===
Ubuntu Security Notice USN-1029-1 December 08, 2010
openssl vulnerabilities
CVE-2008-7270, CVE-2010-4180
===
A security issue affects the following Ubuntu releases:
Ubuntu 6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02586517
Version: 1
HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial
of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as so
iDefense Security Advisory 12.07.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 07, 2010
I. BACKGROUND
QuickTime is Apple's media player product used to render video and other
media. The PICT file format was developed by Apple Inc. in 1984. PICT
files can contain both object-orient
> Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel > cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel > uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel > gcc _2.6.37.local.c -o test
00:37 linups:../expl/kernel > ./test
[*] Failed to open
Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
2.6.35-22-generic). Works as expected.
Great job Dan. You're full of win!
Regards,
Ryan Sears
- Original Message -
From: "Cal Leeming [Simplicity Media Ltd]"
To: "Dan Rosenberg"
Cc: full-disclos...@lists.grok.org.u
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
==
Secunia Research 08/12/2010
- QuickTime Track Dimensions Buffer Overflow Vulnerability -
==
Table of Contents
Affected Software..
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Dan
--snip--
/*
* Linux Kernel <= 2.6.37 local privilege escalation
* by Da
===
Ubuntu Security Notice USN-1028-1 December 07, 2010
imagemagick vulnerability
CVE-2010-4167
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubun
www.eVuln.com advisory:
HTTP Response Splitting in WWWThreads (php version)
Summary: http://evuln.com/vulns/156/summary.html
Details: http://evuln.com/vulns/156/description.html
---Summary---
eVuln ID: EV0156
Software: n/a
Vendor: WWWThreads
Version: 2006.11.25
Critical
===
Ubuntu Security Notice USN-1027-1 December 07, 2010
quagga vulnerabilities
CVE-2010-2948, CVE-2010-2949
===
A security issue affects the following Ubuntu releases:
Ubuntu 6
===
Ubuntu Security Notice USN-1026-1 December 07, 2010
paste vulnerability
CVE-2010-2477
===
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This adv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02639302Version: 1
HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution
of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:249
http://www.mandriva.com/security/
_
Vulnerability ID: HTB22718
Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms_1.html
Product: Exponent CMS
Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ )
Vulnerable Version: 2.0.0pr2
Vendor Notification: 22 November 2010
Vulnerability Type: Local File Inclusion
St
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
>
> > Anyone tested this in sandbox yet?
>
> 00:37 linups:../expl/kernel > cat /etc/*release*
> openSUSE 11.3 (i586)
> VERSION = 11.3
> 00:37 linups:../expl/kernel > uname -r
> 2.6.34.4-0.1-desktop
> 00:37 linups:../expl/kernel > gcc _2.6.37.l
Values placed in the URI of the browser are rendered correctly. Orion NPM
10.1 has just been released, so there is no known fix available as of yet.
Examples:
Most "variable=" that I've checked are vulnerable:
http:///Orion/NetPerfMon/MapView.aspx?Map=4f89095c-35fa-4b1b-813f-231270=0225b7.OrionM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:248
http://www.mandriva.com/security/
_
Vulnerability ID: HTB22717
Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms.html
Product: Exponent CMS
Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ )
Vulnerable Version: 2.0.0pr2
Vendor Notification: 22 November 2010
Vulnerability Type: Local File Inclusion
Stat
Vulnerability ID: HTB22715
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms.html
Product: Zimplit CMS
Vendor: Zimplit ( http://www.zimplit.com/ )
Vulnerable Version: Current at 22.11.2010 and Probably Prior Versions
Vendor Notification: 22 November 2010
Vulnerability T
Vulnerability ID: HTB22716
Reference:
http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms_1.html
Product: Zimplit CMS
Vendor: Zimplit ( http://www.zimplit.com/ )
Vulnerable Version: Current at 22.11.2010 and Probably Prior Versions
Vendor Notification: 22 November 2010
Vulnerabilit
21 matches
Mail list logo