===
Ubuntu Security Notice USN-916-1 March 23, 2010
krb5 vulnerabilities
CVE-2010-0283, CVE-2010-0628
===
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-2022-1secur...@debian.org
http://www.debian.org/security/ Nico Golde
March 23th, 2010
###
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
###
#
# CVE ID : CVE-2009-4505
# Product: OpenCMS OAMP Comments Module
# Vendor: Open Source, Alkacon GmbH (C
Justin Lundy (Founder & CEO, Subterrain) was replaced by Fyodor Yarochkin & The
Grugq. Sorry about that Fyodor! :D
---
Hafez Kamal
HITB Crew
Hack in The Box (M) Sdn. Bhd.
Suite 26.3, Level 26, Menara IMC,
No. 8 Jalan Sultan Ismail,
50250 Kuala Lumpur,
Malaysia
Tel: +603-20394724
Fax: +603-20318
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities
Severity: Moderate
Vendor: SpringSource
Versions Affected:
SpringSource Hyperic HQ 4.2 pre-release versions
SpringSource Hyperic HQ 4.1.0 to 4.1.2
SpringSource Hyperic HQ 4.0.0 to 4
hi;
All versions of Discuz! have the cross-site vulnerabilities because of the
export value of "$referer".
Like:
Discuz! 7.X
Discuz! 6.X
Discuz! 5.X
Discuz!NT 3.X
and so on.
There are some htm pages in all versions of Discuz!, that are:
/templates/default/attachpay.htm
/templates/defau
===
Ubuntu Security Notice USN-918-1 March 24, 2010
samba vulnerability
CVE-2010-0926
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04
==
Secunia Research 24/03/2010
- Pulse CMS login.php Arbitrary File Writing Vulnerability -
==
Table of Contents
Affected Software.
==
Secunia Research 24/03/2010
- Pulse CMS Arbitrary File Writing Vulnerability -
==
Table of Contents
Affected Software
Symlink attack with Solaris Update manager and Sun Patch Cluster
Larry W. Cashdollar
Vapid Labs
1/24/2009
Many patches use insecure file creation in /tmp to store data during
installation. The easiest one to exploit is /tmp/CLEANUP which is used in a
handful of package installation scripts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software NAT Skinny Call Control
Protocol Vulnerability
Advisory ID: cisco-sa-20100324-sccp
Revision 1.0
For Public Release 2010 March 24 1600 UTC (GMT
==
Secunia Research 24/03/2010
- Pulse CMS Arbitrary File Deletion Vulnerability -
==
Table of Contents
Affected Software...
===
Ubuntu Security Notice USN-917-1 March 24, 2010
puppet vulnerabilities
CVE-2009-3564, CVE-2010-0156
===
A security issue affects the following Ubuntu releases:
Ubuntu 9.
==
Deliver, multiple vulnerabilites
March 24, 2010
CVE-2010-0439
==
==Description==
Deliver (http://deliver.sourceforge.net/), a mail delivery program
installed suid
root as /usr/bin/deliver, is vulnerable to several race conditio
Symlink attack with Solaris Update manager and Sun Patch Cluster
Larry W. Cashdollar
Vapid Labs http://vapid.dhs.org
1/24/2010
With the GUI Sun Update Manager being used to install patches on a system
local users can easily run scripts and create symlinks in an attempt to
clobber fil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20100324-sip
Revision 1.0
For Public Release 2010 March 24 1600 UTC (GMT
16 matches
Mail list logo