ID fraud-prevention firm LifeLock hit with customer lawsuits

 ( 136 days 15 hours ago)

LifeLock, which has 900,000 subscribers for its identity theft protection service, faces class-action lawsuits in three states charging it with false advertising and deceptive trade practices.

Re: /home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

 ( 136 days 15 hours ago)

* Asterisk Security Team: > > Resolution Since this is not a vulnerability in Asterisk itself but > in a tool that Asterisk uses, there will be no new > releases made; however, users who are affected by the > Debian OpenSSL vulnerability are strongly encouraged to ...

ING looks to help customers secure online transactions

 ( 136 days 18 hours ago)

ING Direct USA this week made available a small software tool from Trusteer that is designed to protect its customers against online fraud and ID theft.

[SECURITY] [DSA 1586-1] New xine-lib packages fix several vulnerabilities

 ( 136 days 19 hours ago)

- Debian Security Advisory DSA-1586-1 securityatdebian.org Devin Carraway May 22, 2008 - Package : xine-lib Vulnerability : multiple Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2008-1482 CVE-2008-1686 CVE-2008-1878 Multiple vulnerabilities have been discovered in xine-lib, a library ...

abledating 2.4 >> Sql injection and cross site scripting on search_results.php

 ( 136 days 19 hours ago)

By : Ali Jasbi ( hackerz.ir security & hacking team) vendor : abk-soft.com product name : abledating 2.4 Exploits : 1- Sql injection : bug : =[sql injection]&status=online&savesearch=on&searchname=My search&photo=on&porientation%255B%255D=2&order=rating&sort=desc&prelation%255B%255D=4&search test : '&status=online&savesearch=on&searchname=My search&photo=on&porientation%255B%255D=2&order=rating&sort=desc&prelation%255B%255D=4&search 2-Cross site scripting : bug : =>'>&status=online&savesearch=on&searchname=My search&photo=on

IRM Security Advisory : Barracuda Networks Spam Firewall Cross-Site Scripting Vulnerability

 ( 136 days 19 hours ago)

Barracuda Networks Spam Firewall Cross-Site Scripting Vulnerability CVE Number: CVE-2008-2333 Vulnerability Type / Importance: Cross-Site Scripting (Reflected) / Medium Problem Discovered 24 April 2008 Vendor Contacted 24 April 2008 Advisory Published 22 May 2008 Abstract The Barracuda Spam Firewall device web administration interface is ...

rPSA-2008-0174-1 gnutls

 ( 136 days 19 hours ago)

rPath Security Advisory: 2008-0174-1 Published: 2008-05-22 Products: rPath Linux 2 Rating: Minor Exposure Level Classification: Indirect Deterministic Denial of Service Updated Versions: gnutls=conary.rpath.comatrpl:2/2.2.5-1-0.1 rPath Issue Tracking System: References: Description: Previous versions of the gnutls package contain multiple vulnerabilities ...

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

 ( 136 days 19 hours ago)

Asterisk Project Security Advisory - AST-2008-007 Product Asterisk Summary Asterisk installations using cryptographic keys generated by Debian-based systems may be using a vulnerable implementation of OpenSSL Nature of Advisory Compromised cryptographic keys Susceptibility Users of RSA for IAX2 authentication and users of ...

BMForum Remote 5.6 Miltiple XSS Vulnerability

 ( 136 days 19 hours ago)

BMForum Remote 5.6 Miltiple XSS Vulnerability AUTHOR : CWH Underground DATE : 22 May 2008 SITE : www.citec.us APPLICATION : BMForum VERSION : 5.6 (Lastest Version) VENDOR : DORK: "powered by BMForum" Exploit [-] [ >>> ] [-] [ >>> ] [-] [ >>> ] [-] [ >>> ] ...

Exteen Blog XSS Remote Cookie Disclosure Exploit

 ( 136 days 19 hours ago)

Exteen Blog XSS Remote Cookie Disclosure Exploit AUTHOR : CWH Underground DATE : 22 May 2008 SITE : www.citec.us APPLICATION : Exteen Blog VENDOR : www.exteen.com Vulnerable page [-] (Create New Entry Page) Description There are 2 ways to exploit this page ...

