Next Page >>
toolkit
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: UW IMAP toolkit: Multiple vulnerabilities
Date: November 25, 2009
Bugs: #245425, #252567
ID: 200911-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities were found in SILC Client, Server, and
Toolkit, allowing for Denial of Service and execution of arbitrary
code.
Background
==========
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit:
Multiple stack-based buffer overflows in (1) University of Washington
IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine
2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain
privileges by specifying a long folder extension argument on the
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit:
Multiple stack-based buffer overflows in (1) University of Washington
IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine
2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain
privileges by specifying a long folder extension argument on the
Mandriva Linux Security Advisory MDVSA-2009:234-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : silc-toolkit
Date : September 15, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:234
http://www.mandriva.com/security/
_______________________________________________________________________
Package : silc-toolkit
Date : September 15, 2009
Affected: 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:234-2
http://www.mandriva.com/security/
_______________________________________________________________________
Package : silc-toolkit
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit:
Multiple stack-based buffer overflows in (1) University of Washington
IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine
2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain
privileges by specifying a long folder extension argument on the
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities were discovered in SILC Toolkit and SILC
Client, the worst of which allowing for execution of arbitrary code.
Background
==========
===========================================================
Multiple DOM-Based XSS in Dojo Toolkit SDK
Public Release Date: 3/12/2010
Adam Bixby - Gotham Digital Science (labs@gdssecurity.com)
Affected Software: Dojo Toolkit SDK <= Build 1.4.1
Browser used for testing: IE8 (8.0.7600.16385)
Severity: High
===========================================================
1. Summary
===========================================================
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PHP Toolkit: Data disclosure and Denial of Service
Date: April 17, 2008
Bugs: #209535
ID: 200804-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#!/usr/bin/perl
# Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit
# Discovered & Coded by JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team / Sys - Project / EspSeC
# http://www.spanish-hackers.com
# rgod forever :D
Pass-The-Hash Toolkit v1.2 is available.
What is Pass-The-Hash Toolkit?
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows
Logon Sessions mantained by the LSA (Local Security Authority)
component. These tools allow you to list the current logon sessions
with its corresponding NTLM credentials (e.g.: users remotely logged
in thru Remote Desktop/Terminal Services), and also change in runtime
the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH
Hi!,
I'm releasing Pass-The-Hash Toolkit v1.0, you can find it here:
http://oss.coresecurity.com/projects/pshtoolkit.htm.
source code:
http://oss.coresecurity.com/pshtoolkit/release/1.0/pshtoolkit_src_v1.0.tgz
binaries:
http://oss.coresecurity.com/pshtoolkit/release/1.0/pshtoolkit_v1.0.tgz
> be included in the account.
This is definitely a bug; we should not be sending any passwords to any
log file. I've filed Cisco Bug CSCtb52450 ("Passwords in CS-MARS log
files") against CS-MARS so this problem is taken care of. People can
monitor progress of this bug via the Cisco Bug Toolkit on cisco.com at:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtb52450
Note that since the bug has just been created it has not yet propagated
to the Cisco Bug Toolkit application, so it is not currently visible
Mandriva Linux Security Advisory MDVSA-2008:158
http://www.mandriva.com/security/
_______________________________________________________________________
Package : silc-toolkit
Date : July 30, 2008
Affected: 2008.0
_______________________________________________________________________
Problem Description:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01894850
Version: 1
HPSBUX02464 SSRT090210 rev.1 - HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local
Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Mandriva Linux Security Advisory MDVSA-2009:235
http://www.mandriva.com/security/
_______________________________________________________________________
Package : silc-toolkit
Date : September 15, 2009
Affected: 2009.1
_______________________________________________________________________
Problem Description:
Hello!
We are proud to announce the release of the iPhoneDbg Toolkit, an effort
towards iPhone exploit development.
You can find it here:
http://oss.coresecurity.com/projects/iphonedbg.html.
- What is the iPhoneDbg Toolkit?
SOURCE CODE:
http://oss.coresecurity.com/pshtoolkit/release/1.3/pshtoolkit_v1.3-src.tgz
BINARIES:
http://oss.coresecurity.com/pshtoolkit/release/1.3/pshtoolkit_v1.3.tgz
DOCUMENTATION:
http://oss.coresecurity.com/projects/pshtoolkit.htm
http://oss.coresecurity.com/pshtoolkit/doc/index.html
or a Denial of Service.
Background
==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
Affected packages
=================
>or a Denial of Service.
>
>Background
>==========
>
>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
>(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
>purpose cryptography library.
>
>Affected packages
>=================
>
> Versions Affected: 2.1.0 (previous versions were not checked.)
>
> Info:
> A complete open source seo control panel for managing search engine optimization of your websites.
> Seo Panel is a seo tool kit includes latest hot seo tools to increase and track the performace of your websites.
>
> External Links:
> http://www.seopanel.in/
>
> Credits: MaXe (@InterN0T)
8.2.0. These images will soon be available for download at either
http://www.cisco.com/cgi-bin/tablebuild.pl/asa or
http://www.cisco.com/cgi-bin/tablebuild.pl/asa-interim.
To check on the latest versions with fixed releases please consult the
Cisco Bug Toolkit
http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
.
-----Original Message-----
From: Bugs NotHugs [mailto:bugsnothugs@gmail.com]
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit which could allow local users to gain
privileges by specifying incorrect folder name (CVE-2008-5005).
The updated packages have been patched to prevent this.
_______________________________________________________________________
---------------------
OpenOffice.org (OO.o or OOo), commonly known as OpenOffice, is an
open source software application suite available for a number of
different computer operating systems. It is distributed as free
software and written using its own GUI toolkit. It supports the
ISO/IEC standard OpenDocument Format (ODF) for data interchange
as its default file format, as well as Microsoft Office formats
among others. (Wikipedia)
call with a large numerical argument, which allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted HTML document. (CVE-2009-1698)
WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit
(aka Qt toolkit), and possibly other products does not properly handle
numeric character references, which allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted HTML document. (CVE-2009-1725)
KDE Konqueror allows remote attackers to cause a denial of service
There have been cases and quite a few.
My first thoughts were about Word Perfect. Actually it is just a
representative of a wider class of apps there. The semantics of locking
on Windows and Unix differ and when apps get ported (especially using a
toolkit) people do not account for the advisory nature of Unix flock().
As a result files that were reasonably safe in the original environment
due to OS-level exclusive locking stop being so on the Unix port.
Also, while it is a wonderful position to stand up and proclaim that
application is broken in a commercial environment you quite often have
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-2905
Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to
a buffer overflow in the content processing code, which can lead to the
execution of arbitrary code.
For the stable distribution (lenny), this problem has been fixed in
Versions Affected: 2.1.0 (previous versions were not checked.)
Info:
A complete open source seo control panel for managing search engine optimization of your websites.
Seo Panel is a seo tool kit includes latest hot seo tools to increase and track the performace of your websites.
External Links:
http://www.seopanel.in/
Credits: MaXe (@InterN0T)
Next Page>>
|
