-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
VSR Security Advisory
http://www.vsecurity.com/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Advisory Name: libraptor - XXE in RDF/XML File Interpretation
Release
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2440-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
March 24, 2012
Hi,
when using PostgreSQL JDBC driver version 8.1 to connect to a PostgreSQL
version 9.1 database, escaping of JDBC statement parameters does
not work and SQL injection attacks are possible.
The problem can be reproduced for example with version 8.1-415
(released 2010-05-11), which still can be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2441-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
March 25, 2012
It has been discovered that spoofed getstatus UDP requests are being
used by attackers[0][1][2][3] to direct status responses from multiple
Quake 3-based servers to a victim, as a traffic amplification mechanism
for a denial of service attack on that victim.
Open-source games derived from the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:038
http://www.mandriva.com/security/
Title: Matthew1471s ASP BlogX - XSS Vulnerabilities
Software : Matthew1471s ASP BlogX
Software Version : 12 August 2008
Vendor: http://blogx.co.uk/
Vulnerability Published : 2012-03-26
Vulnerability Update Time :
Status :
Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:P/I:N/A:N)
Bug
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2442-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
March 26, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-2443-1secur...@debian.org
http://www.debian.org/security/ Dann Frazier
March 26, 2012
PRE-CERT Security Advisory
==
* Advisory: PRE-SA-2012-02
* Released on: 21st March 2012
* Affected products: libzip = 0.10
PHP 5.4.0
PHP = 5.3.10
zipruby = 0.3.6
* Impact: heap overflow, information leak
*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:039
http://www.mandriva.com/security/
[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0
===
Author: Janek Vind waraxe
Date: 27. March 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-80.html
Description of vulnerable software:
# Vuln Title: PcwRunAs Password Obfuscation Design Flaw
# Date: 26.03.2012
# Author: Christian Landström, otr
# Software Link: http://www.pcwelt.de/downloads/pcwRunAs-1215998.html
# Version: = 0.4
# Tested on: Windows
# CVE : CVE-2012-1793
# Risk: high
# Type: Privilege Escalation
# Vendor:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:040
http://www.mandriva.com/security/
Hi,
As stated in the timeline below (thanks!), this issue was handled in
part using the Openwall-hosted distros list (which currently notifies
many Linux distro vendors, FreeBSD, and NetBSD/pkgsrc with PGP
re-encryption to individual recipients):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:041
http://www.mandriva.com/security/
16 matches
Mail list logo