Get a FREE LinuxLookup login, sign up here.

BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 19 min 33 sec ago

Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome

July 3, 2009 - 12:07pm
Posted by Michal Zalewski on Jul 3

> refresh: 0; URL=javascript:alert(document.cookie)
> The code will work in context of this site.

...which happens to be covered here for half a year or so:
http://code.google.com/p/browsersec/wiki/Part2#Redirection_restrictions

I can't see how this could be a vulnerability per se,...

Categories: Security

[SECURITY] [DSA 1825-1] New nagios2nagios3 packages fix arbitrary code execution

July 3, 2009 - 10:46am
Posted by Nico Golde on Jul 3

--------------------------------------------------------------------------
Debian Security Advisory DSA-1825-1 security_at_debian.org
http://www.debian.org/security/ Nico Golde
July 3rd, 2009 ...

Categories: Security

[oCERT-2009-007] FCKeditor input sanitization errors

July 3, 2009 - 10:45am
Posted by Andrea Barisani on Jul 3

#2009-007 FCKeditor input sanitization errors

Description:

FCKeditor, a web based open source HTML text editor, suffers from a remote
file upload vulnerability.

The input of several connector modules is not properly verified before being
used, this leads to exposure of the contents of...

Categories: Security

One Click Ownage [White Paper and Scripts]

July 3, 2009 - 5:50am
Posted by Ferruh Mavituna on Jul 3

This is a different and more practical approach to get a reverse shell
or code execution in SQL Injections (particularly in MSSQL). The idea
is simple. Getting a reverse shell from an SQL Injection with one HTTP
request without using an extra channel such as TFTP, FTP to upload the
initial...

Categories: Security

Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome

July 2, 2009 - 5:21pm
Posted by MustLive on Jul 3

Hello SecurityFocus!

I want to warn you about Cross-Site Scripting vulnerabilities in Mozilla,
Internet Explorer, Opera and Chrome. I wrote about it at my site this Monday
(29.06.2009) and also informed corresponding browsers developers about this
vulnerability.

At 21.04.2009 there was fixed...

Categories: Security

Multiple Flaws in Axesstel MV 410R

July 2, 2009 - 3:49pm
Posted by filip.palian_at_pjwstk.edu.pl on Jul 2

('binary' encoding is not supported, stored as-is) Multiple Flaws in Axesstel MV 410R

by Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl

Description:
Axesstel MV 410R is a device offered by the two leading polish telecom
operators Orange and Polish Telecom to provide...

Categories: Security

[ GLSA 200907-02 ] ModSecurity: Denial of Service

July 2, 2009 - 2:38pm
Posted by Alex Legler on Jul 02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200907-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
...

Categories: Security

[ GLSA 200907-01 ] libwmf: User-assisted execution of arbitrary code

July 2, 2009 - 2:36pm
Posted by Alex Legler on Jul 02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200907-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
...

Categories: Security

[USN-795-1] Nagios vulnerability

July 2, 2009 - 1:29pm
Posted by Marc Deslauriers on Jul 02

===========================================================
Ubuntu Security Notice USN-795-1 July 02, 2009
nagios2, nagios3 vulnerability
CVE-2009-2288
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu...

Categories: Security

[USN-794-1] Perl vulnerability

July 2, 2009 - 1:27pm
Posted by Marc Deslauriers on Jul 02

===========================================================
Ubuntu Security Notice USN-794-1 July 02, 2009
libcompress-raw-zlib-perl, perl vulnerability
CVE-2009-1391
===========================================================

A security issue affects the following Ubuntu...

Categories: Security

[ISecAuditors Security Advisories] Joomla! lt 1.5.12 Multiple XSS vulnerabilities in HTTP Headers

July 2, 2009 - 10:13am
Posted by ISecAuditors Security Advisories on Jul 02

=============================================
INTERNET SECURITY AUDITORS ALERT 2009-007
- Original release date: June 30th, 2009
- Last revised: July 2nd, 2009
- Discovered by: Juan Galiana Lara
- Severity: 6.8/10 (CVSS Base Score)
=============================================

I....

Categories: Security

[oCERT-2009-009] CamlImages integer overflows

July 2, 2009 - 8:01am
Posted by Andrea Barisani on Jul 2

#2009-009 CamlImages integer overflows

Description:

CamlImages, an open source image processing library, suffers from several
integer overflows which may lead to a potentially exploitable heap overflow and
result in arbitrary code execution.

The vulnerability is triggered by PNG image...

Categories: Security

eAccelerator encoder files backup Vulnerability

July 1, 2009 - 10:19pm
Posted by linuxrootkit2008_at_gmail.com on Jul 2

('binary' encoding is not supported, stored as-is) eAccelerator encoder files backup Vulnerability

1.Description
eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that...

Categories: Security

Sourcefire 3D Sensor and DC, privilege escalation vulnerability

July 1, 2009 - 3:44pm
Posted by c3rb3r_at_videotron.ca on Jul 1

('binary' encoding is not supported, stored as-is) Affected product
----------------

Sourcefire 3D Sensor and Defense Center 4.8.x
 
Tested on 4.8.0.3 and 4.8.0.4, 3D Sensor 2500 & DC 1000
All 4.8.x releases, up to and including 4.8.1, confirmed vulnerable by sourcefire.

...

Categories: Security

[security bulletin] HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code

July 1, 2009 - 12:59pm
Posted by security-alert_at_hp.com on Jul 01

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01756421
Version: 1

HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as...

Categories: Security

[security bulletin] HPSBUX02440 SSRT090106 rev.1 - HP-UX Running NFSONCplus, Local Denial of Service (DoS)

July 1, 2009 - 12:56pm
Posted by security-alert_at_hp.com on Jul 01

SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01793493

Version: 1
HPSBUX02440 SSRT090106 rev.1 - HP-UX Running NFS/ONCplus, Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-06-30
Last...

Categories: Security

Re: XAMPP for Windows (XssPHPinfo) Multiple Vulnerability

July 1, 2009 - 12:08pm
Posted by Vladimir 3APA3A Dubrovin on Jul 1

Dear Cru3l.b0y,

And this "new bug" was reported 4 years ago by Donnie Werner aka
morning_wood http://securityvulns.ru/Idocument295.html

XAMP latest version is 1.7.1.

trolling?

--Tuesday, June 30, 2009, 7:21:52 PM, you wrote to bugtraq_at_securityfocus.com:

Cb> Hi...

Categories: Security

VMSA-2009-0008 ESX Service Console update for krb5

July 1, 2009 - 2:10am
Posted by VMware Security Team on Jul 01

------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2009-0008
Synopsis: ESX Service Console update...

Categories: Security

radware AppWall Web Application Firewall: Source code disclosure on management interface

July 1, 2009 - 1:26am
Posted by Kirchner Michael on Jul 1

Security Advisory
---------------------------------------
Vulnerable Software: radware AppWall Web Application Firewall
Vulnerable Version: Gateway Version 4.6.0.2 / AppWall Version
1.0.2.6
Homepage: http://www.radware.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas...

Categories: Security

phion airlock Web Application Firewall: Remote Denial of Service via Management Interface (unauthenticated) and Command Execution

July 1, 2009 - 1:26am
Posted by Kirchner Michael on Jul 1

Security Advisory
---------------------------------------
Vulnerable Software: phion airlock Web Application Firewall
Vulnerable Version: 4.1-10.41
Homepage: http://www.phion.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas Nothdurfter (Team h4ck!nb3rg)
Impact: Remote...

Categories: Security