[ MDVSA-2011:077 ] krb5

2011-04-25 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:077 http://www.mandriva.com/security/

[security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection

2011-04-25 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Document ID: c02807712 Version: 1 HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-04-21

[security bulletin] HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure

2011-04-25 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02789514 Version: 1 HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure NOTICE: The information in this Security

AST-2011-005: File Descriptor Resource Exhaustion

2011-04-25 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2011-005 Product Asterisk Summary File Descriptor Resource Exhaustion Nature of Advisory Denial of Service

[DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay

2011-04-25 Thread Alexandr Polyakov
Digital Security Research Group [DSecRG] Advisory #DSECRG-11-018 Application: Kaspersky Administration Kit Versions Affected: from 6.0 Vendor URL: http://www.kaspersky.com Bug: Design flaw Exploits:YES Reported:

Re: HTB22945: Multiple XSS in ZENphoto

2011-04-25 Thread Christian Kujau
On Thu, 21 Apr 2011 at 13:42, advis...@htbridge.ch wrote: The vulnerability exists due to failure in the /themes/zenpage/slideshow.php script to properly sanitize user-supplied input in _zp_themeroot variable then register_globals is on. You mean if register_globals is on? I thought anything

[ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011)

2011-04-25 Thread ACM CCS 2011
Apologies for multiple copies of this announcement. -- 18th ACM Conference on Computer and Communications Security (ACM CCS 2011) CALL FOR PAPERS OCTOBER 17 - 21, 2011 SWISSOTEL Chicago, Chicago, IL, USA http://sigsac.org/ccs/CCS2011 The

AT-TFTP Server Remote Denial of Service Vulnerability

2011-04-25 Thread SecPod Research
Hi, SecPod Research Team Member Antu Sanadi has found a DoS Vulnerability in AT-TFTP Server Advisory and POC details has been attached to this mail. Regards, SecPod Research Team http://www.secpod.com ###

[ MDVSA-2011:078 ] libtiff

2011-04-25 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:078 http://www.mandriva.com/security/

XSS in Webmin 1.540 + exploit for privilege escalation

2011-04-25 Thread Javier Bassi
Information Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi javierbassi [at] gmail [dot]

AST-2011-006: Asterisk Manager User Shell Access

2011-04-25 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2011-006 ProductAsterisk SummaryAsterisk Manager User Shell Access Nature of Advisory Permission Escalation

[TOOL RELEASE] T50 - an Experimental Mixed Packet Injector ( v5.3)

2011-04-25 Thread Nelson Brito
___.___ \_____/| /\ _ \ T50: an Experimental Packet Injector Tool || | \ / /_\ \ Release 5.3 || / \\ \_/ \ || /__ / \_ / Copyright (c) 2001-2011 Nelson Brito \/