|
Mailing List Archive For bugtraq@securityfocus.com Jul 2007 By Subject- "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
- 0day linux 2.6 /dev/mem rootkit found
- 2007-07-20 - n.runs-SA-2007.016 - NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory
- 2007-07-20 - n.runs-SA-2007.017 - NOD32 Antivirus ASPACK parsing Infinite Loop Advisory
- 2007-07-20 - n.runs-SA-2007.018 - NOD32 Antivirus ASPACK and FSG parsing Divide by Zero Advisory
- [ GLSA 200707-01 ] Firebird: Buffer overflow
- [ GLSA 200707-02 ] OpenOffice.org: Two buffer overflows
- [ GLSA 200707-04 ] GNU C Library: Integer overflow
- [ GLSA 200707-05 ] Webmin, Usermin: Cross-site scripting vulnerabilities
- [ GLSA 200707-06 ] XnView: Stack-based buffer overflow
- [ GLSA 200707-07 ] MPlayer: Multiple buffer overflows
- [ GLSA 200707-08 ] NVClock: Insecure file usage
- [ GLSA 200707-09 ] GIMP: Multiple integer overflows
- [ GLSA 200707-10 ] Festival: Privilege elevation
- [ GLSA 200707-11 ] MIT Kerberos 5: Arbitrary remote code execution
- [ GLSA 200707-12 ] VLC media player: Format string vulnerabilities
- [ GLSA 200707-13 ] Fail2ban: Denial of Service
- [ GLSA 200707-14 ] tcpdump: Integer overflow
- [ MDKSA-2007:138 ] - Updated kdebase packages fix Flash Player interaction vulnerability
- [ MDKSA-2007:139 ] - Updated MySQL packages fix multiple security issues
- [ MDKSA-2007:140 ] - Updated apache packages fix multiple security issues
- [ MDKSA-2007:141 ] - Updated apache packages fix multiple security issues
- [ MDKSA-2007:142 ] - Updated apache packages fix multiple security issues
- [ MDKSA-2007:143 ] - Updated mplayer packages fix buffer overflow remote vulnerabilities
- [ MDKSA-2007:144 ] - Updated OpenOffice.org packages fix RTF import vulnerability
- [ MDKSA-2007:145 ] - Updated wireshark packages fix multiple vulnerabilities
- [ MDKSA-2007:146 ] - Updated perl-Net-DNS packages fix multiple vulnerabilities
- [ MDKSA-2007:147 ] - Updated ImageMagick packages fix multiple vulnerabilities
- [ MDKSA-2007:148 ] - Updated tcpdump packages fix BGP dissector vulnerability
- [ MDKSA-2007:149 ] - Updated BIND9 packages fix vulnerabilities
- [ MDKSA-2007:150 ] - Updated clamav packages fix vulnerabilities
- [ANNOUNCE] RSBAC 1.3.5 released
- [Aria-security] community Cross-site Scripting (XSS)
- [Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.
- [Aria-security] itcms 0.2 Cross-site Scripting (XSS)
- [Aria-Security] Munch Pro Remote Login ByPass
- [Aria-Security] Property Pro Remote Login ByPass
- [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability
- [CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities
- [CAID 35524]: CA eTrust Intrusion Detection caller.dll Vulnerability
- [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities
- [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability
- [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
- [DRUPAL-SA-2007-017] Drupal 5.2 fixes multiple CSRF vulnerabilities
- [DRUPAL-SA-2007-018] Drupal 4.7.7 and 5.2 fix multiple cross site scripting vulnerabilities
- [Eleytt] 12LIPIEC2007 2007-07-12
- [Eleytt] 7LIPIEC2007
- [Full-disclosure] iDefense Security Advisory 07.09.07: WinPcap NPF.SYS Local Privilege Escalation Vulnerability
- [Full-disclosure] Mozilla protocol abuse
- [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue
- [MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution
- [NETRAGARD SECURITY ADVISORY][Maia Mailguard 1.0.2 Arbitrary Code Execution][NETRAGARD-20070628]
- [OpenPKG-SA-2007.022] OpenPKG Security Advisory (bind)
- [Reversemode Advisory] Microsoft DirectX RLE Compressed Targa Image File Heap Overflow
- [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting
- [security bulletin] HPSBGN02234 SSRT071435 rev.1 - HP ServiceGuard for Linux, Local Unauthorized Access, Increase in Privilege
- [security bulletin] HPSBMA02133 SSRT061201 rev.5 - HP Oracle for OpenView (OfO) Critical Patch Update
- [security bulletin] HPSBPI02228 SSRT071404 rev.1 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access
- [security bulletin] HPSBST02243 SSRT071446 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-036 to MS07-041
- [security bulletin] HPSBTU02233 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation
- [security bulletin] HPSBUX02153 SSRT061181 rev.4 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS)
- [SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files
- [SECURITY] [DSA 1327-1] New gsambad packages fix unsafe temporary files
- [SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow
- [SECURITY] [DSA 1329-1] New gfax packages fix privilege escalation
