Dear SecurityFocus moderators.
Unfortunelly this bug was not found by Am!r (IrIsT?) like it has been credited
in this advisory. It was originally discovered by David Vieira-Kurz of
MajorSecurity and published on June 3rd 2006.
BugTraq-iD: 345993 -- http://www.securityfocus.com/archive/1/435993
Folks,
I'm pleased to announce the release of RFIDIOt version 0.1t
This was delayed waiting for vonJeek to release his epassport tools,
which he has now done (http://freeworld.thc.org/thc-epassport/), so here
goes...
As you've probably guessed, the main highlights here are integration
with
[ HTML FORMATED Advisory ]
http://www.wintercore.com/advisories/advisory_W021008.html
[TEXT VERSION]
GearSoftware Powered Products Local Privilege Escalation
+ GEARASpiWDM.sys Insecure Method
+ Microsoft Windows Kernel IopfCompleteRequest Integer Overflow
:: Summary
1. Background
2.
hi list,
I noticed on my HTC Hermes with latest available WM6 (not 6.1!), that
after I entered the password for my WLAN, auto-copletion knows the
phrase and suggests my WLAN-password for almost any input-field.
Further, the memory for passwordstorage is way too small. I can enter
my whole
The graphviz team has just released a patch to a critical security issue
I reported to them.
The following is the advisory (also available at
http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html):
Background
==
Graphviz is an open-source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Authentication Bypass in Cisco Unity
Advisory ID: cisco-sa-20081008-unity
http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml
Revision 1.0
For Public Release 2008 October 08 1600 UTC (GMT)
Summary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1648-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Thijs Kinkhorst
October 08, 2008
Hi Thomas,
This bug was fixed in a MySQL release dated 01 May 2008. It is now 01
Oct 2008 - 5 months after the bug was released. So why exactly is this
news? Did I miss something here?
Not fixed in any version I know of.
Patch has been available for 5 months, but this has not gotten
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1649-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
October 08, 2008
ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-063
October 8, 2008
-- CVE ID:
CVE-2008-4478
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
-- TippingPoint(TM) IPS Customer
ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-064
October 8, 2008
-- CVE ID:
CVE-2008-4479
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
-- TippingPoint(TM) IPS Customer
ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-065
October 8, 2008
-- CVE ID:
CVE-2008-4478
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
-- TippingPoint(TM) IPS Customer Protection:
The vendor fixed the issue remarkable quickly, but
Additionally, the Last modified field in directory listings disclosed the
timestamp of location information too.
Addresses like [EMAIL PROTECTED] disclosed confidential information about the people working in specific organizations too.
(From
http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html)
It has been a long time since Token Kidnapping presentation
(http://www.argeniss.com/research/TokenKidnapping.pdf) was published so I
decided to release a PoC exploit for Win2k3 that alows to execute code
ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-066
October 8, 2008
-- CVE ID:
CVE-2008-4480
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
-- TippingPoint(TM) IPS Customer Protection:
15 matches
Mail list logo