Opinion: Malware vs. anti-malware, 20 years into the fray

 ( 162 days 16 hours ago)

Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape nearly 20 years after the very first Internet worm and spotlights how the two sides are approaching the battle.

Debian: New cacti packages fix multiple vulnerabilities

 ( 162 days 22 hours ago)

LinuxSecurity.com: It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.

Debian: New b2evolution packages fix cross site scripting

 ( 162 days 22 hours ago)

LinuxSecurity.com: "unsticky" discovered that b2evolution, a blog engine, performs insufficient input sanitising, allowing for cross site scripting.

Debian: New blender packages fix arbitrary code execution

 ( 162 days 22 hours ago)

LinuxSecurity.com: Stefan Cornelius discovered a vulnerability in the Radiance High Dynamic Range (HDR) image parser in Blender, a 3D modelling application. The weakness could enable a stack-based buffer overflow and the execution of arbitrary code if a maliciously-crafted HDR file is opened, or if a directory containing such a file is browsed via Blender's image-open dialog.

Ubuntu: CUPS vulnerability

 ( 162 days 22 hours ago)

LinuxSecurity.com: Thomas Pollet discovered that CUPS did not properly validate the size of PNG images. A local attacker, and a remote attacker if printer sharing is enabled, could send a crafted file and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1722)

CORE-2008-0129 - Wonderware SuiteLink Denial of Service vulnerability

 ( 162 days 23 hours ago)

Core Security Technologies - CoreLabs Advisory Wonderware SuiteLink Denial of Service vulnerability *Advisory Information* Title: Wonderware SuiteLink Denial of Service vulnerability Advisory ID: CORE-2008-0129 Advisory URL: Date published: 2008-05-05 Date of last update: 2008-05-05 Vendors contacted: Wonderware Release mode: Coordinated release *Vulnerability Information* ...

Novell eDirectory unauthenticated access to SOAP interface

 ( 162 days 23 hours ago)

[=] Affected software : Editor : Novell Name : eDirectory Version : 8.7.x (see note) and < 8.8.2 Services : TCP/8028 (HTTP) and TCP/8030 (HTTPS) [=] External references : [=] Technical details : ...

Novell eDirectory DoS via HTTP headers

 ( 162 days 23 hours ago)

[=] Affected software : Editor : Novell Name : eDirectory Version : < 8.7.3 SP 10 and < 8.8.2 Services : TCP/8028 (HTTP) and TCP/8030 (HTTPS) [=] External references : [=] Technical details : ...

[SECURITY] [DSA 1569-1] New cacti packages fix multiple vulnerabilities

 ( 162 days 23 hours ago)

- Debian Security Advisory DSA-1569-1 securityatdebian.org Thijs Kinkhorst May 05, 2008 - Package : cacti Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0783 CVE-2008-0785 It was discovered that Cacti, a systems and services monitoring frontend, ...

[ECHO_ADV_93$2008] Kmita Tellfriend <= 2.0 (file) Remote File Inclusion Vulnerability

 ( 162 days 23 hours ago)

ECHOADV93$2008 [ECHOADV93$2008] Kmita Tellfriend <= 2.0 (file) Remote File Inclusion Vulnerability Author : M.Hasran Addahroni Date : May, 5 th 2008 Location : Jakarta, Indonesia Web : Critical Lvl : High Impact : System access Where : From Remote Affected software description: Application : Kmita Tellfriend ...

[ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability

 ( 162 days 23 hours ago)

ECHOADV94$2008 [ECHOADV94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability Author : M.Hasran Addahroni Date : May, 5 th 2008 Location : Jakarta, Indonesia Web : Critical Lvl : High Impact : System access Where : From Remote Affected software description: Application : Kmita Mail ...

Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit

 ( 162 days 23 hours ago)

#!/usr/bin/perl # Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit # Discovered & Coded by JosS # Contact: sys-project[at]hotmail.com # Spanish Hackers Team / Sys - Project / EspSeC # # rgod forever :D print "\t\t\n\n"; ...

[ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability

 ( 162 days 23 hours ago)

ECHOADV90$2008 [ECHOADV90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability Author : M.Hasran Addahroni Date : May, 5 th 2008 Location : Jakarta, Indonesia Web : Critical Lvl : Medium Impact : System access Where : From Remote Affected software description: Application : pnEncyclopedia ...

[ECHO_ADV_95$2008] BackLinkSpider (cat_id) Blind Sql Injection Vulnerability

 ( 162 days 23 hours ago)

ECHOADV95$2008 [ECHOADV95$2008] BackLinkSpider (catid) Blind Sql Injection Vulnerability Author : M.Hasran Addahroni Date : May, 5 th 2008 Location : Jakarta, Indonesia Web : Critical Lvl : Medium Impact : System access Where : From Remote Affected software description: Application : BackLinkSpider version : unknown Vendor : ...

[SECURITY] [DSA 1568-1] New b2evolution packages fix cross site scripting

 ( 162 days 23 hours ago)

- Debian Security Advisory DSA-1568-1 securityatdebian.org Thijs Kinkhorst May 05, 2008 - Package : b2evolution Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-0175 Debian Bug : 410568 "unsticky" discovered that b2evolution, a blog engine, performs ...

[ECHO_ADV_92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability

 ( 162 days 23 hours ago)

ECHOADV92$2008 [ECHOADV92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability Author : M.Hasran Addahroni Date : May, 5 th 2008 Location : Jakarta, Indonesia Web : Critical Lvl : Medium Impact : System access Where : From Remote Affected software description: Application : Anserv Auction XL ...

[ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability

 ( 162 days 23 hours ago)

ECHOADV91$2008 [ECHOADV91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability Author : M.Hasran Addahroni Date : May, 5 th 2008 Location : Jakarta, Indonesia Web : Critical Lvl : Medium Impact : System access Where : From Remote Affected software description: ...

[SECURITY] [DSA 1567-1] New blender packages fix arbitrary code execution

 ( 162 days 23 hours ago)

- Debian Security Advisory DSA-1567-1 securityatdebian.org Devin Carraway May 05, 2008 - Package : blender Vulnerability : buffer overrun Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2008-1102 Stefan Cornelius discovered a vulnerability in the Radiance High ...

[USN-606-1] CUPS vulnerability

 ( 162 days 23 hours ago)

Ubuntu Security Notice USN-606-1 May 05, 2008 cupsys vulnerability CVE-2008-1722 A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...

LifeType 1.2.8

 ( 162 days 23 hours ago)

Script : LifeType 1.2.8 Type : XSS Vulnerability Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH Our Site : IRCRASH Bugtraq : IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr Script Download : ...

Mandriva: Updated OpenOffice.org packages fix

 ( 163 days 3 hours ago)

LinuxSecurity.com: A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could allow user-assisted remote attackers to execute arbitrary Java code via crafted database documents (CVE-2007-4575).

Debian: New cpio packages fix denial of service

 ( 163 days 3 hours ago)

LinuxSecurity.com: Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted archive.

DDoS attacks knock Radio Free Europe off the Web

 ( 163 days 8 hours ago)

Several Radio Free Europe Web sites were knocked offline a week ago in a DDoS attack that the news organization's spokesman compared to attempts decades ago by the Soviet Union to jam the U.S.-funded group's radio signals.

DDoS attacks knocked Radio Free Europe off the Web

 ( 163 days 11 hours ago)

Several Radio Free Europe Web sites were knocked offline a week ago in a DDoS attack that the news organization's spokesman compared to attempts decades ago by the Soviet Union to jam the U.S.-funded group's radio signals.