- [SECURITY] [DSA 1330-1] New php5 packages fix arbitrary code execution
- [SECURITY] [DSA 1331-1] New php4 packages fix arbitrary code execution
- [SECURITY] [DSA 1332-1] New vlc packages fix arbitrary code execution
- [SECURITY] [DSA 1333-1] New libcurl3-gnutls packages fix certificate handling
- [SECURITY] [DSA 1334-1] New freetype packages fix arbitary code execution
- [SECURITY] [DSA 1335-1] New gimp packages fix arbitrary code execution
- [SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities
- [SECURITY] [DSA 1337-1] New xulrunner packages fix several vulnerabilities
- [SECURITY] [DSA 1338-1] New iceweasel packages fix several vulnerabilities
- [SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities
- [SECURITY] [DSA 1340-1] New ClamAV packages fix denial of service
- [SECURITY] [DSA 1341-1] New bind9 packages fix DNS cache poisoning
- [SECURITY] [DSA 1342-1] New xfs packages fix privilege escalation
- [SECURITY] [DSA 1342-2] New bind9 packages fix DNS cache poisoning
- [SECURITY] [DSA 1343-1] New file packages fix arbitrary code execution
- [USN-480-1] Gimp vulnerability
- [USN-481-1] ImageMagick vulnerabilities
- [USN-482-1] OpenOffice.org vulnerability
- [USN-483-1] libnet-dns-perl vulnerabilities
- [USN-484-1] curl vulnerability
- [USN-485-1] PHP vulnerabilities
- [USN-486-1] Linux kernel vulnerabilities
- [USN-487-1] Dovecot vulnerability
- [USN-488-1] mod_perl vulnerability
- [USN-489-1] Linux kernel vulnerabilities
- [USN-489-2] redhat-cluster-suite vulnerability
- [USN-490-1] Firefox vulnerabilities
- [USN-491-1] Bind vulnerability
- [USN-492-1] tcpdump vulnerability
- [USN-493-1] Firefox vulnerabilities
- [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
- ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content
- ActiveWeb Contentserver CMS Editor Permission Settings Problem
- ActiveWeb Contentserver CMS Multiple Cross Site Scriptings
- ActiveWeb Contentserver CMS SQL Injection Management Interface
- Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.
- Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.
- Advisory: Arbitrary kernel mode memory writes in AVG
- An Auction Site for Vulnerabilities
- Announce: RFIDIOt PC/SC support - new release 0.1p (July 2007)
- Another You tube clone script vulnerability
- Anti XSS AJAX
- ASA-2007-014: Stack buffer overflow in IAX2 channel driver
- ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver
- ASA-2007-016: Remote crash vulnerability in Skinny channel driver
- ASA-2007-017: Remote Crash Vulnerability in STUN implementation
- ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver
- AsteriDex (Asterisk / Trixbox) remote code execution
- AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights
- AV Arcade 2.1b (view_page.php) Remote SQL Injection
- AzDG Dating Gold v3.0.5 ===> Remote File Include Vulnerability
- BellaBiblio Admin Login Bypass
- BellaBook Admin Bypass/Remote Code Execution
- Berthanas Ziyaretci Defteri v2.0 (tr) Sql
- Bogus BID 24744
- Breakpoint Security: Encase Pre-Advisory
- BTsniff - Bleutooth sniffing under *nix
- Buffer overflow in Areca CLI, version <= 1.72.250
- Buffer overflow in HP Instant Support Driver Check (SDD) ActiveX control
- CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability
- Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack
- Cisco Security Advisory: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities
- Cisco Security Advisory: Cisco Unified Communications Manager Overflow Vulnerabilities
- Cisco Security Advisory: Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software
- Cisco Security Advisory: Wireless ARP Storm Vulnerabilities
- Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940
- CodeIgniter 1.5.3 vulnerabilities
- cPanel 10.9.1 XSS
- Cross Site Scripting in Oliver Library Management System
- CVE-2007-3383: XSS in Tomcat send mail example
- dbdisplay.pl(all versions) Remote execut Vulnerability
- Dependet Forums (Username Field) Remote SQL Injection
- DokuWiki suffers XSS
- Dora Emlak Script v1.0 (tr) Admin Login ByPass
- Dotclear remote script execution
- durito: enVivo!CMS SQL injection
- E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL
- EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference
- EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability
- Elite Forum Full HTML ENject versin 1.0.0.0
- EnjoySAP, SAP GUI for Windows - Stack Overflow
- Entertainment CMS Admin Login Bypass
- eTicket v.1.5.1.1 Multiple Cross-Site Scripting
- eTicket version 1.5.5 XSS Attack Vulnerability
- ExLibris Aleph and Metalib Cross Site Scripting Attack
- Exploit In Internet Explorer