[security bulletin] HPSBUX02337 SSRT080072 rev.1 - HP-UX Running HP-UX Secure Shell, Local Unauthorized Access and Denial of Service (DoS)

 ( 136 days 19 hours ago)

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01462841 Version: 1 HPSBUX02337 SSRT080072 rev.1 - HP-UX Running HP-UX Secure Shell, Local Unauthorized Access and Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-05-21 ...

phpSQLiteCMS Multiple Remote XSS Vulnerability

 ( 136 days 19 hours ago)

phpSQLiteCMS Multiple Remote XSS Vulnerability AUTHOR : CWH Underground DATE : 21 May 2008 SITE : www.citec.us APPLICATION : phpSQLiteCMS VERSION : 1 RC2 (Lastest Version) VENDOR : DORK: "Powered By phpSQLiteCMS" Exploit [-] [ >>> ] [-] [ >>> ] [-] [ >>> ] [-] [ >>> ] ...

PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability

 ( 136 days 19 hours ago)

PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability AUTHOR : CWH Underground DATE : 21 May 2008 SITE : www.citec.us APPLICATION : PHPFreeForum VERSION : 1.0 RC2 VENDOR : Exploit [-] [ >>> ] [-] [ >>> ] [-] [ >>> ] Example for XSS : ...

ZDI-08-031: Trillian MSN MIME Header Stack-Based Overflow Vulnerability

 ( 136 days 19 hours ago)

ZDI-08-031: Trillian MSN MIME Header Stack-Based Overflow Vulnerability May 21, 2008 -- Affected Vendors: Cerulean Studios -- Affected Products: Cerulean Studios Trillian -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6097. ...

ZDI-08-030: Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability

 ( 136 days 19 hours ago)

ZDI-08-030: Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability May 21, 2008 -- Affected Vendors: Cerulean Studios -- Affected Products: Cerulean Studios Trillian -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6126. ...

Debian: New xine-lib packages fix several vulnerabilities

 ( 136 days 20 hours ago)

LinuxSecurity.com: Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. These weaknesses allow an attacker to overflow heap buffers and potentially execute arbitrary code by supplying a maliciously crafted file of those types.

Gentoo: GnuTLS Execution of arbitrary code

 ( 136 days 20 hours ago)

LinuxSecurity.com: Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS.

Gentoo: GnuTLS Execution of arbitrary code

 ( 136 days 20 hours ago)

LinuxSecurity.com: Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS.

Debian: New speex packages fix execution of arbitrary code

 ( 136 days 20 hours ago)

LinuxSecurity.com: It was discovered that speex, The Speex codec command line tools, did not correctly did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code.

Debian: New libfissound packages fix execution of arbitrary

 ( 136 days 20 hours ago)

LinuxSecurity.com: It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code

ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability

 ( 137 days 1 hour ago)

ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability May 21, 2008 -- Affected Vendors: Cerulean Studios -- Affected Products: Cerulean Studios Trillian -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5958. ...

ZDI-08-028: IBM Lotus Sametime Community Services Multiplexer Stack Overflow Vulnerability

 ( 137 days 1 hour ago)

ZDI-08-028: IBM Lotus Sametime Community Services Multiplexer Stack Overflow Vulnerability May 21, 2008 -- Affected Vendors: IBM -- Affected Products: IBM Lotus Sametime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5607, 5698. ...

[ GLSA 200805-20 ] GnuTLS: Execution of arbitrary code

 ( 137 days 1 hour ago)

- - Gentoo Linux Security Advisory GLSA 200805-20 - - - - Severity: High Title: GnuTLS: Execution of arbitrary code Date: May 21, 2008 Bugs: #222823 ID: 200805-20 - - Synopsis Multiple vulnerabilities might allow for the execution of arbitrary ...

MDAP ANTs PWNAGE: dumping the admin password of the BT Home Hub

 ( 137 days 1 hour ago)

We're back with more security attacks against the BT Home Hub (most popular wireless DSL router in the UK)! BT added a new security feature on the latest version [1] of the BT Home Hub firmware (6.2.6.E at time of writing) which changes the ...