SyScan 10 Call For Papers - The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan is a non-product, non-vendor biased security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia. This year SyScan will be held in Singapore, Hangzhou, Taipei, and Ho Chi Minh City.
68eb33a2445ba33b93eac2cc42cdb7acfe711f408ca104f526921ee43473f4e7Mandriva Linux Security Advisory 2010-050 - This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. This update provides mod_security 2.5.12, which is not vulnerable to these issues.
6c71492b8421e92f36cdd1a6901462fa3a8ad3e3f74fa98728a535318bf3f961FileExecutive suffers from file disclosure, path disclosure, shell upload, edit administrator and add administrator vulnerabilities.
f7f5c67e670e0bc41e64df6c871a2ab737bf4d7b24e41b3491f140ec2ae8ebedgetPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.
e071af8d3f4b8b962bc5edfde3e6bfc33db4acd32f7296e78e2eaedc666e6e16Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.
1b93b33da3d5184c379547d81b5050d83dfdbc328a9e859576be03060c04eeb1Internet Explorer versions 6, 7, and 8 suffer from an arbitrary command execution vulnerability related to winhlp32.exe.
ce8c868aaeb05091eebf05d2264a9ae0a388169e7afa4691506db33a26a57fc9Cybershade CMS version 0.2b suffers from a session hijacking vulnerability.
14ce583c55a5ed3d19649a70c7bb7cfc53a20fa68723a78e98b09df1170420f2Mandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
e08356d2265f5bbf8e1e1d35a2a50499020c9010536a56aec7e5bd3169bf8174Apache Tomcat versions 4.1.0 through 4.1.37 and 5.5.0 through 5.5.26 suffer from a directory traversal vulnerability.
784cbced69953a4b6c5cd8a8fbd15a313f674bac5a000ed841e40acb7d3d8787AtACimo release candidate 2 suffers from a cross site scripting vulnerability.
9e0d4b0f825ff97e709506dd7e253dfbd37e93941c1e3b5aa8b90ea088487271The tcb suite implements the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl) which allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. It is being made available separately from Owl primarily for use by other distributions. This package contains three core components of the tcb suite: pam_tcb (a PAM module which supersedes pam_unix), libnss_tcb (the accompanying NSS module), and libtcb (a library for accessing tcb shadow files, used by the PAM and NSS modules as well as by user management tools on Owl).
df2b3d32c1f1b767d5777589695fb8947404f6068101ad147c6b58305da0c6d1John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.
db897484183389e5e4b83a6bfcd238179e1e2bfce0787f85c9be19d87090dedaThe Comptel InstantLink system suffers from a cross site scripting vulnerability.
126feb8bc88964d80e385256db2a9e47fedd26d6459474ab9eef67d939954928Oracle Siebel Loyalty version 8.1 suffers from a cross site scripting vulnerability.
b93b1060eee35e6f9fe03d649232909f4ab9c419cde427a22ad100637f664028The Joomla JoomlaConnect_be component suffers from a remote SQL injection vulnerabilities.
0744117df97d33fe748fee71acae4b33e346e42d7d78a1c94c36e17b5481e2cdThe openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.
6aa196607cb2dc1c22eca5f8515302ac10958b410b35527ab69880d4c0e8caedMandriva Linux Security Advisory 2010-048 - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue.
5a74a11549ef957148ffdfc501ea49d478176ec6645d67961c660a4b2edc9d22RedBanc.cl, the Chilean ATM / banking network, suffers from a cross site scripting vulnerability.
634b798cea85a277862662913608c23f4803894f0d226dcbc1387293e3d3a86aWebAdministrator Lite CMS suffers from a remote SQL injection vulnerability.
352a68b7739ff5001115d68f541be5dbaeb4c36c5e0370bceb430900ac14d367IBM Websphere Portal Server and Lotus Web Content Management systems suffer from a cross site scripting vulnerability.
91942922c8003dfbfec21b6086688dd980aad8df11ec3cc970f82ef9bcb39a73The DATEV Active-X control suffers from a remote command execution vulnerability.
0813b6e932bdf3408d8be317740e7fb909e9982105a6a146fa81b12ae71dbb2bThis Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
de2b37c604aa41ff0e596df449f770135048223b2482bc370245289a93342173GameScript version 3.0 suffers from a remote SQL injection vulnerability.
45a1c144b40020782b9154b6b792d647ff8a03db40c9fa3cdab3b3b17b0731f1Secunia Security Advisory - A security issue has been reported in Asterisk, which can be exploited by malicious people to potentially bypass certain security restrictions.
cb7691a7d72f6398bfb3a87125f6fd54d3c21d2155d5731fb531f8f43c895e07Secunia Security Advisory - Fedora has issued an update for mingw32-libltdl. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.
2eea838cca988ed6f1dd1bdc96d5ab0a425fa9a7390d7ee9cdf0c0ca3c64653b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed