Next Page >>
bugs
1. *Advisory Information*
Title: Virtual PC Hypervisor Memory Protection Vulnerability
Advisory Id: CORE-2009-0803
Advisory URL:
http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug
Date published: 2010-03-16
Date of last update: 2010-03-16
Vendors contacted: Microsoft
Release mode: User release
*Vulnerability Information*
Class: Design Error
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 25659
CVE Name: CVE-2007-4901
*Vulnerability Description*
AOL Instant Messenger ("AIM", http://www.aim.com) is an instant messaging
--Aviv.
-----Original Message-----
From: Core Security Technologies Advisories [mailto:advisories@coresecurity.com]
Sent: Tuesday, September 25, 2007 6:21 PM
To: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk; vulnwatch@vulnwatch.org; NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Class: External Initialization of Trusted Variables [CWE-454]
Impact: Denial of Service
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: CVE-2009-3840
3. *Vulnerability Description*
Class: Buffer overflow [CWE-119]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 38073
CVE Name: CVE-2010-0243
3. *Vulnerability Description*
Class: [CWE-497], [CWE-501], [CWE-612]
Impact: Security bypass
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 38055, 38056
CVE Name: N/A, CVE-2010-0255
3. *Vulnerability Description*
This advisory describes two vulnerabilities that provide access to any
*Vulnerability Information*
Class: Input Validation
Remotely Exploitable: Yes (client-side)
Locally Exploitable: No
Bugtraq ID: 28629 28632 28633
CVE Name: CVE-2008-1035 CVE-2008-2006 CVE-2008-2007
*Vulnerability Description*
*Vulnerability Information*
Class: Input Validation
Remotely Exploitable: Yes (client-side)
Locally Exploitable: No
Bugtraq ID: 28629 28632 28633
CVE Name: CVE-2008-1035 CVE-2008-2006 CVE-2008-2007
*Vulnerability Description*
2. *Vulnerability Information*
Class: Buffer overflow
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34134, 34135
CVE Name: CVE-2009-0920, CVE-2009-0921
3. *Vulnerability Description*
Hello Bugtraq!
I want to inform readers of the list about new project - Day of bugs in
WordPress 2 - which I'll conduct at 30.07.2010, which I already announced
today at my site.
After conducting of Month of Search Engines Bugs
(http://websecurity.com.ua/category/moseb/) in June 2007 and Month of Bugs
in Captchas (http://websecurity.com.ua/category/mobic/) in November 2007, I
switched to smaller and less time-consuming, but still very interesting
2. *Vulnerability Information*
Class: Client side
Remotely Exploitable: Yes
Locally Exploitable: Yes
Bugtraq ID: 33178
CVE Name: CVE-2009-1140
3. *Vulnerability Description*
*Vulnerability Information*
Class: Heap overflow, integer overflow
Remotely Exploitable: No
Locally Exploitable: No
Bugtraq ID: 28006, 28005
CVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445,
CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
*Vulnerability Description*
Dan Yefimov wrote:
> > > The signal in question in the given situation is issued by PRIVILEGED process,
> > > no matter how.
> >
> > And that's the bug,
>
> The case we consider is of course a bug. But generally privileged process
> sending a signal to another privileged process is of course not a bug.
> Yes, the user toggles a signal that privileged process sends to another one,
> but how many ways to trigger sending a signal to a process spawned by that user
Vendor : http://www.f-prot.com
Security notification reaction rating : Mediocre-Poor
Disclosure Policy :
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html
This bug was reported 4 years ago [1] to FRISK, the response at that
time has been that "a fix for this bug will be included in future
versions of F-Prot Antivirus". Fast forward 4 years the same error
still allow to bypass the engine.
[1] CVE-2005-3499
Class: Cross site scripting [CWE-79], SQL injection [CWE-89]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 37258
CVE Name: CVE-2009-4237, CVE-2009-4238
3. *Vulnerability Description*
Details:
It is possible to overflow buffor on stack in suid program - mtr. Remote attack
is possible too. Bug is in function which print result of runing program with parametr
'split' (-p). Victim must use DNS which we can control or we can try exploit this
vulnerability by spoofing technique. In remote exploiting this vulnerability we must
know which IP user gave to program - or he must simply run program and argument
must be IP adres which we can controle in DNS server.
