BugTraq Latest Security Advisories
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 49 min 39 sec ago
ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability
Posted by ZDI Disclosures on Mar 12
ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerabilityhttp://www.zerodayinitiative.com/advisories/ZDI-10-027
March 11, 2010
-- Affected Vendors:
Skype
-- Affected Products:
Skype
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8328.
For further product information on the TippingPoint IPS,...
ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerability
Posted by ZDI Disclosures on Mar 12
ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerabilityhttp://www.zerodayinitiative.com/advisories/ZDI-10-028
March 11, 2010
-- Affected Vendors:
Skype
-- Affected Products:
Skype
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8329.
For further product information on the TippingPoint IPS, visit:...
[SECURITY] [DSA 2012-1] New Linux 2.6.26 packages fix several issues
Posted by dann frazier on Mar 12
----------------------------------------------------------------------Debian Security Advisory DSA-2012-1 security () debian org
http://www.debian.org/security/ dann frazier
March 11, 2010 http://www.debian.org/security/faq
----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service
Problem...
VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability
Posted by VUPEN Security Research on Mar 12
VUPEN Security Research - Apple Safari ColorSync Profile Integer OverflowVulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Safari is a web browser developed by Apple. As of February 2010,
Safari was the fourth most widely used browser, with 4.45% of the
worldwide usage share of web browsers according to Net Application."
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research...
[XSS] I found a xss in phpmyadmin 3.3.0 when we create new database in interface!
Posted by lis cker on Mar 12
there is a xss in phpmyadmin 3.3.0 when we create new database in interface, the "new_db" parameter do not filtercharacters when users enter. attacker can enter malicious code, like "<script>alert(/liscker/);</script>". it also can
be true in post and get. but in post, we can not encode xss code, or , the xss will faild.
For example:
GET:...
[SECURITY] [DSA 2013-1] New egroupware packages fix several vulnerabilities
Posted by Moritz Muehlenhoff on Mar 12
------------------------------------------------------------------------Debian Security Advisory DSA-2013-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
March 11, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------
Package : egroupware
Vulnerability : several
Problem type : remote...
[SECURITY] [DSA 2014-1] New moin packages fix several vulnerabilities
Posted by Giuseppe Iuculano on Mar 12
------------------------------------------------------------------------Debian Security Advisory DSA-2014-1 security () debian org
http://www.debian.org/security/ Giuseppe Iuculano
March 12, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------
Package : moin
Vulnerability : several
Problem type : remote...
iDefense Security Advisory 03.11.10: Multiple Vendor WebKit HTML Element Use After Free Vulnerability
Posted by iDefense Labs on Mar 12
iDefense Security Advisory 03.11.10http://labs.idefense.com/intelligence/vulnerabilities/
Mar 11, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Remote exploitation of a memory corruption vulnerability in WebKit, as
included with...
[USN-911-1] MoinMoin vulnerabilities
Posted by Jamie Strandboge on Mar 12
===========================================================Ubuntu Security Notice USN-911-1 March 11, 2010
moin vulnerabilities
CVE-2010-0668, CVE-2010-0669, CVE-2010-0717
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu,...
[ MDVSA-2010:061 ] ncpfs
Posted by security on Mar 12
_______________________________________________________________________Mandriva Linux Security Advisory MDVSA-2010:061
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ncpfs
Date : March 11, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0...
Multiple vulnerabilities in SUPERAntiSpyware and Super Ad Blocker
Posted by Luka Milkovic on Mar 11
Title: Multiple vulnerabilities inSUPERAntiSpyware and Super Ad Blocker
Date of Discovery: 2 Feb 2010
Contact Date: 4 Feb.2010
Release Date: 10 Mar 2010
Author: Luka Milkovic
Mail: milkovic.luka at gmail.com
Software Link: SUPERAntiSpyware -
http://www.superantispyware.com/index.html...
[SECURITY] [DSA 2011-1] New dpkg packages fix path traversal
Posted by Nico Golde on Mar 11
--------------------------------------------------------------------------Debian Security Advisory DSA-2011-1 security () debian org
http://www.debian.org/security/ Nico Golde
March 10th, 2010 http://www.debian.org/security/faq
--------------------------------------------------------------------------
Package : dpkg
Vulnerability : path traversal
Problem type :...
[ MDVSA-2010:060 ] squid
Posted by security on Mar 11
_______________________________________________________________________Mandriva Linux Security Advisory MDVSA-2010:060
http://www.mandriva.com/security/
_______________________________________________________________________
Package : squid
Date : March 10, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0...
Skype URI Handler Input Validation
Posted by Paul Craig on Mar 11
( , ) (,. `.' ) ('. ',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_='`"``=.
presents..
Skype URI Handler Input Validation...
Vulnerabilities in Abton
Posted by MustLive on Mar 11
Hello Bugtraq!I want to warn you about vulnerabilities in Abton. It's commercial Ukrainian
CMS.
-----------------------------
Advisory: Vulnerabilities in Abton
-----------------------------
URL: http://websecurity.com.ua/2886/
-----------------------------
Timeline:
31.03.2008 - found the vulnerabilities.
16.02.2009 - announced at my site.
17.02.2009 - informed developers.
24.11.2009 - disclosed at my site.
-----------------------------...
[USN-909-1] dpkg vulnerability
Posted by Kees Cook on Mar 11
===========================================================Ubuntu Security Notice USN-909-1 March 11, 2010
dpkg vulnerability
CVE-2010-0396
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can...
Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability
Posted by lament on Mar 10
=========================================Yaniv Miron aka "Lament" Advisory March 7, 2010
Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability
=========================================
=====================
I. BACKGROUND
=====================
Based on the companys technical expertise and a decade of hands-on experience
in the telecom industry, Friendlys solution is a ROBUST, SCALABLE, SECURED,
TELCO...
CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio
Posted by Jakob Lell on Mar 10
I. BACKGROUNDGNU Tar and GNU Cpio are popular programs for managing archive
files. Both programs are included in many linux distributions. GNU Tar
is commonly used for exchanging source code archives.
Both programs include a client implementation for the remote mag tape
protocol (rmt). This protocol allows accessing a tape device attached
to a remote system via a rsh/ssh. It can also be used to
extract/create archive files on another system...
[SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities
Posted by dann frazier on Mar 10
------------------------------------------------------------------------Debian Security Advisory DSA-2010 security () debian org
http://www.debian.org/security/ Dann Frazier
March 10, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------
Package : kvm
Vulnerability : privilege escalation/denial of service
Problem type...
[SECURITY] [DSA 2009-1] New tdiary packages fix cross-site scripting
Posted by Steffen Joeris on Mar 10
------------------------------------------------------------------------Debian Security Advisory DSA-2009-1 security () debian org
http://www.debian.org/security/ Steffen Joeris
March 09, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------
Package : tdiary
Vulnerability : insufficient input sanitising
Problem type...
