Ubuntu Security Notice USN-151-4 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packages have been rebuilt against the fixed zlib.
1b544a04d39a8e0c1931a5d95ffca15fa1c6e2f736889f0d0e654b9062a98680
Debian Security Advisory DSA 891-1 - Kevin Finisterre discovered a format string vulnerability in gpsdrive, a car navigation system, that can lead to the execution of arbitrary code.
cfb2d7f9a19907864d50b146d625c55805bda8eebbcc550942de5d1644aeac51
Debian Security Advisory DSA 890-1 - Chris Evans discovered several security related problems in libungif4, a shared library for GIF images.
ef55f3f42c15351affdf9711b0fb92d8dee5ae324ceca76f4d6b32741f336ec3
CYBSEC Security Advisory - SAP Web Application Server was found to be vulnerable to JavaScript injection, allowing for Cross-Site Scripting attacks. Three different vectors for script injection where discovered.
69ff31caa178b79091d32c07125e748ce10e868ab1c5444ef1266598fad476cf
CYBSEC Security Advisory - SAP Web Application Server was found to provide a vector to allow Phishing scams against SAP WAS applications.
d679b2ae35b4059539a50600ff1f5c66f96cb13efa0db3a4425d7126af04c170
CYBSEC Security Advisory - The SAP Web Application Server was found to be vulnerable to HTTP Response Splitting in the parameter sap-exiturl.
13d1c2228085b242aab5052eddd24952f976cd70c35959843b192dc2681be431
IP-Array is a linux firewall script written in bash designed for small to mid sized networks. Includes support for traffic shaping and VPN.
209e2c14ef6fe2f8b34dd139b3a4b00b9b631afd4fc8f9cb0da39299c453b8d7
QBrute 1.1 is a MD5 Calculator and Cracker written in Perl.
77e7cea590e475f2b983416cfad9b45edc222209195dd932a19b79ed81d00f4a
Secunia Security Advisory - A vulnerability has been discovered in YaBB, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to an input validation error in the attachment upload handling. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site by attaching a malicious HTML document with a valid file extension (e.g. .gif) in a post. Successful exploitation requires that the attachment is accessed directly in the Microsoft Internet Explorer browser (e.g. by opening an attachment in a post). Some other issues which may be security related have also been reported. The vulnerability has been confirmed in version 2.0. Prior versions may also be affected.
b573d0349d6dc2a34302abbb0f15aef0ef6d3b2b53f3dccbc98443c1ca1baca0
Secunia Security Advisory - SCO has issued an update for lynx. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA17216
767a14402e3c52ebad5b3d37a41694e19bdd7a7e4ac3d8cbdd6c2af008107dd4
Secunia Security Advisory - Debasis Mohanty has discovered a weakness in various ZoneAlarm products, which can be exploited to bypass security features provided by the product. The weakness is caused due to the Program Control feature failing to correctly identify and stop processes that use the Internet Explorer browser to make outgoing connections via the ShowHTMLDialog() API in MSHTML.DLL. This may be exploited by malware to send potentially sensitive information out from an affected system. The weakness has been confirmed in ZoneAlarm Pro 6.0.667 and reported in the following products: * ZoneAlarm Pro 6.0.x * ZoneAlarm Internet Security Suite 6.0.x * ZoneAlarm Anti-Spyware with Firewall 6.1.x * ZoneAlarm Antivirus with Firewall 6.0.x Note: The free version of ZoneAlarm Firewall does not support the Advanced Program Control feature, and hence, does not prevent such bypass techniques. Secunia does not normally regard this kind of security bypass in personal firewalls as a vulnerability. However, Secunia has decided to write about this particular issue because Zone Labs is marketing the product as being able to stop this kind of attack via the Advanced Program Control functionality.
546b56fdbf38ff4279c5de2b1c282c262cb1e34e1788819118f8f5d1061af1b3
Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in various products, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA14631 SA17498 The following products are affected: * United Communications Center (UCC) - S3400 (all versions) * Modular Messaging - Messaging Application Server (MAS) (all versions) * S8100/DefinityOne/IP600 Media Servers (all versions)
223f071dbd25da0773f3b35da7ace966daa599b2ebdff208029d8bddea66aa7d
Secunia Security Advisory - Debian has issued an update for gpsdrive. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. For more information: SA17473
694ae11a4f09b18c976a9882c093366b857c000958b70965740ddda5f7881780
Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Directory Server (ITDS), which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to change, modify and/or delete directory data stored in the IBM Tivoli Directory Server. The vulnerability has been reported in version 5.2.0 and 6.0.0. ITDS is included with the following products: * Tivoli Identity Manager version 4.6 (ITDS version 6.0.0). * Tivoli Access Manager for Business Integration (AMBI) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for e-business (TAM) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for Operating Systems (TAMOS) version 5.1 (ITDS version 5.2.0). * Tivoli Directory Integrator (ITDI) version 5.2 and version 6.0 (ITDS version 5.2.0). * Tivoli Federated Identity Manager version 6.0 (ITDS version 5.2.0).