Application: Toribash
http://www.toribash.com
Versions: <= 2.71
Platforms: Windows, Mac and Linux
Bugs: A] dedicated server format string
B] client commands buffer-overflow
C] client unicode buffer-overflow in the SAY command
D] server crash through uninitialized values
E] line-feed dropping
F] Windows dedicated server hell bell
Class: Buffer overflow [CWE-119]
Impact: Code execution
Remotely Exploitable: Yes (client-side)
Locally Exploitable: No
CVE Name: CVE-2010-1681
Bugtraq ID: 39836
3. *Vulnerability Description*
be affected by these vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only.
The Cisco IronPort Encryption Appliance contains two information
disclosure vulnerabilities that allow remote, unauthenticated access
and a lots of mail appliances.
http://www.clamav.net/about/who-use-clamav/
About this advisory
-------------------
I used to not report bugs publicly where a a vendor - has not reacted
to my notifications - silently patched. I also did not publish
low hanging fruits as they make you look silly in the eyes of your
peers.
Over the past years I had the chance to audit and test a lot of critical
support and request more details.
About this advisory
-------------------
I used to not report bugs publicly where a a vendor - has not reacted
to my notifications - silently patched. I also did not publish
low hanging fruits as they make you look silly in the eyes of your
peers.
Over the past years I had the chace to audit and test a lot of critical
vulnerabilities.
Details
=======
Note: IronPort tracks bugs using an internal system that is not
available to customers. The IronPort bug tracking identifiers are
provided for reference only.
PXE Encryption Privacy Vulnerabilities
+-------------------------------------
It's about reality & priorities.
What we're both saying is:
1. it's a bug and should be fixed in accordance with its impact on real (not imagined) functionality & security
2. unless this provides some exploit that doesn't start with "if I can install software on the host", it's not more than "a bug in a security mechanism"
If someone can demonstrate an actual vulnerability or exploit on the basis of this bug _alone_, then they may have something to make noise about. There are enough real bugs and security vulns in software to deal with. Not every security issue spells doom and damnation or warrants immediate corrective response from the vendor.
Jim
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@isatools.org]
> Sent: Sunday, July 20, 2008 4:33 PM
> To: 'me@abegetchell.com'; 'Thor (Hammer of God)'; 'Johan Beisser'
> Cc: bugtraq@securityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
> It's about reality & priorities.
>
> What we're both saying is:
Summary
=======
Bugzilla is a Web-based bug-tracking system, used by a large number of
software projects.
This advisory covers three security issues that have recently been
fixed in the Bugzilla code:
* Users without the "canconfirm" privilege could enter a bug as NEW
*Vulnerability Information*
Class: Remote Path Traversal
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 28081
CVE Name: CVE-2008-1117, CVE-2008-1118
*Vulnerability Description*
On Thu, 16 Aug 2007, Glynn Clements wrote:
> > The signal in question in the given situation is issued by PRIVILEGED process,
> > no matter how.
>
> And that's the bug,
The case we consider is of course a bug. But generally privileged process
sending a signal to another privileged process is of course not a bug.
Yes, the user toggles a signal that privileged process sends to another one,
but how many ways to trigger sending a signal to a process spawned by that user
Summary
=======
Bugzilla is a Web-based bug-tracking system, used by a large number of
software projects.
This advisory covers two security issues that have recently been
fixed in the Bugzilla code:
+ Some files stored on the web server are not correctly protected
2. *Vulnerability Information*
Class: Denial of service (DoS), Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34150, 34152, 34153
CVE Name: N/A
3. *Vulnerability Description*
hierarchical content store with support for structured and unstructured
content, full text search, versioning, transactions, observation, and
more. See the Jackrabbit web site at http://jackrabbit.apache.org/ for
more information.
Apache Jackrabbit 1.5.2 is a security and bug fix release that fixes
issues reported against previous releases. This release is fully
compatible with the earlier 1.5.0 release.
Most notably, this release fixes the following security vulnerability.
Thanks to the Red Hat Security Response Team for reporting this issue.
Next Page>>
|
