prev · 22.02.2008 · next 
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | ||
[SECURITY] [DSA 1505-1] New alsa-driver packages fix kernel memory leak
( 637 days 13 hours ago)
- Debian Security Advisory DSA-1505 securityatdebian.org dann frazier February 22, 2008 - Package : alsa-driver Vulnerability : kernel memory leak Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-4571 Takashi Iwai supplied a fix for a memory leak in the sndpagealloc module. ...
[SECURITY] [DSA 1504-1] New Linux kernel 2.6.8 packages fix several issues
( 637 days 13 hours ago)
- Debian Security Advisory DSA-1504 securityatdebian.org dann frazier February 22, 2008 - Package : kernel-source-2.6.8 (2.6.8-17sarge1) Vulnerability : several Problem-Type : local Debian-specific: no CVE ID : CVE-2006-5823 CVE-2006-6054 CVE-2006-6058 CVE-2006-7203 CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-3105 CVE-2007-3739 CVE-2007-3740 CVE-2007-3848 CVE-2007-4133 CVE-2007-4308 CVE-2007-4573 CVE-2007-5093 CVE-2007-6063 ...
Hacker group releases automated 'Google hacking' tool
( 637 days 18 hours ago)
The Cult of the Dead Cow hacker group has released an open-source tool that can use a collection of specially crafted Google search terms to scan Web sites for security vulnerabilities.
Multiple vulnerabilities in Double-Take 5.0.0.2865
( 637 days 20 hours ago)
Luigi Auriemma Application: Double-Take Versions: <= 5.0.0.2865 (version 4.5.x tested with success too) Platforms: Windows Bugs: A] server termination through "vector too long" exception B] NULL pointer crash C] termination through memory allocation D] informations disclosure E] other exceptions Exploitation: remote ...
[SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues
( 637 days 20 hours ago)
- Debian Security Advisory DSA-1503 securityatdebian.org dann frazier February 22, 2008 - Package : kernel-source-2.4.27 (2.4.27-10sarge6) Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823 CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353 CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848 CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063 ...
[security bulletin] HPSBGN02298 SSRT071502 rev.3 - HP Notebook PC Quick Launch Button (QLB) Software Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access
( 637 days 23 hours ago)
SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01300486 Version: 3 HPSBGN02298 SSRT071502 rev.3 - HP Notebook PC Quick Launch Button (QLB) Software Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access ...
Tool release: extract Windows credentials from registry hives
( 637 days 23 hours ago)
CredDump is a new tool implemented entirely in Python that is capable of extracting: * LM and NT hashes (SYSKEY protected) * Cached domain passwords * LSA secrets It has no dependencies on any part of Windows, and operates directly ...
Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)
( 637 days 23 hours ago)
Hello, I can confirm this affecting earlier versions as well, the XSS has been fixed some months ago, the SQL Injection (and others) were caused by a failure in the "punctuation" validation regexp. Just fixed that one as well as some others. ...
IBM Quickr 8 Calendar Xss Injection (Bypass Quickr 8.0 Xss Filter)
( 637 days 23 hours ago)
...
[USN-581-1] PCRE vulnerability
( 637 days 23 hours ago)
Ubuntu Security Notice USN-581-1 February 21, 2008 pcre3 vulnerability CVE-2008-0674 A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...
[SECURITY] [DSA 1502-1] New wordpress packages fix multiple vulnerabilities
( 637 days 23 hours ago)
- Debian Security Advisory DSA-1502-1 securityatdebian.org Noah Meyerhans February 22, 2008 - Package : wordpress Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-3238 CVE-2007-2821 CVE-2008-0193 CVE-2008-0194 Several remote vulnerabilities have been discovered in wordpress, a weblog manager. ...
EDLGraph 1.0
( 637 days 23 hours ago)
EDLGraph is a social engineering tool that harvests email addresses in the public domain and produces a graph linking FQDN domains in a single row based on public user interaction records. The source code can be obtained from the svn:
Certification for Web Application Security Professionals
( 637 days 23 hours ago)
Web Application Security Consortium (www.webappsec.org) and SANS (www.sans.org) has partnered together to define, train, test and certify the individuals. WASC is a leading web application security organization and SANS is a leader in training and certification. Together they have the ...
CanSecWest 2008 Mar 26-28
( 637 days 23 hours ago)
CanSecWest 2008 Presentations Snort 3.0 - Marty Roesch, Sourcefire Cross-Site Scripting Vulnerabilities in Flash Authoring Tools - Rich Cannings, Google Proprietary RFID Systems - Jan "starbug" Krissler and Karsten Nohl, CCC Media Frenzy: Finding Bugs in Windows Media Software - Mark Dowd and ...
Cold Boot Attacks on Disk Encryption
( 637 days 23 hours ago)
This project has been in the works since the last CCC Camp in 2007. We're all pretty excited to release it and so I thought Bugtraq readers might have some thoughts on the matter. Ed Felten wrote about it on Freedom To Tinker this morning: ...
[ GLSA 200802-09 ] ClamAV: Multiple vulnerabilities
( 637 days 23 hours ago)
- Gentoo Linux Security Advisory GLSA 200802-09 - - Severity: High Title: ClamAV: Multiple vulnerabilities Date: February 21, 2008 Bugs: #209915 ID: 200802-09 - Synopsis Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. Background ...
Debian: New wordpress packages fix multiple vulnerabilities
( 638 days 3 hours ago)
LinuxSecurity.com: Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php.
Ubuntu: PCRE vulnerability
( 638 days 3 hours ago)
LinuxSecurity.com: It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. In certain situations, an attacker could exploit applications linked against PCRE by tricking a user or automated system in processing a malicious regular expression leading to a denial of service or possibly arbitrary code execution.
Debian: New dspam packages fix information disclosure
( 638 days 3 hours ago)
LinuxSecurity.com: Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line when using the MySQL backend. This allowed a local attacker to read the contents of the dspam database, such as emails.
Debian: New splitvt packages fix privilege escalation
( 638 days 3 hours ago)
LinuxSecurity.com: Mike Ashton discovered that splitvt, a utility to run two programs in a split screen, did not drop group privileges prior to executing 'xprop'. This could allow any local user to gain the privileges of group utmp.
Mandriva: Updated x11-driver-video-openchrome package
( 638 days 3 hours ago)
LinuxSecurity.com: The openchrome driver version shipped with Mandriva 2008.0 is not fully functional with most chrome based video cards available in the market. This update, requested by upstream developers, should correct the problems, and provide a more mature driver.
Ubuntu: Qt vulnerability
( 638 days 3 hours ago)
LinuxSecurity.com: It was discovered that QSslSocket did not properly verify SSL certificates. A remote attacker may be able to trick applications using QSslSocket into accepting invalid SSL certificates.
prev · 22.02.2008 · next