- Firefox wyciwyg:// cache zone bypass
- Flashbb <= 1.1.7 - Remote File Inclusion Exploit
- FLEA-2007-0031-1: xfs
- FLEA-2007-0032-1: flashplayer
- FLEA-2007-0033-1: firefox thunderbird
- FLEA-2007-0034-1:
- FLEA-2007-0035-1: libvorbis
- FLEA-2007-0036-1 vim vim-minimal gvim
- FLEA-2007-0037-1 unrar
- FreeBSD Security Advisory FreeBSD-SA-07:05.libarchive
- FreeDomain.co.nr Clone SQL Injection
- Friend Script 2.5 - 2.4 Remote File İnclude
- Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure
- Fujitsu-Siemens ServerView Remote Command Execution
- Geoblog v1 administrator bypass
- Guidance Software response to iSEC report on EnCase
- Guidance Software response to iSEC report on EnCase (fwd)
- High Risk Flaw in Sun's Java Web Start
- iDefense Security Advisory 07.09.07: IBM AIX libodm ODMPATH Stack Overflow Vulnerability
- iDefense Security Advisory 07.09.07: Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities
- iDefense Security Advisory 07.09.07: WinPcap NPF.SYS Local Privilege Escalation Vulnerability
- iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability
- iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability
- iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_check_sign_pgp_mime() Command Injection Vulnerability
- iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability
- iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability
- iDefense Security Advisory 07.11.07: Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability
- iDefense Security Advisory 07.11.07: Symantec Backup Exec RPC Remote Heap Overflow Vulnerability
- iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability
- iDefense Security Advisory 07.16.07: Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability
- iDefense Security Advisory 07.16.07: Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability
- iDefense Security Advisory 07.17.07: Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities
- iDefense Security Advisory 07.17.07: IBM Tivoli Provisioning Manager for OS Deployment TFTP Blocksize DoS Vulnerability
- iDefense Security Advisory 07.18.07: Ipswitch IMail Server 2006 IMAP Search Command Buffer Overflow Vulnerability
- iDefense Security Advisory 07.18.07: Microsoft DirectX RLE Compressed Targa Image File Heap Overflow
- iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability
- iDefense Security Advisory 07.19.07: Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability
- iDefense Security Advisory 07.23.07: Ipswitch Instant Messaging Server Denial of Service Vulnerability
- iDefense Security Advisory 07.24.07: Computer Associates AntiVirus CHM File Handling DoS Vulnerability
- iDefense Security Advisory 07.24.07: Computer Associates eTrust Intrusion Detection CallCode ActiveX Control Code Execution Vulnerability
- iDefense Security Advisory 07.26.07: IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability
- iDefense Security Advisory 07.26.07: IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities
- iDefense Security Advisory 07.26.07: IBM AIX pioout Arbitrary Library Loading Vulnerability
- Insanely simple blog - Multiple vulnerabilities
- Internet Communication Manager Denial Of Service Attack
- Internet Explorer 0day exploit
- JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation
- LFI On SMF 1.1.3
- Light Blog 4.1 XSS Vulnerability
- London DC4420 meet - tommorrow, Wednesday 18th July
- Low Risk Vulnerability in Active Directory
- Madoa Poll v1.1 Remote File Include Vulnerabilities
- Menu Manager Mod for WebAPP - No Input Filtering
- Message Board / Threaded Discussion Forum SQL INJECTION
- Metyus Forum Portal v1.0
- Minb Is Not A Blog default password directory
- Mitridat Form Processor Pro XSS
- MkPortal - Multiple SQL Injection Vulnerabilities
- Moodle XSS / Liesbeth base CMS sensitive information disclosure
- Mozilla protocol abuse
- MSIE7 entrapment again (+ FF tidbit)
- Multiple .NET Null Byte Injection Vulnerabilities
- Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c
- MySQLDumper vulnerability: Bypassing Apache based access control possible
- n.runs-SA-2007.020 - Norman Antivirus ACE parsing Arbitrary Code Execution Advisory
- n.runs-SA-2007.021 - Norman Antivirus LZH parsing Arbitrary Code Execution Advisory
- n.runs-SA-2007.022 - Norman Antivirus DOC parsing Detection Bypass Advisory
- n.runs-SA-2007.023 - Norman Antivirus DOC parsing Divide by Zero Advisory
- n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory
- No Patch for IE on Windows Mobile/CE
- Official release of SQL Power Injector 1.2
- Opera/Konqueror: data: URL scheme address bar spoofing
