Documents Associated to 17 September

New User, Welcome! Login

17 September

[security bulletin] HPSBST02260 SSRT071471 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-051 to MS07-054

PRODUCT SPECIFIC INFORMATION 

HISTORY 

Version: 1 (rev.1) - 17 September 2007 Initial release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. 

Support: For further information, contact normal HP Services support channel.

[security bulletin] HPSBMA02369 SSRT080115 rev.1 - HP ProLiant Essentials Rapid Deployment Pack (RDP) Running Symantec Altiris Deployment Solution, Remote SQL Injection, Remote or Local Gain Extended Privileges, Local Denial of Service (DoS)

PRODUCT SPECIFIC INFORMATION 
None 

HISTORY 
Version:1 (rev.1) - 17 September 2008 Initial release 

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. 

Support: For further information, contact normal HP Services support channel.

[security bulletin] HPSBMA02568 SSRT100219 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities

PRODUCT SPECIFIC INFORMATION
None

HISTORY
Version:1 (rev.1) - 15 September 2010 Initial Release
Version:2 (rev.2) - 17 September 2010 Corrected CVE number for the XSS to CVE-2010-3012

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

RE: Pidgin IM Client Password Disclosure Vulnerability.

> >       T/A Quark Automation, Quark AudioVisual, Quark IT
> >
> >
> >> -----Original Message-----
> >> From: Aditya K Sood [mailto:0kn0ck@secniche.org]
> >> Sent: Wednesday, 17 September 2008 10:41 PM
> >> To: bugtraq@securityfocus.com
> >> Subject: Pidgin IM Client Password Disclosure Vulnerability.
> >>
> >> Pidgin IM Client Password Disclosure Vulnerability.
> >>

Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API

On Monday 17 September 2007 13:26:36 Roger A. Grimes wrote:

> I'm sorry, we'll have to agree to disagree. I don't see the new attack
> vector here. I, the attacker, have to make you download my malicious
> trojan program, which you install on your computer.

Irrespective of the rest of what Roger says (which I agree with FTR), this bit 
is simply wrong.  Look at the PoC that has been made public:

https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048

Re: Pidgin IM Client Password Disclosure Vulnerability.

>       T/A Quark Automation, Quark AudioVisual, Quark IT
>
>   
>> -----Original Message-----
>> From: Aditya K Sood [mailto:0kn0ck@secniche.org]
>> Sent: Wednesday, 17 September 2008 10:41 PM
>> To: bugtraq@securityfocus.com
>> Subject: Pidgin IM Client Password Disclosure Vulnerability.
>>
>> Pidgin IM Client Password Disclosure Vulnerability.
>>

PR07-31: Unauthenticated SQL Injection, XSS on Login Page and Username Enumeration on DPSnet Case Progress

PR07-31: Unauthenticated SQL Injection, XSS and Username Enumeration on
DPSnet Case Progress

Vulnerabilities Found: 23 May 2007

Vendor Contacted: 10 July 2007, 31 August 2007, 17 September 2007, 12
December 2007

Note: the vendor stopped responding on 31 August 2007

Severity: Critical

[security bulletin] HPSBOV02364 SSRT080078 rev.2 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access

PRODUCT SPECIFIC INFORMATION 
None

HISTORY 
Version:1 (rev.1) - 10 September 2008 Initial release 
Version:2 (rev.2) - 17 September 2008 Updated to include patch kits for VAX v 7.3 and VAX v 6.2. 

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com 
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API

On Monday 17 September 2007 13:26:36 Roger A. Grimes wrote:

> I'm sorry, we'll have to agree to disagree. I don't see the new attack
> vector here. I, the attacker, have to make you download my malicious
> trojan program, which you install on your computer.

Irrespective of the rest of what Roger says (which I agree with FTR), this bit 
is simply wrong.  Look at the PoC that has been made public:

https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048

SharePoint 2007 ASP.NET Source Code Disclosure

Status: Reported

========
TimeLine
========
Discovered: 17 September 2008
Released:  2 October 2008
Approved:  3 October 2008
Reported:  8 October 2008
Fixed:
Published: 23 October 2009

RE: Pidgin IM Client Password Disclosure Vulnerability.

                    Quark Group Pty. Ltd.
      T/A Quark Automation, Quark AudioVisual, Quark IT

> -----Original Message-----
> From: Aditya K Sood [mailto:0kn0ck@secniche.org]
> Sent: Wednesday, 17 September 2008 10:41 PM
> To: bugtraq@securityfocus.com
> Subject: Pidgin IM Client Password Disclosure Vulnerability.
> 
> Pidgin IM Client Password Disclosure Vulnerability.
>

HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS)

Version:1 (rev.1) - 20 September 2006 Initial release 
Version:2 (rev.2) - 29 November 2006 preliminary Firefox v1.5.0.8 available 
Version:3 (rev.3) - 27 February 2007 preliminary Firefox v1.5.0.9 available 
Version:4 (rev.4) - 18 July 2007 preliminary Firefox v2.0.0.4 available 
Version:5 (rev.5) - 22 August 2007 fully tested and localized Firefox v2.0.0.4 available 
Version:6 (rev.6) - 17 September 2007 preliminary Firefox v2.0.0.6 available 
Version:7 (rev.7) - 7 January 2008 preliminary Firefox v2.0.0.11 available 

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. 

Support: For further information, contact normal HP Services support channel.

[security bulletin] HPSBOV02364 SSRT080078 rev.3 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access

None

HISTORY 

Version:1 (rev.1) - 10 September 2008 Initial release 
Version:2 (rev.2) - 17 September 2008 Updated to include patch kits for VAX v 7.3 and VAX v 6.2. 
Version:3 (rev.3) - 24 September 2008 Updated to include patch kit for Alpha v 6.2. 

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

[security bulletin] HPSBUX02153 SSRT061181 rev.6 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS)

Version:1 (rev.1) - 20 September 2006 Initial release 
Version:2 (rev.2) - 29 November 2006 preliminary Firefox v1.5.0.8 available 
Version:3 (rev.3) - 27 February 2007 preliminary Firefox v1.5.0.9 available 
Version:4 (rev.4) - 18 July 2007 preliminary Firefox v2.0.0.4 available 
Version:5 (rev.5) - 22 August 2007 fully tested and localized Firefox v2.0.0.4 available 
Version:6 (rev.6) - 17 September 2007 preliminary Firefox v2.0.0.6 available 

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. 

Support: For further information, contact normal HP Services support channel.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!