019446e877cf49593e56b8e865deaee94bc89e2cbdb9da9beaaf060abee7157c
Secunia Security Advisory - Fedora has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. For more information: SA17371
9e48ce27c878454f0f87d5845c8e46dbe5f7eda98a294247898604fc68bba627
Secunia Security Advisory - A vulnerability has been reported in Sylpheed, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the ldif_get_line() function in ldif.c when importing a LDIF file into the address book. This can be exploited to cause a stack-based buffer overflow and may allow arbitrary code execution via a specially crafted LDIF file with more than 2048 characters in a single line. Successful exploitation requires that the user is e.g. tricked into importing a malicious LDIF file.
c2fa508393b41eeeeb99dd4aad0a2c735024f7beb5bab8626d718c5dcbf141ec
Secunia Security Advisory - Debian has issued an update for libungif4. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17436
4e51eb9491b33db43dcce8c28a70508fea1ab90f4005c633e92da98748f9efd7
Secunia Security Advisory - A vulnerability has been reported in VERITAS Cluster Server for UNIX, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error in the SUID root ha command when handling the VCSI18N_LANG environmental variable. This can be exploited by malicious users to gain root privileges on an affected system. The vulnerability has been reported in the following products: * VERITAS Storage Foundation Cluster File System 4.0 for AIX, Linux, and Solaris * VERITAS SANPoint Control Quickstart 3.5 for Solaris * VERITAS Storage Foundation For DB2 1.0 for AIX * VERITAS Storage Foundation For DB2 4.0 for AIX and Solaris * VERITAS Storage Foundation for Oracle 3.0 for AIX * VERITAS Storage Foundation for Oracle 3.5 for Solaris * VERITAS Storage Foundation for Oracle 4.0 for Solaris and AIX * VERITAS Storage Foundation for Oracle Real Application Clusters (RAC) 3.5 for Solaris * VERITAS Storage Foundation for Oracle Real Application Clusters (RAC) 4.0 for AIX, Linux, and Solaris * VERITAS Storage Foundation for Sybase 4.0 for Solaris * VERITAS Storage Foundation for UNIX 2.2 for Linux and VMWare ESX * VERITAS Storage Foundation for UNIX 3.4 for AIX * VERITAS Storage Foundation for UNIX 3.5 for HP-UX and Solaris * VERITAS Storage Foundation for UNIX 4.0 for AIX, Linux and Solaris * VERITAS Cluster Server 2.2 (all versions) for Linux * VERITAS Cluster Server 3.5 (all versions) for Solaris, HP-UX, and AIX * VERITAS Cluster Server 4.0 (all versions) for Solaris, AIX, and Linux
8bf88c418ca8dc98e54f76a74961b034193d9378b022067a4ca4b7cb23f356c1
Secunia Security Advisory - A vulnerability has been reported in VERITAS NetBackup, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error in a shared library used by the vmd (Volume Manager Daemon). This can be exploited to cause a DoS by disrupting the backup process and potentially to execute arbitrary code on an affected system via the vmd daemon. The vulnerability has been reported in NetBackup Enterprise Server Server/Client version 5.0 and 5.1. Note: The vulnerability may also affect other daemons that use the affected shared library.
8c6fea189facbf92da3e0db2f6d4692c02def8739c1133fe73f09c8938ab53b3
Secunia Security Advisory - A vulnerability has been reported in the Linux kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in sysctl.c when handling the un-registration of interfaces in /proc/sys/net/ipv4/conf/. This can potentially be exploited by malicious users to cause a DoS.
5c33866901639023480de21cd090f5d36caec2f733e18e51dbba9951333b41d3
Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error in envd. This can be exploited by malicious users to execute arbitrary code and/or gain escalated privileges. The vulnerability has been reported in HP-UX B.11.00 and B.11.11.
1e8f9353f59658677cd165fd176eddce920e8fe253b57f19dd5f42ba62209875
Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error in remshd on HP-UX systems running in Trusted Mode. This can be exploited to gain unauthorised access to an affected system. The vulnerability has been reported in HP-UX B.11.00, B.11.11, and B.11.23.
5fc2a9277751bdff052c234fc66a3430ae8e555ef318b9f9b255b1e20a9e67c1
Phearless Serbian/Croatian Security Magazine Issue #04 - In this issue: Symbian C++ Reference - Part 1, Symbian OS - Polymorphic MDL, TINY phile about SQL injections, Developing Network Security Tool(s), The Art of Reversing, Open Your Windows (OS), Malloc Demistified - Part 1, Bypass DEP on Heap, Client/Server Systems, Uncommon Tribute to Practical Switching, and Cisco Routers Exposed.
b634f2e77c076277b403bb426d794f0d510f0896671f284697e51fbc7662ab26
Phearless Serbian/Croatian Security Magazine Issue #03 - In this issue: Injecting Malware: Symbian Micro Kernel, Smart EPO Techniques, Debugging Programs On Win32, Nanomites And Misc Stuff, Full Reverse(Target: tElock), Full Reverse(Target: MrStop's Crackme #1), Full Reverse(Target: Inline patching nSPack 2.x), Xtreem Exploiting Steps, Exploiting Non-Exec Stack, Exploiting Stack BOf Over SEH, Security Of Web Pages, How To Stay OUT Of JAIL, Secret Of BSOD, and Recent Computer Networks.
0653aa8d59a2f78b768ce89d9d41080d267b31367784382e3afa5cdfa2cd4f1a
Phearless Serbian/Croatian Security Magazine Issue #02 - In this issue: Symbian OS - Under the Hood, Runtime Decryption and Meta Swap Engine, BlackHand.w32(DeadCode.a/b) Analysys, prc-ko - the 4th Native API virus, NT Startup Methods Exposed, Phearless Challenge #2: Reversme, Full Reverse(Target VCT #1), Full Reverse(Target VCT #2), Full Reverse(Target VCT #3), Writing Linux Shellcode - Basics, Hiding Behind Firewall, Phreaking in Serbia, Cryptology 101, Win Hacks and Tips #2, and Security from iso/osi Reference Model Perspective.
5b695bbfb1af3f17c951a82f36b8ef214aee01652b0531371fbebff525d4532b