Consumer identity-theft protection services: What works?

 ( 74 days 5 hours ago)

Who actually puts a Social Security number on the side of a truck, and do such "identity theft protection" services really work? Our editorial siblings at PC World dug into the six leading firms to see what they can and cannot do for you.

DIY identity-theft protection: A 12-step program

 ( 74 days 5 hours ago)

You don't have to spend $100 to $200 a year to defend yourself from identity theft at the level of protection that a paid service offers. You can do almost everything the services do, free. Our friends at PC World have a plan outlined for you.

mvnForum 1.1 Cross Site Scripting

 ( 74 days 5 hours ago)

mvnForum Cross Site Scripting Vulnerability Original release date: 2008-04-27 Last revised: 2008-05-06 Latest version: Source: Christian Holler <> Systems Affected: mvnForum 1.1 () - A Java J2EE/Jsp/Servlet forum Severity: Moderate Overview: ...

Sphider 1.3.4 Cross Site Scripting

 ( 74 days 5 hours ago)

Sphider Cross Site Scripting Vulnerability Original release date: 2008-04-29 Last revised: 2008-05-06 Latest version: Source: Christian Holler <> Systems Affected: Sphider 1.3.4 () - A PHP Search Engine Severity: Moderate Overview: ...

[USN-605-1] Thunderbird vulnerabilities

 ( 74 days 5 hours ago)

Ubuntu Security Notice USN-605-1 May 06, 2008 mozilla-thunderbird, thunderbird vulnerabilities CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237 A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...

[SECURITY] [DSA 1570-1] New kazehakase packages fix execution of arbitrary code

 ( 74 days 5 hours ago)

- Debian Security Advisory DSA-1570-1 securityatdebian.org Steve Kemp May 06, 2008 - Package : kazehakase Vulnerability : various Problem type : local Debian-specific: no CVE Id(s) : CVE-2006-7227 CVE-2006-7228 CVE-2006-7230 CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768 Debian Bug : 464756 ...

Power Editor LOCAL FILE INCLUSION Vulnerbility

 ( 74 days 5 hours ago)

# # # ..:::::Power Editor LOCAL FILE INCLUSION Vulnerbility ::::... # Virangar Security Team www.virangar.net Discoverd By :Virangar Security Team (hadihadi) special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the world hadiaryaie2004 ...

[USN-607-1] Emacs vulnerabilities

 ( 74 days 5 hours ago)

Ubuntu Security Notice USN-607-1 May 06, 2008 emacs21, emacs22 vulnerabilities CVE-2007-6109, CVE-2008-1694 A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...

Invitation - OWASP AppSec Europe May 19-22 2008 - Belgium

 ( 74 days 5 hours ago)

Hi, We would like to invite you to the European OWASP Application Security Conference! After successful OWASP Conferences in the United States (San Jose), Europe (Milan), Asia (Taiwan) and Australia (Queensland), we are back in Belgium: 5 tutorials and 2 conference tracks in the historic center of ...

QTOFileManager V 1.0<== Remote File Upload Vulnerability

 ( 74 days 5 hours ago)

Discovered By: CrAzY CrAcKeR Email: Cr4zY.CrAcKeR(at)hotmail(dot)com Script : Sava's Simple Upload Version: Final Download : Search: inurl:qtofm.php ?[shell.php.jpg] I want to thank my friend:- rageh - Lover Hacker - Breeeeh - Sw33t h4ck3r WebSite :

[USN-608-1] KDE vulnerability

 ( 74 days 5 hours ago)

Ubuntu Security Notice USN-608-1 May 06, 2008 kdelibs vulnerability CVE-2008-1671 A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...

[security bulletin] HPSBMA02331 SSRT080000 rev.2 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges

 ( 74 days 5 hours ago)

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01438409 Version: 2 HPSBMA02331 SSRT080000 rev.2 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-05-05 ...

Stupid hacker tricks, part two: The folly of youth

 ( 74 days 13 hours ago)

Sociopathic youngsters who have behaved very, very badly -- and paid for it.

HPSBUX02332 SSRT080056 rev.1 - HP-UX running Apache with PHP, Remote Denial of Service (DoS), Gain Extended Privileges

 ( 74 days 13 hours ago)

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01438646 Version: 1 HPSBUX02332 SSRT080056 rev.1 - HP-UX running Apache with PHP, Remote Denial of Service (DoS), Gain Extended Privileges NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-05-05 ...