- Oracle bad Views - Exploit released
- Oracle Database Buffer overflow vulnerabilities in procedure DBMS_DRS.GET_PROPERTY (DB03)
- Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12)
- Oracle E-Business Suite - Multiple Vulnerabilities
- Oracle Security: Insert / Update / Delete Data via Views
- Oracle Security: SQL Injection in APEX CHECK_DB_PASSWORD
- Oracle Security: SQL Injection in package DBMS_PRVTAQIS
- PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27)
- Pay Roll - Time Sheet and Punch Card Application With Web Interface SQL Injection
- PHMe CMS 0.0.2 local File Include Vulnerabilitiy
- Phorm v3.0 Remote File Upload Vulnerability
- PHP Comet-Server
- PHPBlogger cookie privilege escalation
- phpCoupon Vulnerabilities
- PHPDirector <= 0.21 (SQL injection/Upload SHELL) Remote Vulnerabilities
- PHPSysInfo Index.php Cross Site Scripting
- phpTrafficA <=1.4.3 Admin Login Bypass
- phpVoter v0.6 Remote File Include Vulnerability
- phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability
- Powered By Dvbbs Version 7.1.0 Sp1 By Pass
- PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)
- PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)
- PR07-20: Webroot disclosure on Webbler CMS
- PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses
- printenv.pl(all versions) cross site scripting Vulnerability
- rare bug in Opera 9.20 browser
- Real Estate listing website application template SQL Injection
- Really, really, penultimate, PacSec CFP deadline, Aug 10.
- Redirection Vulnerability in wp-pass.php, WordPress 2.2.1
- Regarding http://www.securityfocus.com/bid/24744
- Remote File Include In Script SoftNews Media Group
- Retrieving "deleted" sms/mms from Nokia phone (Symbian S60)
- RFI ====> vBulletin v3.6.5
- RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability
- rPSA-2007-0137-1 tshark wireshark
- rPSA-2007-0138-1 gimp
- rPSA-2007-0141-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
- rPSA-2007-0142-1 perl-Net-DNS
- rPSA-2007-0143-1 mysql mysql-bench mysql-server
- rPSA-2007-0145-1 lighttpd
- rPSA-2007-0147-1 tcpdump
- rPSA-2007-0148-1 firefox thunderbird
- rPSA-2007-0149-1 bind bind-utils
- rPSA-2007-0150-1 libvorbis
- rPSA-2007-0151-1 gvim vim vim-minimal
- SAP DB Web Server Stack Overflow
- SAP Internet Graphics Server XSS and Heap Overflow
- SAP Message Server Heap Overflow
- sBlog 0.7.3 Beta XSS Vulnerabilitie
- SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS
- Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability
- Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6
- security contact for uat.edu needed
- Security on AIR: Local file access through JavaScript
- security@soqor.net
- Serious holes affecting JFFNMS
- Session fixation in Zen Cart CMS
- Session Riding and multiple XSS in WebCit
- Solaris finger bug
- SolpotCrew Advisory #14 (S4M3K) - PhpHostBot (login_form) Remote File Inclusion
- SQL Injection in saphp "showcat.php"
- SQL Injection in SaphpLesson2.0 "show.php"
- SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability
- Sudo: local root compromise with krb5 enabled
- SUN Java JNLP Overflow
- SuskunDuygular - yelik Sistemi v.1 Sql
- SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface
- SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw
- The dark side of ajax
- The Pwnie Awards!
- TippingPoint detection bypass
- TippingPoint IPS Signature Evasion
- TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability
- TPTI-07-13: Borland Interbase ibserver.exe Create-Request Buffer Overflow Vulnerability
- TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability
- TSLSA-2007-0023 - multi
- Two Unpublished IE Cases
- UseBB 1.0.x Cross Site Scripting (XSS)
- WebEvents: Online Event Registration Template Username Fields SQL INJECTION
- Webspell 4.x Local File Inclusion
- WebStore - Online Store Application Template SQL INJECTION
- Whitepaper - DNS pinning and web proxies
- Whitepaper: Command Injection in XML Digital Signatures and Encryption
- WhitePapers By SecNiche Security
- Wii's Internet Channel affected to Flash FLV parser vulnerability
- WinPcap NPF.SYS Privilege Elevation Vulnerability
- XSS Tunnelling White Paper and Tool
- ZDI-07-039: Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability
- ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability
- ZDI-07-042: Ipswitch IMail Server GetIMailHostEntry Memory Corruption Vulnerability
- ZDI-07-043: Ipswitch IMail IMAP Daemon SUBSCRIBE Stack Overflow Vulnerability
- ZDI-07-044: BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability
- zdnet reports on java vulnerabilities
|
