CORE-2008-0415: Borland Interbase 2007 Integer Overflow

 ( 138 days 17 hours ago)

Core Security Technologies - CoreLabs Advisory Borland Interbase 2007 Integer Overflow *Advisory Information* Title: Borland Interbase 2007 Integer Overflow Advisory ID: CORE-2008-0415 Advisory URL: Date published: 2008-05-20 Date of last update: 2008-05-20 Vendors contacted: Borland Release mode: Coordinated release *Vulnerability Information* Class: Integer Overflow ...

RE: An account of the Estonian Internet War

 ( 138 days 17 hours ago)

On Tue, 20 May 2008, Viktor Larionov wrote: > Hi Gadi and all the rest of a community, > > I work and live in Estonia, and I was a witness to all happening here, > especially on the cyber-sphere starting the first day. > ...

[ GLSA 200805-19 ] ClamAV: Multiple vulnerabilities

 ( 138 days 17 hours ago)

- - Gentoo Linux Security Advisory GLSA 200805-19 - - - - Severity: High Title: ClamAV: Multiple vulnerabilities Date: May 20, 2008 Bugs: #213762 ID: 200805-19 - - Synopsis Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. ...

[ GLSA 200805-18 ] Mozilla products: Multiple vulnerabilities

 ( 138 days 17 hours ago)

- - Gentoo Linux Security Advisory GLSA 200805-18 - - - - Severity: Normal Title: Mozilla products: Multiple vulnerabilities Date: May 20, 2008 Bugs: #208128, #214816, #218065 ID: 200805-18 - - Synopsis Multiple vulnerabilities have been reported in Mozilla Firefox, ...

How to Offer the Strongest SSL Encryption

 ( 138 days 20 hours ago)

(Source: Verisign) Learn all the facts about guaranteeing maximum SSL strength to every Web site visitor, regardless of browser type or operating system. Stronger encryption levels keep your business safe from online threats and allow your customers to feel safe transacting on your site.

[ GLSA 200805-17 ] Perl: Execution of arbitrary code

 ( 138 days 21 hours ago)

- - Gentoo Linux Security Advisory GLSA 200805-17 - - - - Severity: Normal Title: Perl: Execution of arbitrary code Date: May 20, 2008 Bugs: #219203 ID: 200805-17 - - Synopsis A double free vulnerability was discovered in Perl, possibly resulting ...

[SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities

 ( 138 days 21 hours ago)

- Debian Security Advisory DSA-1583-1 securityatdebian.org Thijs Kinkhorst May 20, 2008 - Package : gnome-peercast Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-6454 CVE-2008-2040 Debian Bug : 466539 Several remote vulnerabilities have been discovered in Gnome PeerCast, ...

[SECURITY] [DSA 1582-1] New peercast packages fix arbitrary code execution

 ( 138 days 21 hours ago)

- Debian Security Advisory DSA-1582-1 securityatdebian.org Thijs Kinkhorst May 20, 2008 - Package : peercast Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-2040 Debian Bug : 478573 Nico Golde discovered that PeerCast, a P2P audio and video streaming ...

RE: An account of the Estonian Internet War

 ( 138 days 21 hours ago)

Hi Gadi and all the rest of a community, I work and live in Estonia, and I was a witness to all happening here, especially on the cyber-sphere starting the first day. Let's skip the details on the political context of your story, which from my ...

Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities

 ( 138 days 21 hours ago)

Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis Systems Affected Mantis 1.1.1 and possibly earlier versions Severity High Impact (CVSSv2) High 9/10, vector: (AV:N/AC:L/Au:N/C:C/I:P/A:P) Vendor Advisory Authors Antonio "s4tan" Parata (s4tan AT ush DOT it) ...

[SECURITY] [DSA 1581-1] New gnutls13 packages fix potential code execution

 ( 138 days 21 hours ago)

- Debian Security Advisory DSA-1581-1 securityatdebian.org Florian Weimer May 20, 2008 - Package : gnutls13 Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. ...

[security bulletin] HPSBUX02332 SSRT080056 rev.2 - HP-UX Running Apache With PHP, Remote Denial of Service (DoS), Gain Extended Privileges

 ( 138 days 21 hours ago)

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01438646 Version: 1 HPSBUX02332 SSRT080056 rev.2 - HP-UX Running Apache With PHP, Remote Denial of Service (DoS), Gain Extended Privileges NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-05-19 ...

[security bulletin] HPSBUX02335 SSRT071454 rev.1 - HP-UX Running useradd(1M), Local Unauthorized Access

 ( 138 days 21 hours ago)

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01455884 Version: 1 HPSBUX02335 SSRT071454 rev.1 - HP-UX Running useradd(1M), Local Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-05-19 Last Updated: 2008-05-19 ...

Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability

 ( 138 days 21 hours ago)

Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability AUTHOR : CWH Underground DATE : 19 May 2008 SITE : www.citec.us APPLICATION : Starsgames Control Panel VERSION : <= 4.6.2 DOWNLOAD : DORK: "starsgames control panel @2006" Exploit [-] [ >>> ][XSS] =Example= Alert: ...

ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow

 ( 138 days 21 hours ago)

ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow -- CVE ID: CVE-2008-2242 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates BrightStor ARCserve Server -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 4931. ...

Secunia Research: Foxit Reader "util.printf()" Buffer Overflow

 ( 138 days 21 hours ago)

Secunia Research 20/05/2008 - Foxit Reader "util.printf()" Buffer Overflow - Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 1) Affected Software * Foxit Reader 2.3 build 2825 ...

