FBI warns of e-mail scams offering to help Chinese quake victims

 ( 143 days 15 hours ago)

The FBI is warning Americans who want to send donations in the wake of this month's earthquake in China to beware of a rising number of e-mail relief scams.

Anti-malware group scolds Apple over Safari 'carpet bomb'

 ( 143 days 15 hours ago)

StopBadware.org wants Apple to beef up its Safari Web browser to better protect users from exploits that could allow attackers to download malicious code to a Mac or Windows user's desktop.

www file share pro 5.30 insecure multiple

 ( 143 days 16 hours ago)

this server that now has reached 5.30 per version still contains many elements of insecurity: does not control the file extensions loaded not figure the pass not esitone setting permits 666 777 etc. Min poc:

iDefense Security Advisory 05.21.08: Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability

 ( 143 days 16 hours ago)

iDefense Security Advisory 05.21.08 May 21, 2008 I. BACKGROUND Snort is an open source network intrusion detection (IDS) and prevention system (IPS). In addition to being available as a package for most Unix operating system distributions, various commercial hardware devices ...

CORE-2008-0126: Multiple vulnerabilities in iCal

 ( 143 days 16 hours ago)

Core Security Technologies - CoreLabs Advisory Multiple vulnerabilities in iCal *Advisory Information* Title: Multiple vulnerabilities in iCal Advisory ID: CORE-2008-0126 Advisory URL: Date published: 2008-05-21 Date of last update: 2008-05-21 Vendors contacted: Apple Inc. Release mode: Coordinated release *Vulnerability Information* Class: Input Validation ...

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

 ( 143 days 16 hours ago)

This exploit is valid. We've just exploted it. VBulletin 3.7.0 Gold. martin.meredithatvbulletin.com wrote: > This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB. > > Once again, this is invalid >

[SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code

 ( 143 days 16 hours ago)

- Debian Security Advisory DSA-1584-1 securityatdebian.org Steve Kemp May 21, 2008 - Package : libfishsound Vulnerability : integer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1686 Debian Bug : 475152 It was discovered that libfishsound, a simple programming interface that ...

[USN-612-8] openssl-blacklist update

 ( 143 days 16 hours ago)

Ubuntu Security Notice USN-612-8 May 21, 2008 openssl-blacklist update A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...

Cisco Security Advisory: Cisco Voice Portal Privilege Escalation Vulnerability

 ( 143 days 16 hours ago)

Cisco Security Advisory: Cisco Voice Portal Privilege Escalation Vulnerability Advisory ID: cisco-sa-20080521-cvp Revision 1.0 For Public Release 2008 May 21 1600 UTC (GMT) Summary A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP) ...

Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service

 ( 143 days 20 hours ago)

Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080521-ssh Revision 1.0 For Public Release 2008 May 21 1600 UTC (GMT) Summary The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability ...

[USN-613-1] GnuTLS vulnerabilities

 ( 143 days 20 hours ago)

Ubuntu Security Notice USN-613-1 May 21, 2008 gnutls12, gnutls13 vulnerabilities CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...

Re: Re: Re: Exploiting Google MX servers as Open SMTP Relays

 ( 143 days 20 hours ago)

Hi, We would like to let you know that we have updated our report to include the omitted details. You can read it at: Also we have made our proof of concept available at: Best Regards, Pablo Ximenes Information Security Research Team (INSERT) ...

Re: mjguest 6.7 (ALL VERSION) Xss & Redirection Vuln

 ( 143 days 20 hours ago)

I am the developer of MJGUEST. A patch for this vulnerability has been released. The bug is now fixed. See the official topic here: Regards, "mdsjack"

[DSECRG-08-020] Alcatel OmniPCX Office Remote Comand Execution

 ( 143 days 20 hours ago)

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-020 Application: Alcatel OmniPCX Office Versions Affected: Alcatel OmniPCX Office since release 210/061.1 Vendor URL: Bugs: Remote command execution Exploits: YES Risk: High CVSS Score: 7.31 CVE-number: 2008-1331 Reported: 31.01.2008 Vendor response: 01.02.2008 Customers informed: 07.03.2008 Published on PSIRT: 01.04.2008 ...

[DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability

 ( 143 days 20 hours ago)

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru) Description *********** ...

[ MDVSA-2008:105 ] - Updated kernel packages fix vulnerabilities

 ( 143 days 20 hours ago)

Mandriva Linux Security Advisory MDVSA-2008:105 Package : kernel Date : May 21, 2008 Affected: 2007.1 Problem Description: The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, ...

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

 ( 143 days 20 hours ago)

This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB. Once again, this is invalid

Ubuntu: openssl-blacklist update

 ( 143 days 20 hours ago)

LinuxSecurity.com: USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check X.509 certificates as well, and provides the corresponding update for Ubuntu 6.06. While the OpenSSL in Ubuntu 6.06 was not vulnerable, openssl-blacklist is now provided for Ubuntu 6.06 for checking certificates and keys that may have been imported on these systems.

RedHat: Low: compiz security update

 ( 143 days 20 hours ago)

LinuxSecurity.com: Updated compiz packages that prevent Compiz from breaking screen saver grabs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team.

RedHat: Low: nss_ldap security and bug fix update

 ( 143 days 20 hours ago)

LinuxSecurity.com: An updated nss_ldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

RedHat: Low: mysql security and bug fix update

 ( 143 days 20 hours ago)

LinuxSecurity.com: Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team.

RedHat: Moderate: bind security, bug fix,

 ( 143 days 20 hours ago)

LinuxSecurity.com: Updated bind packages that fix two security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

RedHat: Low: dovecot security and bug fix update

 ( 143 days 20 hours ago)

LinuxSecurity.com: An updated dovecot package that fixes several security issues and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team.

RedHat: Important: libxslt security update

 ( 144 days 1 hour ago)

LinuxSecurity.com: Updated libxslt packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

Mandriva: Updated kernel packages fix vulnerabilities

 ( 144 days 1 hour ago)

LinuxSecurity.com: A race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. (CVE-2008-1375) The Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain re-ordered access to the descriptor table. (CVE-2008-1669) Additionaly, the updated kernel for Mandriva Linux 2008.0 has bug fixes for sound on NEC S970 systems, an oops in module rt73, and the -devel package fixes DKMS builds. To update your kernel, please follow the directions located at: [ >>> ]

Gentoo: ClamAV Multiple vulnerabilities

 ( 144 days 1 hour ago)

LinuxSecurity.com: Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code.

Gentoo: Mozilla products Multiple vulnerabilities

 ( 144 days 1 hour ago)

LinuxSecurity.com: Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code.

Gentoo: Perl Execution of arbitrary code

 ( 144 days 1 hour ago)

LinuxSecurity.com: =3D=3D=3D=3D=3D=3D=3D=3D A double free vulnerability was discovered in Perl, possibly resulting in the execution of arbitrary code and a Denial of Service.

Debian: New gnome-peercast packages fix several vulnerabilities

 ( 144 days 1 hour ago)

LinuxSecurity.com: Luigi Auriemma discovered that PeerCast is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.