-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:299
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:297
http://www.mandriva.com/security/
Stu,
> The file manager seems to be implicated in many attacks on the forums
> (maybe this is the bit that permits the uploading, and subsequent
> execution, of PHP code), however it is NOT required for a successful
> authentication bypass, for example the email functionality can be
> remotel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:298
http://www.mandriva.com/security/
> See also: http://www.milw0rm.com/exploits/9556
> For those who can't read past three lines: This results in ANONYMOUS
> REMOTE CODE EXECUTION due to the availability of the file manager
> script.
The file manager seems to be implicated in many attacks on the forums
(maybe this is the bit that
===
Ubuntu Security Notice USN-859-1 November 13, 2009
openjdk-6 vulnerabilities
CVE-2009-2409, CVE-2009-3728, CVE-2009-3869, CVE-2009-3871,
CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876,
CVE-2009-3877, CVE-2009-3879, CVE
I can confirm this vulnerability, having done research on it recently.
See also: http://www.milw0rm.com/exploits/9556
For those who can't read past three lines: This results in ANONYMOUS
REMOTE CODE EXECUTION due to the availability of the file manager
script.
> Patch: no official patches know
OS Commerce authentication bypass
Description: Accessing administration pages should give a login
screen to unauthenticated users, however instead, data is displayed,
and administrative commands can be executed. Apparently any page in
the admin directory can be accessed in this way (including
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:296
http://www.mandriva.com/security/
>
>
> --
>
> Message: 5
> Date: Thu, 12 Nov 2009 14:09:12 +
> From: Leandro Malaquias
> Subject: [Full-disclosure] Microsoft Patents the "sudo" command
> To: full-disclosure@lists.grok.org.uk
> Message-ID: <4afc1708.7040...@gmail.com>
> Content-Type: text/plain; cha
Hello, my name is Tomoki Sanaki.
I remade based http://www.milw0rm.com/exploits/9559.
#!/usr/local/bin/perl
# remake based http://www.milw0rm.com/exploits/9559
# this exploited Win2k/JP SP0
# this exploited Win2k/JP SP1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ PHP 5.2.11/5.3.0 Multiple Vulnerabilities ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 01.10.2009
- - Pub.: 13.11.2009
Risk: Medium
Affected Software:
- - PHP 5.3.0
- - PHP 5.2.11
Original URL:
http://securityreason
>
http://www.h-online.com/security/news/item/New-Microsoft-patent-may-put-
Linux-security-components-at-risk-857848.html
>From the article:
> This behaviour is very similar to that of PolicyKit, with the only
> apparent difference being that PolicyKit requires applications to
> request privileg
Todd C. Miller wrote:
> In message <7897.1258048...@turing-police.cc.vt.edu>
> so spake (Valdis.Kletnieks):
>
>
>> Umm... my check of my 'sudo' manpage says that the '-u username' is
>> optional, and I don't remember having to use '-u root', so it's supported
>> doing it without having to
14 matches
Mail list logo