[security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02699143 Version: 1 HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as

[USN-1051-1] HPLIP vulnerability

=== Ubuntu Security Notice USN-1051-1 January 25, 2011 hplip vulnerability CVE-2010-4267 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu

ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability. EMC Identifier: ESA-2011-003 CVE Identifier: CVE-2011-0321 Severity Rating: CVSS v2 Base Score: 8.5 (AV:N/AC:L/Au:N/C:P/I:N/A:C) Affected products: EMC NetWorker earlier than

HTB22795: Path disclosure in Hycus CMS

Vulnerability ID: HTB22795 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_hycus_cms.html Product: Hycus CMS Vendor: Hycus Web Development Team ( http://www.hycus.com/ ) Vulnerable Version: 1.0.3 and probably prior versions Vendor Notification: 13 January 2011 Vulnerability Type:

Microsoft IIS 6 parsing directory �x.asp� Vulnerability

# Microsoft IIS 6 parsing directory Vulnerability #Discovered by: Pouya daneshmand whh_iran[AT]yahoo[DOT]com http://securitylab.ir/blog #Introduction: Using this

VUPEN Security Research - Novell GroupWise TZID Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004)

VUPEN Security Research - Novell GroupWise VCALENDAR TZID Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004) http://www.vupen.com/english/research.php I. BACKGROUND - Novell GroupWise collaboration software is a premier collaboration tool for large

PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm

XSS (Reflected) Bugs in login.htm and error.htm PRTG V8.1.2.1809 (All OS Versions): http://www.paessler.com/ I have discovered two XSS bugs within PRTG version 8.1.2.1809. These bugs are in the login.htm and error.htm documents.

Re: Remote Code Execution in ICQ 7

UPDATE: This week, ICQ 7.4 (build 4561) was released. Even though the original version of my exploit does not work anymore, the vulnerability was not resolved: ICQ only changed the product ID that is included in the path to the update file. If every ocurrence of 30009 in both python files (see

[ MDVSA-2011:019 ] libuser

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:019 http://www.mandriva.com/security/

IETF RFC on the implementation of the TCP urgent mechanism

Folks, RFC 6093, entitled On the Implementation of the TCP Urgent Mechanism has just been published. It is available at: http://www.rfc-editor.org/rfc/rfc6093.txt This RFC has been motivated, to a large extent, by the behavior of some well-known firewalls. The Abstract of the RFC is: cut

Vanilla Forums 2.0.16 = Cross Site Scripting Vulnerability

== Vanilla Forums 2.0.16 = Cross Site Scripting Vulnerability == 1. OVERVIEW The Vanilla Forums 2.0.16 and lower versions were vulnerable to

Huawei HG default WEP/WPA generator

Hi, Huawei HG520 and HG530 routers are vulnerable to weak cipher attacks. It is possible to generate the default WEP/WPA key from the MAC address. The following documents detail the process of developing a key generator for these devices. English: http://websec.ca/blog/view/mac2wepkey_huawei

Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities Advisory ID: cisco-sa-20110126-csg2 http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml Revision 1.0 For Public Release 2011 January 26 1600 UTC (GMT)

OpenOffice.org Multiple Memory Corruption Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: OpenOffice.org Multiple Memory Corruption

[SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 2151-1secur...@debian.org http://www.debian.org/security/ Martin Schulze January 26th, 2011

HTB22797: Path disclousure in BLOG:CMS

Vulnerability ID: HTB22797 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_blogcms.html Product: BLOG:CMS Vendor: Radek Hulán ( http://blogcms.com/ ) Vulnerable Version: 4.2.1.f and probably prior versions Vendor Notification: 13 January 2011 Vulnerability Type: Path disclousure

Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212)

- www.ExploitDevelopment.com 2010-WEB-002 (CERT VU#870532) (Security Focus BID 45985) - TITLE: Lomtec ActiveWeb Professional 3.0

HTB22796: Path disclousure in DBHcms

Vulnerability ID: HTB22796 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_dbhcms.html Product: DBHcms Vendor: Kai-Sven Bunk ( http://www.drbenhur.com/ ) Vulnerable Version: Vendor Notification: 13 January 2011 Vulnerability Type: Path disclosure Status: Awaiting Vendor Response

[USN-1052-1] OpenJDK vulnerability

=== Ubuntu Security Notice USN-1052-1 January 26, 2011 openjdk-6, openjdk-6b18 vulnerability CVE-2010-4351 === A security issue affects the following Ubuntu releases: Ubuntu