RE: Microsot DID DISCLOSE potential Backdoor

 ( 74 days 13 hours ago)

I'm not sure the facts in evidence support the conclusions reached here (sorry, not posting inline as I don't want to address each conclusion built upon some other shaky conclusion. Reporting component ...

HPSBUX02324 SSRT080034 rev.1 - HP-UX Running Netscape Directory Server (NDS), Local Gain Extended Privileges

 ( 74 days 13 hours ago)

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01433676 Version: 1 HPSBUX02324 SSRT080034 rev.1 - HP-UX Running Netscape Directory Server (NDS), Local Gain Extended Privileges NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-05-05 Last Updated: 2008-05-05 ...

[tool announcement] tmin - a handy fuzzing test case optimizer

 ( 74 days 13 hours ago)

Hi, I'd like to announce tmin - a free, quick, and handy tool to quickly and effortlessly minimize the size and syntax of complex test cases in automated security testing. I found the tool to be remarkably useful, as ...

[SECURITY] [DSA 1554-2] New roundup packages fix regression

 ( 74 days 13 hours ago)

- Debian Security Advisory DSA-1554-2 securityatdebian.org Thijs Kinkhorst May 06, 2008 - Package : roundup Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1474 Debian Bug : 472643 Roundup, an issue tracking system, fails to properly escape HTML input, ...

Advisory SE-2008-03: PHP Multibyte Shell Command Escaping Bypass Vulnerability

 ( 74 days 13 hours ago)

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP Multibyte Shell Command Escaping Bypass Vulnerability Release Date: 2008/05/06 Last Modified: 2008/05/06 Author: Stefan Esser [stefan.esser[at]sektioneins.de] Application: PHP 5 <= 5.2.5 PHP 4 <= 4.4.8 ...

[SECURITY] [DSA 1569-2] New cacti packages fix regression

 ( 74 days 13 hours ago)

- Debian Security Advisory DSA-1569-2 securityatdebian.org Thijs Kinkhorst May 06, 2008 - Package : cacti Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0783 CVE-2008-0785 The original update for cacti unfortunately introduced a regression. ...

[ GLSA 200805-02 ] phpMyAdmin: Information disclosure

 ( 74 days 13 hours ago)

- Gentoo Linux Security Advisory GLSA 200805-02 - - Severity: Low Title: phpMyAdmin: Information disclosure Date: May 05, 2008 Bugs: #219005 ID: 200805-02 - Synopsis A vulnerability in phpMyAdmin may lead to information disclosure. Background ...

Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability

 ( 74 days 13 hours ago)

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP GENERATESEED() Weak Random Number Seed Vulnerability Release Date: 2008/05/06 Last Modified: 2008/05/06 Author: Stefan Esser [stefan.esser[at]sektioneins.de] Application: PHP 5 <= 5.2.5 PHP 4 <= 4.4.8 ...

Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5

 ( 74 days 13 hours ago)

Summary Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security issues that have recently been fixed in the Bugzilla code: * Users without the "canconfirm" privilege could enter a bug as NEW ...

[ GLSA 200805-01 ] Horde Application Framework: Multiple vulnerabilities

 ( 74 days 13 hours ago)

- Gentoo Linux Security Advisory GLSA 200805-01 - - Severity: Normal Title: Horde Application Framework: Multiple vulnerabilities Date: May 05, 2008 Bugs: #212635, #213493 ID: 200805-01 - Synopsis Multiple vulnerabilities in the Horde Application Framework may lead to ...

Ubuntu: Emacs vulnerabilities

 ( 74 days 13 hours ago)

LinuxSecurity.com: It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. (CVE-2007-6109) Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. (CVE-2008-1694)

Ubuntu: KDE vulnerability

 ( 74 days 13 hours ago)

LinuxSecurity.com: It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code. (CVE-2008-1671)

Debian: New roundup packages fix regression

 ( 74 days 13 hours ago)

LinuxSecurity.com: Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.

Debian: New cacti packages fix regression

 ( 74 days 13 hours ago)

LinuxSecurity.com: It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.