AST-2009-003: SIP responses expose valid usernames

Asterisk Project Security Advisory - AST-2009-003 ++ | Product | Asterisk | |+---|

Family Connections 1.8.2 Blind SQL Injection (Correct Version)

*** Salvatore "drosophila" Fresta *** [+] Application: Family Connection [+] Version: <= 1.8.2 [+] Website: http://www.familycms.com [+] Bugs: [A] Blind SQL Injection [+] Exploitation: Remote [+] Date: 1 Apr 2009 [+] Discovered by: Salvatore "drosophila" Fresta [+] Author: Salvatore

[ GLSA 200904-01 ] Openfire: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Cyber Warfare Conference: Agenda

Cooperative Cyber Defence Centre of Excellence Conference on Cyber Warfare June 17-19, 2009 Tallinn, Estonia www.ccdcoe.org Jaak Aaviksoo, Estonian Defence Minister Opening Remarks KEYNOTE The Information Warfare Monitor Tracking GhostNet: Investigating a Cyber Espionage Network KEYNOTE Mikko Hy

[ GLSA 200904-03 ] Gnumeric: Untrusted search path

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Family Connections <= 1.8.2 - Remote Shell Upload Exploit

/* Family Connections <= 1.8.2 - Remote Shell Upload Exploit Author: Salvatore "drosophila" Fresta Contact: drosophila...@gmail.com Date: 3 April 2009 The following software will upload a simple php shell. To execute remot

Family Connections 1.8.2 Arbitrary File Upload

*** Salvatore "drosophila" Fresta *** [+] Application: Family Connection [+] Version: <= 1.8.2 [+] Website: http://www.familycms.com [+] Bugs: [A] Arbitrary File Upload [+] Exploitation: Remote [+] Date: 3 Apr 2009 [+] Discovered by: Salvatore "drosophila" Fresta [+] Author: Salvato

[ GLSA 200904-02 ] GLib: Execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

rPSA-2009-0057-1 m2crypto openssl openssl-scripts

rPath Security Advisory: 2009-0057-1 Published: 2009-04-03 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Minor Exposure Level Classification: Indirect Deterministic Denial of Service Updated Versi

IBM DB2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi. IBM DB2 Version 9.5 Fix Pack 3a came out, fixing also two DoS vulnerabilities I found. http://www-01.ibm.com/support/docview.wss?uid=swg21372517IBM DB2 1. "IZ37697: SECURITY: MALICIOUS CONNECT DATA STREAM CAN CAUSE DENIAL OF SERVICE." First is pr

glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit

http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Found another vector of injection in /private/system/lib-session.php near lines 97-117: ... if (isset ($_COOKIE[$_CONF['cookie_session']

[SECURITY] [DSA 1761-1] New moodle packages fix file disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1761-1secur...@debian.org http://www.debian.org/security/ Nico Golde April 3rd, 2009

Autodesk IDrop ActiveX Control Heap Corruption Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Who: Autodesk http://www.autodesk.com What: Autodesk IDrop ActiveX Control http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=2753219&; linkID=9240618 IDrop.ocx version 17.1.51.160 {21E0CB95-1198-4945-A3D2-4BF804295F78} How: The Src, Backgr