On Mon, May 10, 2010 at 09:05:16PM +0200, Stefan Esser wrote:
Hi everyone,
10 days ago the Month of PHP Security 2010 has started at
http://www.php-security.org/ and meanwhile 20 vulnerabilities were
posted and also 4 user submitted articles were published. Here is a
short summary of what
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2043-1 secur...@debian.org
http://www.debian.org/security/ Devin Carraway
May 11, 2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It's an interesting question. Drupal has many different privileges that
include the word 'administer' but Drupal security considers a handful of
them to be so powerful that vulnerabilities requiring those privileges
are not considered vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Adobe Director DIRAPI.DLL Invalid Read Vulnerability
1. *Advisory Information*
Title: Adobe Director DIRAPI.DLL Invalid Read Vulnerability
Advisory
ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-081
May 11, 2010
-- CVE ID:
CVE-2010-1550
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView
ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-082
May 11, 2010
-- CVE ID:
CVE-2010-1551
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
--
ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-083
May 11, 2010
-- CVE ID:
CVE-2010-1552
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node
ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-084
May 11, 2010
-- CVE ID:
CVE-2010-1553
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node
ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-085
May 11, 2010
-- CVE ID:
CVE-2010-1554
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node
ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-087
May 11, 2010
-- CVE ID:
CVE-2010-1281
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This
ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-088
May 11, 2010
-- CVE ID:
CVE-2010-1283
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Player
-- TippingPoint(TM) IPS Customer Protection:
ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-089
May 11, 2010
-- CVE ID:
CVE-2010-1292
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Player
-- TippingPoint(TM) IPS Customer Protection:
[*] ekoparty Security Conference and Trainings - 6th edition [*]
www.ekoparty.org
Trainings: September 13-15 / Conference: September 16-17, 2010
Buenos Aires City, Argentina
[*] CALL FOR PAPERS is now Open!
ekoparty is a one-of-a-kind event in South America; an annual security
[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer
overflow vulnerability
Affected Products
=
11.5.2.602 ,11.5.6.606 and prior
CVE ID: CVE-2010-0129
CAL ID: CAL-20100204-2
Vulnerability Details
=
Code Audit Labs http://www.vulnhunt.com
[CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL
Pointer Overwrite
Affected Products
=
11.5.2.602 ,11.5.6.606 and prior
CVE ID: CVE-2010-1280
CAL ID: CAL-20100204-3
Vulnerability Details
=
Code Audit Labs http://www.vulnhunt.com has
iDefense Security Advisory 05.11.10
http://labs.idefense.com/intelligence/vulnerabilities/
May 11, 2010
I. BACKGROUND
Adobe Shockwave Player is a popular Web browser plugin. It is available
for multiple Web browsers and platforms, including Windows, and MacOS.
Shockwave Player enables Web
16 matches
Mail list logo