Re: [Full-disclosure] Month of PHP Security - Summary - 1st May - 10th May

On Mon, May 10, 2010 at 09:05:16PM +0200, Stefan Esser wrote: Hi everyone, 10 days ago the Month of PHP Security 2010 has started at http://www.php-security.org/ and meanwhile 20 vulnerabilities were posted and also 4 user submitted articles were published. Here is a short summary of what

[Full-disclosure] [SECURITY] [DSA 2043-1] New vlc packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2043-1 secur...@debian.org http://www.debian.org/security/ Devin Carraway May 11, 2010

Re: [Full-disclosure] Drupal Context Module XSS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's an interesting question. Drupal has many different privileges that include the word 'administer' but Drupal security considers a handful of them to be so powerful that vulnerabilities requiring those privileges are not considered vulnerabilities

[Full-disclosure] [CORE-2010-0405] Adobe Director Invalid Read

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Adobe Director DIRAPI.DLL Invalid Read Vulnerability 1. *Advisory Information* Title: Adobe Director DIRAPI.DLL Invalid Read Vulnerability Advisory

[Full-disclosure] ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability

ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-081 May 11, 2010 -- CVE ID: CVE-2010-1550 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView

[Full-disclosure] ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability

ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-082 May 11, 2010 -- CVE ID: CVE-2010-1551 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Manager --

[Full-disclosure] ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability

ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-083 May 11, 2010 -- CVE ID: CVE-2010-1552 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node

[Full-disclosure] ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability

ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-084 May 11, 2010 -- CVE ID: CVE-2010-1553 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node

[Full-disclosure] ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability

ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-085 May 11, 2010 -- CVE ID: CVE-2010-1554 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node

[Full-disclosure] ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability

ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-087 May 11, 2010 -- CVE ID: CVE-2010-1281 -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- Vulnerability Details: This

[Full-disclosure] ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability

ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-088 May 11, 2010 -- CVE ID: CVE-2010-1283 -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- TippingPoint(TM) IPS Customer Protection:

[Full-disclosure] ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability

ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-089 May 11, 2010 -- CVE ID: CVE-2010-1292 -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- TippingPoint(TM) IPS Customer Protection:

[Full-disclosure] CFP for ekoparty 0x10 is now open! [ Buenos Aires, Argentina ]

[*] ekoparty Security Conference and Trainings - 6th edition [*] www.ekoparty.org Trainings: September 13-15 / Conference: September 16-17, 2010 Buenos Aires City, Argentina [*] CALL FOR PAPERS is now Open! ekoparty is a one-of-a-kind event in South America; an annual security

[Full-disclosure] [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability

[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability Affected Products = 11.5.2.602 ,11.5.6.606 and prior CVE ID: CVE-2010-0129 CAL ID: CAL-20100204-2 Vulnerability Details = Code Audit Labs http://www.vulnhunt.com

[Full-disclosure] [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite

[CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite Affected Products = 11.5.2.602 ,11.5.6.606 and prior CVE ID: CVE-2010-1280 CAL ID: CAL-20100204-3 Vulnerability Details = Code Audit Labs http://www.vulnhunt.com has

[Full-disclosure] iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability

iDefense Security Advisory 05.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ May 11, 2010 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plugin. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web