prev · 06.02.2008 · next 
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | ||
[ GLSA 200802-01 ] SDL_image: Two buffer overflow vulnerabilities
( 653 days 4 hours ago)
- - Gentoo Linux Security Advisory GLSA 200802-01 - - - - Severity: Normal Title: SDLimage: Two buffer overflow vulnerabilities Date: February 06, 2008 Bugs: #207933 ID: 200802-01 - - Synopsis Two boundary errors have been identified in SDLimage allowing for the ...
RE: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"
( 653 days 4 hours ago)
The paper () describes how to predict IP ID of various (BSD style) operating systems. This can be used for "blind TCP data injection" The latter term is a technique described by Michal Zalewski, and the paper references 2 BugTraq submissions by Zalewski that nicely explain this concept. These ...
[ GLSA 200802-02 ] Doomsday: Multiple vulnerabilities
( 653 days 4 hours ago)
- Gentoo Linux Security Advisory GLSA 200802-02 - - Severity: High Title: Doomsday: Multiple vulnerabilities Date: February 06, 2008 Bugs: #190835 ID: 200802-02 - Synopsis Multiple vulnerabilities in Doomsday might allow remote execution of arbitrary code or a Denial of Service. ...
ZDI-08-003: Symantec Backup Exec Remote File Upload Vulnerability
( 653 days 4 hours ago)
ZDI-08-003: Symantec Backup Exec Remote File Upload Vulnerability February 6, 2008 -- CVE ID: CVE-2008-0457 -- Affected Vendor: Symantec -- Affected Products: Backup Exec System Recovery Manager 7.0 Backup Exec System Recovery Manager 7.0.1 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this ...
Chat vulnerabilities in TinTin++ 1.97.9
( 653 days 4 hours ago)
Luigi Auriemma Application: TinTin / WinTin Versions: <= 1.97.9 Platforms: Windows, Linux and Mac Bugs: A] chat buffer-overflow B] chat YES NULL pointer C] chat home folder empty files creation Exploitation: remote Date: 06 Feb 2008 Author: Luigi Auriemma e-mail: aluigiatautistici.org web: aluigi.org ...
[SECURITY] [DSA 1483-1] New net-snmp packages fix denial of service vulnerability
( 653 days 4 hours ago)
- Debian Security Advisory DSA-1483-1 securityatdebian.org Noah Meyerhans February 06, 2008 - Package : net-snmp Vulnerability : design error Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-5846 The SNMP agent (snmpagent.c) in net-snmp before 5.4.1 allows remote ...
iDefense Security Advisory 02.04.08: Hewlett-Packard Network Node Manager Topology Manager Service DoS Vulnerability
( 653 days 10 hours ago)
iDefense Security Advisory 02.04.08 Feb 04, 2008 I. BACKGROUND HP Network Node Manager is a network mapping and management application that allows administrators to monitor and control their networks. The ovtopmd process listens, in a default configuration, on TCP port 2532. ...
[ MDVSA-2008:036 ] - Updated CUPS packages fix SNMP vulnerability
( 653 days 10 hours ago)
Mandriva Linux Security Advisory MDVSA-2008:036 Package : cups Date : February 6, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Problem Description: Wei Wang found that the SNMP discovery backend in CUPS did not ...
Logs visualization in WS_FTP Server Manager 6.1.0.0
( 653 days 10 hours ago)
Luigi Auriemma Application: WSFTP Server Manager Versions: WSFTP Server <= 6.1.0.0 Platforms: Windows Bugs: A] authorization bypassing in log visualization B] ASP source visualization Exploitation: remote Date: 06 Feb 2008 Author: Luigi Auriemma e-mail: aluigiatautistici.org web: aluigi.org 1) Introduction 2) Bugs 3) The Code ...
rPSA-2008-0046-1 gd
( 653 days 10 hours ago)
rPath Security Advisory: 2008-0046-1 Published: 2008-02-06 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: gd=conary.rpath.comatrpl:1/2.0.33-4.6-1 rPath Issue Tracking System: References: Description: Previous versions of the gd package are vulnerable to a possible ...
Re: Tested on Webmin 1.390
( 653 days 10 hours ago)
I have tested this vuln successfully on: * Webmin 1.370 * Usermin 1.300 (as a normal user) It seems to work under every search box or open file box!!!
rPSA-2008-0043-1 icu
( 653 days 10 hours ago)
rPath Security Advisory: 2008-0043-1 Published: 2008-02-06 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: icu=conary.rpath.comatrpl:1/3.4-5.1-1 rPath Issue Tracking System: References: Description: Previous versions of the icu package are vulnerable to Arbitrary Code ...
Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"
( 653 days 10 hours ago)
> Interestingly enough, OpenBSD uses a flavor of this PRNG for > another field, this time the IP fragmentation ID, part of the > OpenBSD kernel network stack. The analysis carries out quite > similarly to show that OpenBSD's IP ID is predictable as well, ...
[SECURITY] [DSA 1482-1] New squid packages fix denial of service
( 653 days 10 hours ago)
- Debian Security Advisory DSA-1482-1 securityatdebian.org Moritz Muehlenhoff February 05, 2008 - Package : squid Vulnerability : programming error Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-6239 It was discovered that malformed cache update replies against the Squid ...
Tested on Webmin 1.390
( 653 days 10 hours ago)
Aria-Security Team (Persian Security Network) Tested on Webmin 1.390 Cross Site Scripting This vuln was tested on Webmin as an administrator account (root) and it has worked on the search section (file) of the system. Value Inserted: "> Regards, Aria-Security Team (Persian Security Network) The-0utl4w ...
A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"
( 653 days 10 hours ago)
Hello BugTraq Recently I've been looking at the OpenBSD PRNG implementation for DNS transaction ID (OpenBSD ported BIND 9 into their code tree, but rolled their own PRNG for the DNS transaction ID field). I discovered a serious weakness in OpenBSD's PRNG, which allows an ...
[security bulletin] HPSBGN02310 SSRT080007 rev.1 - HP Virtual Rooms Running on Windows, Remote Execution of Arbitrary Code
( 653 days 10 hours ago)
SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01346601 Version: 1 HPSBGN02310 SSRT080007 rev.1 - HP Virtual Rooms Running on Windows, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-02-05 ...
[security bulletin] HPSBST02302 SSRT071474 rev.1 - HP Storage Essentials SRM, Remote Unauthorized Access
( 653 days 10 hours ago)
SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01316132 Version: 1 HPSBST02302 SSRT071474 rev.1 - HP Storage Essentials SRM, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-02-05 Last Updated: 2008-02-05 ...
2008 Internet Security Trends Report
( 653 days 15 hours ago)
(Source: Ironport) For a time, security controls designed to manage spam, viruses, and malware were working. Loud, high-impact attacks abated. But, as a result of this success, the threats they protected against were forced to change. In 2007, many of these threats underwent significant adaptation. Malware went stealth, and the sophistication increased.
prev · 06.02.2008 · next
