Today Microsoft released a security advisory about a vulnerability in the
Animated Cursor processing code in Windows:
http://www.microsoft.com/technet/security/advisory/935423.mspx
It seems like the vulnerability is already exploited in the wild:
http://asert.arbornetworks.com/2007/03/any-ani-file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- ---
VMware Security Advisory
Advisory ID: VMSA-2007-0002
Synopsis: VMware ESX server security updates
Issue date:2007-03-29
Updated on:
https://metalink.oracle.com/metalink/plsql/f?p=200:101:1834058191406040565¬ification_msg=alert(document.cookie)
On 3/29/07, Edmond Dantes <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> >>They probably need to redo their entire site's scripts, I wouldn't doubt
> >>there's a few more exploi
[Shirkdog Security Advisory SHK-004]
Title:
--
Computer Associates (CA) Brightstor Backup Mediasvr.exe Remote Code
Vulnerability
Description of Application:
---
http://www3.ca.com/solutions/ProductFamily.aspx?ID=115
Brightstor ARCserv Backup provides a complete, f
Well if you want 0days why don't you just buy core impact or immunity
canvas
On 3/29/07, don bailey <[EMAIL PROTECTED]> wrote:
Michael Bann wrote:
> Correct me if I'm wrong, but wouldn't that defeat the point of Full
> Disclosure?
>
They're fully disclosing their non disclosure policy.
___
Foresight Linux Essential Advisory: 2007-0005-1
Published: 2007-03-29
Rating: Minor
Updated Versions:
slocate=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/3.1-8.1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-3
References:
https://issues.foresightlinux.org/browse/FL-211
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:073
http://www.mandriva.com/security/
___
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:072
http://www.mandriva.com/security/
___
Foresight Linux Essential Advisory: 2007-0004-1
Published: 2007-03-29
Rating: Moderate
Updated Versions:
openoffice.org=/[EMAIL PROTECTED]:devel//1//[EMAIL
PROTECTED]:1-devel//1/2.2.0-0.0.5-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-2
References:
https://issues.foresightlin
Michael Bann wrote:
> Correct me if I'm wrong, but wouldn't that defeat the point of Full
> Disclosure?
>
They're fully disclosing their non disclosure policy.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
Correct me if I'm wrong, but wouldn't that defeat the point of Full
Disclosure?
[EMAIL PROTECTED] wrote:
> We buy and sell 0day vulnerability along with working demostrative exploit.
>
> We are interested only in client side exploits.
>
> We are interested in Internet Explorer and Microsoft Offic
We buy and sell 0day vulnerability along with working demostrative exploit.
We are interested only in client side exploits.
We are interested in Internet Explorer and Microsoft Office.
If you have good vulnerability we can pay cash, western union or wire transfer
in advance.
If you are a motiv
IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability
iDefense Security Advisory 03.29.07
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 29, 2007
I. BACKGROUND
IBM Corp.'s Lotus Sametime product provides a real-time online conferencing
solution. More information on the produc
[EMAIL PROTECTED] wrote:
> Referer checking will not stop open redirects you must create a whitelist.
> Consider the following
>
> http://site/script?u=http://site/script?u=http://cnn.com
>
> It will hit the script, redirect back to itself set the referer header then
> continue.
>
> - Robert
> ht
Hello Aditya,
I see your point there. Hope they get it fixed. Should the patch involve
some referrer checking?
Regards,
-Nikolay Kichukov
- Original Message -
From: "Aditya K Sood" <[EMAIL PROTECTED]>
To: "Nikolay Kichukov" <[EMAIL PROTECTED]>;
Sent: Thursday, March 29, 2007 7:40 PM
Sub
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:071
http://www.mandriva.com/security/
___
Nikolay Kichukov wrote:
> Hello there,
> I've read the article, but I still do not see where the severe redirection
> vulnerability is. Is this not a feature of the neworder.box.sk web site to
> allow anyone to be redirected to anypage they submit to redirect.php?
>
> Thanks,
> -Nikolay Kichukov
>
Hello there,
I've read the article, but I still do not see where the severe redirection
vulnerability is. Is this not a feature of the neworder.box.sk web site to
allow anyone to be redirected to anypage they submit to redirect.php?
Thanks,
-Nikolay Kichukov
- Original Message -
From: "
[EMAIL PROTECTED] wrote:
>>They probably need to redo their entire site's scripts, I wouldn't doubt
>>there's a few more exploits in there somewhere. -- 2+ exploits within one
>
> site in one month is pretty sad.
>
> Hemmm...
> The same guys relased another 4 just a few minutes ago.
>
> The id
> They probably need to redo their entire site's scripts, I wouldn't doubt
> there's a few more exploits in there somewhere. -- 2+ exploits within one
site in one month is pretty sad.
Hemmm...
The same guys relased another 4 just a few minutes ago.
The idiot part is that Libero strongly refuse
They probably need to redo their entire site's scripts, I wouldn't doubt
there's a few more exploits in there somewhere. -- 2+ exploits within one
site in one month is pretty sad.
On Wednesday 28 March 2007 12:17, LK wrote:
> After the report of Rosario Valotta on this ML, another XSS vulnerabil
<--start-->
Following the advisory of the XSS vulnerability found on Libero.it
(italian ISP) portal,
and after the "official" response given by the portal owners which
stated that in no way user accounts would be at risk,
several other XSS vulns have been found on Libero.it/Infostrada.it
portals (b
rPath Security Advisory: 2007-0061-1
Published: 2007-03-28
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
inkscape=/[EMAIL PROTECTED]:devel//1/0.45.1-0.1-1
References:
http://cve.mitre.org/cgi-bin/c
24 matches
Mail list logo