Vbulletin 3.7.0 Gold >> Sql injection on faq.php

 ( 138 days 21 hours ago)

By : Ali Jasbi(Hackerz.ir security & hacking research team) Vendor : vbulletin.org version : 3.7.0 Gold Vulnerability: Sql injection =[Sql injection]&match=any&titlesonly=1 test it: faq.php?s=&do=search&q='&match=any&titlesonly=1 faq.php?s=&do=search&q=%00'&match=all&titlesonly=0 Enjoy it...

eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities

 ( 138 days 21 hours ago)

# # # ...::::eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities ::::... # Virangar Security Team www.virangar.net Discoverd By :virangar security team(hadihadi) special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in the world hadiaryaie2004 & my lovely friend arash(imm02tal) ...

RedHat: Important: gnutls security update

 ( 138 days 22 hours ago)

LinuxSecurity.com: Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 4. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950)

RedHat: Critical: gnutls security update

 ( 138 days 22 hours ago)

LinuxSecurity.com: Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950)

Ubuntu: OpenSSH update

 ( 138 days 22 hours ago)

LinuxSecurity.com: USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. Original advisory details:

Debian: New phpgedview packages fix privilege escalation

 ( 138 days 22 hours ago)

LinuxSecurity.com: It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error.

RedHat: Important: kernel security and bug fix update

 ( 138 days 22 hours ago)

LinuxSecurity.com: Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

Mandriva: Updated libid3tag packages fix denial of service

 ( 138 days 22 hours ago)

LinuxSecurity.com: field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop. The updated packages have been patched to correct this.

McAfee anti-fraud researcher charged with fraud

 ( 138 days 23 hours ago)

A former excutive at ScanAlert, the firm that offered the "Hacker Safe" certification before it was purchased by McAfee, has been charged with securities fraud in Indiana.

New attack trend pushes POS encryption to the fore

 ( 138 days 23 hours ago)

The recent rash of data thefts from retail point-of-sale systems is prompting security vendors and payment processing firms to offer tools for encrypting POS information.

Vulnerability Advisory on GnuTLS

 ( 139 days 1 hour ago)

GnuTLS has been proven to be vulnerable prior to version 2.2.5. The vulnerabilities can expose Denial-of-Service (DoS) and buffer overflow conditions. Further investigation is needed but maybe possible for an attacker to execute code on the affected system. Please see the advisory for more information:

[USN-612-7] OpenSSH update

 ( 139 days 1 hour ago)

Ubuntu Security Notice USN-612-7 May 20, 2008 openssh update CVE-2008-0166 A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the ...

CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities

 ( 139 days 1 hour ago)

Title: CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities CA Advisory Date: 2008-05-19 Reported By: An anonymous researcher working with the iDefense VCP Damian Put working with ZDI/TippingPoint Impact: A remote attacker can cause a denial of service or execute arbitrary code. ...

An account of the Estonian Internet War

 ( 139 days 1 hour ago)

About a year ago after coming back from Estonia I promised I'd send in an account of the Estonian "war". The postmortem analysis and recommendations I later wrote for the Estonian CERT are not yet public. A few months ago I wrote an article for the Georgetown Journal of ...

AppServ Open Project < = 2.5.10 Remote XSS Vulnerability

 ( 139 days 1 hour ago)

AppServ Open Project < = 2.5.10 Remote XSS Vulnerability AUTHOR : CWH Underground DATE : 19 May 2008 SITE : www.citec.us APPLICATION : AppServ Open Project VERSION : <= 2.5.10 VENDOR : [url=[/url] DOWNLOAD : [url=[/url] DORK: N/A Exploit [-] [ [XSS]>>>> ] ...

ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability

 ( 139 days 1 hour ago)

ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability -- CVE ID: CVE-2008-2241 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates BrightStor ARCserve Server -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 4685. ...

[SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation

 ( 139 days 1 hour ago)

- Debian Security Advisory DSA-1580-1 securityatdebian.org Thijs Kinkhorst May 20, 2008 - Package : phpgedview Vulnerability : programming error Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-2064 It was discovered that phpGedView, an application to provide online access ...

Mtr - remote and local stack overflow - uncomment situation in libresolv.

 ( 139 days 1 hour ago)

Name: Mtr - network diagnostic tool. Author: Adam Zabrocki Date: February 28, 2008 Issue: Mtr allows local and remote attackers to overflow buffer on stack. Description: Mtr combines the functionality of the traceroute and ping programs in a single ...

[security bulletin] HPSBST02336 SSRT080071 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-026 to MS08-029

 ( 139 days 1 hour ago)

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01460710 Version: 1 HPSBST02336 SSRT080071 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-026 to MS08-029 NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-05-19 Last Updated: 2008-05-19 ...

[ MDVSA-2008:103 ] - Updated libid3tag packages fix denial of service vulnerability

 ( 139 days 1 hour ago)

Mandriva Linux Security Advisory MDVSA-2008:103 Package : libid3tag Date : May 19, 2008 Affected: 2008.0, 2008.1, Corporate 3.0 Problem Description: field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) ...

Re: Cpanel all version >> root access with a reseller account.

 ( 139 days 1 hour ago)

Ali, I'm unable to reproduce such an issue on multiple servers running different versions of cPanel. Does this reseller have the access to the 'all features' privilege?