http://readlist.com Bugtraq Mailing List - New Threads feed en http://readlist.com/readlist-logo-tiny.gif http://readlist.com/ 156 30 http://readlist.com/lists/securityfocus.com/bugtraq/4/23451.html Thu, 15 May 2008 20:56:14 GMT ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-025 May 15, 2008 -- Affected Vendors: Symantec -- Affected Products: Symantec Altiris Deployment Solution -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23450.html Thu, 15 May 2008 20:49:16 GMT ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-024 May 15, 2008 -- Affected Vendors: Symantec -- Affected Products: Symantec Altiris Deployment Solution -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5935. For ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23449.html Thu, 15 May 2008 18:05:52 GMT #!/usr/bin/perl -w use LWP::UserAgent; # scripts : SunShop Version 3.5.1 Remote Blind Sql Injection # scripts site : http://www.turnkeywebtools.com/sunshop/ # Discovered # By : irvian # site : http://irvian.cn # email : irvian.info print "\r\n[+]-----------------------------------------[+]\r\n"; print "[+]Blind SQL injection [+]\r\n"; print "[+]SunShop Version 3.5.1 [+]\r\n"; print "[+]code by irvian [+]\r\n"; ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23446.html Thu, 15 May 2008 15:40:30 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities Aruba Advisory ID: AID-051408 Revision: 1.0 For Public Release on 05/14/2008 +---------------------------------------------------- 1.) TITLE: Mobility Controller TACACS User Authentication ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23445.html Thu, 15 May 2008 15:16:30 GMT Hi Securityfocus, the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. This leads to that the following perl script can be used with the precalculated ssh keys to brute force the ssh login. It works if such a keys is installed on a non-patched debian or any other system manual configured to. On an unpatched system, which doesn't need to be ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23444.html Thu, 15 May 2008 15:01:02 GMT ################################################################################ ####### # # # ...::::Kostenloses Linkmanagementscript SQL Injection Vulnerabilities ::::... # ################################################################################ ####### Virangar Security Team www.virangar.net ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23442.html Wed, 14 May 2008 21:39:26 GMT =========================================================== Ubuntu Security Notice USN-612-6 May 14, 2008 openvpn regression https://launchpad.net/bugs/230193 https://launchpad.net/bugs/230208 http://www.ubuntu.com/usn/usn-612-3 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23441.html Wed, 14 May 2008 21:28:50 GMT - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice.org: Multiple vulnerabilities ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23440.html Wed, 14 May 2008 20:42:23 GMT HTTP User and Desktop Security Communities; With respect to http://www.securityfocus.com/bid/29112 Per http://www.ietf.org/rfc/rfc2616.txt 3.7.1 Canonicalization and Text Defaults [...] The "charset" parameter is used with some media types to define the character set (section 3.4) of the data. When no explicit charset parameter is provided by the sender, media subtypes of the "text" type are defined to ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23438.html Wed, 14 May 2008 20:18:03 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080514-cup Revision 1.0 +--------------------------------------------------------------------- Summary ======= Cisco Unified Presence contains three denial of service (DoS) vulnerabilities that may cause an ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23435.html Wed, 14 May 2008 19:27:41 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Content Switching Module Memory Leak Vulnerability Advisory ID: cisco-sa-20080514-csm http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml Revision 1.0 For Public Release 2008 May 14 1600 UTC (GMT) Summary ======= The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23432.html Wed, 14 May 2008 18:35:27 GMT - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libid3tag: Denial of Service Date: ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23430.html Wed, 14 May 2008 18:15:03 GMT =========================================================== Ubuntu Security Notice USN-612-5 May 14, 2008 openssh update https://launchpad.net/bugs/230029 http://www.ubuntu.com/usn/usn-612-2 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23429.html Wed, 14 May 2008 17:28:33 GMT CALL FOR PAPERS: EC2ND 2008 European Conference on Computer Network Defense (in cooperation with ENISA) December 11th & 12th 2008, Dublin City University, Dublin, Ireland. http://2008.ec2nd.org/ Call for Papers The fourth annual EC2ND conference will take place on December 11th & 12th 2008 in the Faculty of Engineering and Computing at Dublin City University. The theme of the conference is the protection ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23428.html Wed, 14 May 2008 17:25:50 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080514-cucmdos Revision 1.0 +--------------------------------------------------------------------- Summary ======= Cisco Unified Communications Manager, formerly Cisco CallManager, contains multiple ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23427.html Wed, 14 May 2008 16:58:27 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1576-1 security http://www.debian.org/security/ Florian Weimer May 14, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : openssh ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23426.html Wed, 14 May 2008 16:41:19 GMT =========================================================== Ubuntu Security Notice USN-612-4 May 14, 2008 ssl-cert vulnerability CVE-2008-0166, http://www.ubuntu.com/usn/usn-612-1 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23425.html Wed, 14 May 2008 16:33:23 GMT ===================================================================== = Malformed Acrobat Distiller 8 .joboptions = = Vendor Website: = http://www.adobe.com = = Affected Version: = Adobe Acrobat Reader, Acrobat Professional 7, Acrobat Professional 8 = = Vendor Notified - February 2007 = Public Disclosure - May 2008 = http://www.security-assessment.com/files/advisories/2008-05-15_Acrobat_D ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23424.html Wed, 14 May 2008 16:12:44 GMT /******************************************************************************* ************* Please join us to pray for the people still in the huge earthquake in eastern Sichuan, China. ******************************************************************************** *************/ Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability by cocoruder(frankruder_at_hotmail.com) http://ruder.cdut.net ... http://readlist.com/lists/securityfocus.com/bugtraq/4/23423.html Wed, 14 May 2008 15:40:03 GMT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1577-1 security http://www.debian.org/security/ Thijs Kinkhorst May 14, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gforge ...