[USN-685-1] Net-SNMP vulnerabilities

2008-12-03 Thread Kees Cook
=== Ubuntu Security Notice USN-685-1 December 03, 2008 net-snmp vulnerabilities CVE-2008-0960, CVE-2008-2292, CVE-2008-4309 === A security issue affects the following Ubuntu rel

Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2

2008-12-03 Thread Steve Shockley
On 12/3/2008 12:24 AM, VMware Security team wrote: A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory.

Re: [HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation

2008-12-03 Thread rene . sato
Is fixed on ImressCMS 1.1.1RC1: http://sourceforge.net/forum/forum.php?forum_id=893767

[security bulletin] HPSBUX02389 SSRT080141 rev.1 - HP-UX, Local Denial of Service (DoS)

2008-12-03 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01615952 Version: 1 HPSBUX02389 SSRT080141 rev.1 - HP-UX, Local Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Dat

[SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM

2008-12-03 Thread SVRT-Bkis
MULTI SECURITY VULNERABILITIES IN MVNFORUM 1. General Information mvnForum is software used for creating forums on the Internet (http://www.mvnforum.com). This is an open source software making use of Java J2EE (ISP/Servlet) technology. On September 6 2008, SVRT-Bkis found several CSRF and XS

[USN-684-1] ClamAV vulnerability

2008-12-03 Thread Kees Cook
=== Ubuntu Security Notice USN-684-1 December 02, 2008 clamav vulnerability https://bugs.launchpad.net/bugs/304017 === A security issue affects the following Ubuntu releases: U

[SECURITY] [DSA 1679-1] New awstats packages fix cross-site scripting

2008-12-03 Thread Florian Weimer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1679-1 [EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer December 03, 2008

[SECURITY] [DSA 1678-1] New perl packages fix privilege escalation

2008-12-03 Thread Steffen Joeris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1678-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steffen Joeris December 03, 2008

VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2

2008-12-03 Thread VMware Security team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - VMware Security Advisory Advisory ID: VMSA-2008-0019 Synopsis: VMware Hosted products and patches for ESX and ESXi resolve

Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability

2008-12-03 Thread zimpel
I could finally reproduce the problem, when I used the Pi3Web 2.0.3 release without any patches. After applying the available patches in the intended incremental) order to this installation, with Pi3Web 2.0.3 PL2 the issue disappeared. It seems the creator of the original report has not used

[HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation

2008-12-03 Thread office
[HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation Details Product: Pro Clan Manager CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.proclanmanager.com/ Vendor-Status: informed Advisory-Status: not yet published Credits