Next Page >>
message
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security
Appliances and Cisco Catalyst 6500 Series ASA Services Module
Advisory ID: cisco-sa-20120314-asa
Revision 1.0
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It has been discovered that certain e-mail message cause Outlook to
create Windows shortcut-like attachments or messages within Outlook.
Through specially crafted TNEF streams with certain MAPI attachment
properties, it is possible to set a path name to files to be executed.
When a user double clicks on such an attachment or message, Outlook will
proceed to execute the file that is set by the path name value. These
The only good solution I see here is that AOL will lock down Local Zone.
Ready, AIM, fire! http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx
--Aviv.
-----Original Message-----
From: Core Security Technologies Advisories [mailto:advisories@coresecurity.com]
Sent: Tuesday, September 25, 2007 6:21 PM
To: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk; vulnwatch@vulnwatch.org; NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MITKRB5-SA-2008-001
MIT krb5 Security Advisory 2008-001
Original release: 2008-03-18
Last update: 2008-03-18
Topic: double-free, uninitialized data vulnerabilities in krb5kdc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies – CoreLabs Advisory
http://www.coresecurity.com/corelabs
Remote command execution, HTML and JavaScript injection vulnerabilities in
AOL’s Instant Messaging software
*Advisory Information*
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall
Services Module
Advisory ID: cisco-sa-20111005-fwsm
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500
Series Adaptive Security Appliances
Advisory ID: cisco-sa-20100217-asa
Revision 1.0
function send($cmd)
{
global $host, $path;
$message = "POST ".$path."admin/admin_manager.asp?action=add HTTP/1.1\r\n";
$message .= "Accept: */*\r\n";
$message .= "Referer: http://$host$path\r\n";
$message .= "Accept-Language: zh-cn\r\n";
$message .= "Content-Type: application/x-www-form-urlencoded\r\n";
$message .= "User-Agent: securitylab\r\n";
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
fetchmail-SA-2008-01: Crash on large log messages in verbose mode
Topics: Crash in large log messages in verbose mode.
Author: Matthias Andree
Version: 1.2
Announced: 2008-06-17
disable_functions feature can be bypassed by using functions alias. A
list of aliases is given in http://php.net/aliases/. For example,
ini_alter() may be used instead of ini_set() and vice versa.
SecurityVulns issue: http://securityvulns.com/news/PHP/alias-pb.html
Original message (in Russian): http://securityvulns.ru/Sdocument67.html
2. MustLive reports Crossite-Cripting vulnerability in WordPress
MultiUser 1.0
XSS is possible via Username form field.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
---------------------------------------------------------
A] D_NetPlayerEvent global buffer-overflow using PKT_CHAT
---------------------------------------------------------
When a chat message is received, the server takes the incoming packet
and reads who sent it, its destination and naturally the entire message
which is copied in a heap buffer using the remaining size of the packet
for calculating the amount of data to allocate.
Then a strcpy() is performed for copying the message from the packet to
the new allocated buffer called msg.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-011
Security Advisory: MVSA-10-002
Vendor: Google
Service: Google Message Security SaaS (powered by Postini)
- Security Console (Admin Console)
- Message Center Classic
- Message Center II
Vulnerabilities: Multiple Cross-Site Scripting (XSS)
Risk: High
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:321
http://www.mandriva.com/security/
_______________________________________________________________________
$file_name = $_FILES['FILE_UPLOAD']['name'];
//$file_type = $_FILES['FILE_UPLOAD']['type'];
$peso = $_FILES['FILE_UPLOAD']['size'];
if (!$file) {
$message = "{$mklib->lang['b_compfile']}";
$mklib->error_page($message);
exit;
}
//Validate file extension
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20100303-cucm
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR
Software Border Gateway Protocol Vulnerability
Advisory ID: cisco-sa-20090818-bgp
http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml
=======
Product: IceWarp eMail Server / WebMail Server
Affected Versions: 9.4.1
Fixed Versions: 9.4.2
Vulnerability Type: Unauthorised System Message Manipulation
Security Risk: medium
Vendor URL: http://www.icewarp.com/
Vendor Status: notified, fixed version released
Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2009-004
Advisory Status: published
Not Affected:
Unknown
Description:
Affected devices do not perform proper authentication of incoming SMS
Provisioning messages.
The following behaviors have been verified on affected devices:
1.Source of provisioning message is never displayed to user.
complete and accurate information should be made available to the
public.
t
> -----Original Message-----
> From: Craig Wright [mailto:Craig.Wright@bdo.com.au]
> Sent: Wednesday, June 18, 2008 2:43 PM
> To: Thor (Hammer of God); security-basics@lists.securityfocus.com;
> bugtraq@securityfocus.com
> Subject: RE: A more detailed description of the Jura F90
==[ Overview
ICQ (I Seek You) Instant Messenger is one of the most popular internet
chat software. Since 1996, it has grown to a community of over 180
million users. It has features for instant messaging, chat, sending
e-mail, SMS, file transfer, wireless-pager messages, etc.
==[ Vulnerability
INFIGO IS's security team identified a critical remote buffer overflow
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs
Timbuktu Pro Remote Path Traversal and Log Injection
*Advisory Information*
in phpList, through which any Internet user can gain access to possibly
sensitive information. These vulnerabilities:
1) allow anybody who is able to register (or to obtain a "unique user
id") to obtain a copy of any email previously sent by the system,
regardless of the mailing list to which the message belongs (including
hidden or private mailing lists for which normal users can't usually
register).
2) allow anybody to read the subject of every email sent by the system.
Fatal error: Cannot redeclare error_handler() (previously declared in
C:\apache_www\opencart1521\index.php:78) in
C:\apache_www\opencart1521\admin\index.php on line 87
Error message above indicates, that directory traversal was successful
and php script "admin/index.php" was included as expected.
###############################################################################
2. Arbitrary File Upload in "product.php"
fetchmail-SA-2008-01: Crash on large log messages in verbose mode
Topics: Crash in large log messages in verbose mode.
Author: Matthias Andree
Version: 1.0
Announced: 2008-06-17
Type: Dereferencing garbage pointer trigged by outside circumstances
Impact: denial of service possible
Danger: low
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
http://www.bdo.com.au/
The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system.
Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator@bdo.com.au.
BDO Kendalls is a national association of separate partnerships and entities. Liability limited by a scheme approved under Professional Standards Legislation.
-----Original Message-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500
Series Adaptive Security Appliances
Advisory ID: cisco-sa-20100804-asa
http://www.cisco.com/warp/public/707/cisco-sa-20100804-asa.shtml
II. DESCRIPTION
Marc Ruef at scip AG found a denial of service vulnerability in the
current release for Apple MacOS X (version 2.8).
The application provides the possibility of sending messages to other
Skype users via the embedded chat feature.
If a vulnerable client receives a malicious message, the message and all
further messages will be received but not displayed.
you know why!
Systems Administrator
Virginia Tech
-----Original Message-----
From: Larry Seltzer [mailto:larry@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Next Page>>
|
