[SECURITY] [DSA 2208-1] bind9 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2208-1 secur...@debian.org http://www.debian.org/security/Florian Weimer March 30, 2011

RE: Solaris 10 Port Stealing Vulnerability

On Wed, 2011-03-30 at 14:20 +, Jim Harrison wrote: Interesting... Windows also has similar functionality offered via .NET services (Net.Tcp Port Sharing http://msdn.microsoft.com/en-us/library/ms734772.aspx), but this is only available through .NET API; not directly through Winsock or

[USN-1099-1] GDM vulnerability

=== Ubuntu Security Notice USN-1099-1March 30, 2011 gdm vulnerability CVE-2011-0727 === A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS

[SECURITY] [DSA 2208-2] bind9 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2208-2 secur...@debian.org http://www.debian.org/security/Florian Weimer March 30, 2011

HTB22907: Directory Traversal in Collabtive

Vulnerability ID: HTB22907 Reference: http://www.htbridge.ch/advisory/directory_traversal_in_collabtive.html Product: Collabtive Vendor: Open Dynamics ( http://collabtive.o-dyn.de/ ) Vulnerable Version: 0.6.5 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type:

Re: Re: HTB22905: Path disclosure in Wordpress

I agree, this is a configuration issue not an issue with Wordpress. Wordpress SHOULD NOT fix this issue because it will make it more difficult to write wordpress modules. All production systems should have this configuration: display_errors=off

HTB22909: Path disclosure in Tine 2.0

Vulnerability ID: HTB22909 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_tine_2_0.html Product: Tine 2.0 Vendor: Metaways Infosystems GmbH ( http://www.tine20.org/ ) Vulnerable Version: Neele (2011-01-2) Vendor Notification: 17 March 2011 Vulnerability Type: Path disclosure

HTB22931: XSS vulnerability in InTerra Blog Machine

Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_interra_blog_machine.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team ( http://code.google.com/p/interra/ ) Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31

[USN-1100-1] OpenLDAP vulnerabilities

=== Ubuntu Security Notice USN-1100-1March 31, 2011 openldap, openldap2.3 vulnerabilities CVE-2011-1024, CVE-2011-1025, CVE-2011-1081 === A security issue affects the

Re: Solaris 10 Port Stealing Vulnerability

Imagine if you find a Solaris system running a web server that has a remote exploit which allows for the execution of arbitrary code. If the web server happens to be listening on the wildcard interface than you can very easily insert your own web server in front of it! There SO_EXCLBIND