Re: Web Tool Announcement: ismymailsecure.com

Hi, Holger-- On Aug 18, 2010, at 2:59 AM, Holger Rabbach wrote: I am happy to announce the immediate availability of a web based email security testing tool at http://www.ismymailsecure.com. [ ... ] If you have any concerns about having to enter a full email address, please be advised that

[SECURITY] [DSA 2094-1] New Linux 2.6.26 packages fix several issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2094-1secur...@debian.org http://www.debian.org/security/ dann frazier August 19, 2010

Directory Traversal in AutoFTP Manager

Vulnerability ID: HTB22566 Reference: http://www.htbridge.ch/advisory/directory_traversal_in_autoftp_manager.html Product: AutoFTP Manager Vendor: DeskShare ( http://www.deskshare.com/afm.aspx ) Vulnerable Version: 4.31 and Probably Prior Versions Vendor Notification: 05 August 2010

Ruxcon 2010 Final Call For Papers

RUXCON 2010 FINAL CALL FOR PAPERS Ruxcon would like to announce the final call for papers for the sixth annual Ruxcon conference. This year the conference will take place over the weekend of 20th and 21st of November. Ruxcon will be held at CQ, Melbourne, Australia. The deadline for

Directory Traversal in 3D FTP Client

Vulnerability ID: HTB22565 Reference: http://www.htbridge.ch/advisory/directory_traversal_in_3d_ftp_client.html Product: 3D FTP Client Vendor: SiteDesigner Technologies, Inc. ( http://3dftp.com/3dftp.htm ) Vulnerable Version: 9.0 build 2 and Probably Prior Versions Vendor Notification: 05 August

phpMyAdmin 3.3.5 / 2.11.10 = Cross Site Scripting (XSS) Vulnerability

== phpMyAdmin 3.3.5 / 2.11.10 = Cross Site Scripting (XSS) Vulnerability == 1. OVERVIEW The phpMyAdmin web application was vulnerable to Cross

Nagios XI Login XSS

Nagios XI Login XSS Advisory ID: NGENUITY-2010-007 Vulnerability Information Class: Cross-Site Scripting (XSS) Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Description The login page for the Nagios XI management

Directory Traversal in FTPGetter

Vulnerability ID: HTB22567 Reference: http://www.htbridge.ch/advisory/directory_traversal_in_ftpgetter.html Product: FTPGetter Vendor: FTPGetter Team ( http://www.ftpgetter.com/ ) Vulnerable Version: 3.51.0.05 and Probably Prior Versions Vendor Notification: 05 August 2010 Vulnerability Type:

Secunia Research: Novell iPrint Client call-back-url Buffer Overflow Vulnerability

== Secunia Research 20/08/2010 - Novell iPrint Client call-back-url Buffer Overflow - == Table of Contents Affected

[ MDVSA-2010:158 ] squirrelmail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:158 http://www.mandriva.com/security/

[Bkis-04-2010] Multiple Vulnerabilities in OpenBlog

[Bkis-04-2010] Multiple Vulnerabilities in OpenBlog 1. General Information OpenBlog is a free software for developing blogging platform. OpenBlog is written on PHP language and available at http://www.open-blog.info. In August 2010, Bkis Security discovered some XSS, CSRF vulnerabilities on this

Re: [MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue

Hello Bugtraq! Regarding this XSS in WordPress 3.0.1 (http://www.securityfocus.com/archive/1/513101/30/30/threaded) I'll note about what I already wrote at my site last week. And already wrote to David. That for the attack it's needed to know token (_wpnonce), which designed to protect

XSS vulnerability in MAXdev

Vulnerability ID: HTB22563 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_maxdev.html Product: MAXdev Vendor: MAXdev ( http://www.maxdev.it/ ) Vulnerable Version: 1.0.83 and Probably Prior Versions Vendor Notification: 05 August 2010 Vulnerability Type: XSS (Cross Site

Biblioteca 1.0 Beta Joomla Component Multiple SQL Injection Vulnerabilities

Biblioteca 1.0 Beta Joomla Component Multiple SQL Injection Vulnerabilities Name Biblioteca Vendorhttp://www.cielostellato.info Versions Affected 1.0 Beta AuthorSalvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact

[ MDVSA-2010:155 ] mysql

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:155 http://www.mandriva.com/security/

[SECURITY] [DSA 2095-1] New lvm2 packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2095-1 secur...@debian.org http://www.debian.org/security/Giuseppe Iuculano August 23, 2010

[ MDVSA-2010:157 ] freetype2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:157 http://www.mandriva.com/security/

Google Chrome: HTTP AUTH Dialog Spoofing through Realm Manipulation (Restated)

Hi Google Chrome ( 5.0.375.127 and previous versions) suffers from HTTP Auth Dialog spoofing vulnerability due to possible realm manipulation in the HTTP header. Previously, Google chrome has got a similar bug which can be seen on the following link

Re: 2Wire Broadband Router Session Hijacking Vulnerability

2wire support just replied that this has been fixed and new version (6.x.x.x) has been released. The advisory has been updated accordingly. http://yehg.net/lab/pr0js/advisories/2wire/[2wire]_session_hijacking_vulnerability

Secunia Research: Mono libgdiplus Image Processing Three Integer Overflows

== Secunia Research 23/08/2010 - Mono libgdiplus Image Processing Three Integer Overflows - == Table of Contents Affected

[ MDVSA-2010:156 ] freetype2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:156 http://www.mandriva.com/security/