Asterisk Project Security Advisory - AST-2009-003
++
| Product | Asterisk |
|+---|
*** Salvatore "drosophila" Fresta ***
[+] Application: Family Connection
[+] Version: <= 1.8.2
[+] Website: http://www.familycms.com
[+] Bugs: [A] Blind SQL Injection
[+] Exploitation: Remote
[+] Date: 1 Apr 2009
[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200904-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Cooperative Cyber Defence Centre of Excellence
Conference on Cyber Warfare
June 17-19, 2009
Tallinn, Estonia
www.ccdcoe.org
Jaak Aaviksoo, Estonian Defence Minister
Opening Remarks
KEYNOTE
The Information Warfare Monitor
Tracking GhostNet: Investigating a Cyber Espionage Network
KEYNOTE
Mikko Hy
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200904-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
/*
Family Connections <= 1.8.2 - Remote Shell Upload Exploit
Author: Salvatore "drosophila" Fresta
Contact: drosophila...@gmail.com
Date: 3 April 2009
The following software will upload a simple php shell.
To execute remot
*** Salvatore "drosophila" Fresta ***
[+] Application: Family Connection
[+] Version: <= 1.8.2
[+] Website: http://www.familycms.com
[+] Bugs: [A] Arbitrary File Upload
[+] Exploitation: Remote
[+] Date: 3 Apr 2009
[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvato
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200904-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
rPath Security Advisory: 2009-0057-1
Published: 2009-04-03
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Rating: Minor
Exposure Level Classification:
Indirect Deterministic Denial of Service
Updated Versi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi.
IBM DB2 Version 9.5 Fix Pack 3a came out, fixing also two DoS
vulnerabilities I found.
http://www-01.ibm.com/support/docview.wss?uid=swg21372517IBM DB2
1. "IZ37697: SECURITY: MALICIOUS CONNECT DATA STREAM CAN CAUSE DENIAL OF
SERVICE."
First is pr
http://retrogod.altervista.org/
software site: http://www.glfusion.org/
google dork: "Page created in" "seconds by glFusion" +RSS
Found another vector of injection in /private/system/lib-session.php near
lines 97-117:
...
if (isset ($_COOKIE[$_CONF['cookie_session']
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-1761-1secur...@debian.org
http://www.debian.org/security/ Nico Golde
April 3rd, 2009
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Who:
Autodesk
http://www.autodesk.com
What:
Autodesk IDrop ActiveX Control
http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=2753219&;
linkID=9240618
IDrop.ocx
version 17.1.51.160
{21E0CB95-1198-4945-A3D2-4BF804295F78}
How:
The Src, Backgr
13 matches
Mail list logo