defense.

With that said, please take this opportunity to download WinScanX
Basic or purchase WinScanX Pro before they are gone forever. After
today, all that remains is a slim chance to find the product(s) via
some other means.

The http://windowsaudit.com...

[SECURITY] [DSA 2013-1] New egroupware packages fix several vulnerabilities

Thu, 11 Mar 2010 22:30:46 GMT

Posted by Moritz Muehlenhoff on Mar 11

------------------------------------------------------------------------
Debian Security Advisory DSA-2013-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
March 11, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : egroupware
Vulnerability : several
Problem type : remote...

[ MDVSA-2010:061 ] ncpfs

Thu, 11 Mar 2010 20:05:22 GMT

Posted by security on Mar 11

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:061
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ncpfs
Date : March 11, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0...

Re: New Internet Explorer code-execution

Thu, 11 Mar 2010 19:50:57 GMT

Posted by Georgi Guninski on Mar 11

haha, they updated their ``advisory'' to 1.1 from 1.0 at
http://www.microsoft.com/technet/security/advisory/981374.mspx

they changed ``targeted'' to ``public'' and the rest seems the same.

are targeted customers less important than public customers?

extra points for spelling eCHO as Echo:

Echo y| cacls %WINDIR%\SYSWOW64\iepeers.DLL /E /P everyone:N
Impact of workaround. Extended MSHTML functionality such as printing and
Web folders may be...

Re: Multiple vulnerabilities in SUPERAntiSpyware and Super Ad Blocker

Thu, 11 Mar 2010 19:02:59 GMT

Posted by netinfinity on Mar 11

*I am really sorry and appologize for using lame file uploading sites,
but I don't own a domain:( I tried to attach ZIP archive, but it seems
it's being filtered*

Use tar.gz not zip. Or .rar could also work.

ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability

Thu, 11 Mar 2010 18:09:46 GMT

Posted by ZDI Disclosures on Mar 11

ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-027
March 11, 2010

-- Affected Vendors:
Skype

-- Affected Products:
Skype

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8328.
For further product information on the TippingPoint IPS,...

ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerability

Thu, 11 Mar 2010 18:08:27 GMT

Posted by ZDI Disclosures on Mar 11

ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-028
March 11, 2010

-- Affected Vendors:
Skype

-- Affected Products:
Skype

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8329.
For further product information on the TippingPoint IPS, visit:...

Vulnerabilities in Abton

Thu, 11 Mar 2010 15:19:08 GMT

Posted by MustLive on Mar 11

Hello Full-Disclosure!

I want to warn you about vulnerabilities in Abton. It's commercial Ukrainian
CMS.

-----------------------------
Advisory: Vulnerabilities in Abton
-----------------------------
URL: http://websecurity.com.ua/2886/
-----------------------------
Timeline:

31.03.2008 - found the vulnerabilities.
16.02.2009 - announced at my site.
17.02.2009 - informed developers.
24.11.2009 - disclosed at my site....

Skype URI Handler Input Validation

Thu, 11 Mar 2010 15:17:40 GMT

Posted by Paul Craig on Mar 11

( , ) (,
. `.' ) ('. ',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_='`"``=.

presents..

Skype URI Handler Input Validation...

[SECURITY] [DSA 2011-1] New dpkg packages fix path traversal

Thu, 11 Mar 2010 15:15:21 GMT

Posted by Nico Golde on Mar 11

--------------------------------------------------------------------------
Debian Security Advisory DSA-2011-1 security () debian org
http://www.debian.org/security/ Nico Golde
March 10th, 2010 http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package : dpkg
Vulnerability : path traversal
Problem type :...

[SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities

Thu, 11 Mar 2010 15:13:29 GMT

Posted by dann frazier on Mar 11

------------------------------------------------------------------------
Debian Security Advisory DSA-2010 security () debian org
http://www.debian.org/security/ Dann Frazier
March 10, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : kvm
Vulnerability : privilege escalation/denial of service
Problem type...

Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability

Thu, 11 Mar 2010 15:12:01 GMT

Posted by Secunia Research on Mar 11

======================================================================

Secunia Research 10/03/2010

- XnView DICOM Parsing Integer Overflow Vulnerability -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...

Re: credit union phishing scam

Thu, 11 Mar 2010 12:20:35 GMT

Posted by Benji on Mar 11

Maybe we can get a definition of the Internet so I can fully grasp
what this fishing game is?