[SECURITY] [DSA 2500-1] mantis security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2500-1 secur...@debian.org http://www.debian.org/security/Florian Weimer June 24, 2012

[SECURITY] [DSA 2501-1] xen security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2501-1 secur...@debian.org http://www.debian.org/security/Florian Weimer June 24, 2012

[SECURITY] [DSA 2502-1] python-crypto security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2502-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff June 24, 2012

hashdays 2012 - Call for Papers (#days CFP)

Call for Papers for hashdays'12 (#days) === Introduction hashdays is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks. The event features many international IT securit

[ MDVSA-2012:100 ] rsyslog

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:100 http://www.mandriva.com/security/ _

[slackware-security] freetype (SSA:2012-176-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] freetype (SSA:2012-176-01) New freetype packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +---

Re: The history of a -probably- 13 years old Oracle bug: TNS Poison

We want to verify that the patch we have installed works. I've been looking for tnspoison.py but can't find it do you know where I can download it.

CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability

Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: Roller trusts bloggers to post HTML and JavaScript code in the weblog and for some sites this can be a problem be

CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability

Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: HTTP POST interfaces in the Roller admin/editor console were not protected from CSRF attacks. This issue has been

[SECURITY] [DSA 2498-1] dhcpcd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2498-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez June 23, 2012

[SE-2012-01] Security weakness in Apple QuickTime Java extensions (details released)

Hello All, Security Explorations decided to release technical details and accompanying Proof of Concept code for a security vulnerability in Apple QuickTime software. This move is made in a response to Apple's evaluation of a reported issue as a "hardening issue" rather than a security bug [1]

Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy

Look at the code at announcements.php: $aid = intval($mybb->input['aid']); [Boring lines…] [Boring lines…] $query = $db->query(" SELECT u.*, u.username AS userusername, a.*, f.* FROM ".TABLE_PREFIX."announcements a LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=a.uid)

Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy

On 22 June 2012 07:58, Henri Salo wrote: >> # >> # >> # Expl0iTs : >> # >> # [TarGeT]/Patch/announcements.php?aid=1[Sql] >> # >> # >>

[CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution

--- SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution --- author...: Egidio Romano aka EgiX mail.: n0b0d13s[at]gmail[dot]com software link: http://www.sugar

OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components

Hi @ll, the OpenLimit reader ( and ), an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, su

Re: Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy

This is an invalid report. No such vulnerability exists within MyBB 1.6.8. -Nathan Malcolm, MyBB group

[CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution

--- SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution --- author...: Egidio Romano aka EgiX mail.: n0b0d13s[at]gmail[dot]com software link: http://www.sugar

SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection

SEC Consult Vulnerability Lab Security Advisory < 20120626-0 > === title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12

[security bulletin] HPSBMU02792 SSRT100820 rev.2 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03377648 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03377648 Version: 2 HPSBMU02792 S

Re: The history of a -probably- 13 years old Oracle bug: TNS Poison

On Tue, Jun 26, 2012 at 6:49 AM, prpgk1 wrote: > We want to verify that the patch we have installed works. I've been looking > for tnspoison.py but can't find it do you know where I can download it. Links to the following: http://www.joxeankoret.com/research.html Documentation: http://www.joxean

Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy

Isn't $aid already escaped by intval() ? Gianluca On Fri, Jun 22, 2012 at 10:13 PM, Yaniv Shaked wrote: > > Look at the code at announcements.php: > > $aid = intval($mybb->input['aid']); > > [Boring lines…] > > [Boring lines…] > > $query = $db->query(" >        SELECT u.*, u.username AS useruser