SyScan 10 Call For Papers - The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan is a non-product, non-vendor biased security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia. This year SyScan will be held in Singapore, Hangzhou, Taipei, and Ho Chi Minh City.
68eb33a2445ba33b93eac2cc42cdb7acfe711f408ca104f526921ee43473f4e7
Mandriva Linux Security Advisory 2010-050 - This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. This update provides mod_security 2.5.12, which is not vulnerable to these issues.
6c71492b8421e92f36cdd1a6901462fa3a8ad3e3f74fa98728a535318bf3f961
FileExecutive suffers from file disclosure, path disclosure, shell upload, edit administrator and add administrator vulnerabilities.
f7f5c67e670e0bc41e64df6c871a2ab737bf4d7b24e41b3491f140ec2ae8ebed
getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.
e071af8d3f4b8b962bc5edfde3e6bfc33db4acd32f7296e78e2eaedc666e6e16
Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.
1b93b33da3d5184c379547d81b5050d83dfdbc328a9e859576be03060c04eeb1
Internet Explorer versions 6, 7, and 8 suffer from an arbitrary command execution vulnerability related to winhlp32.exe.
ce8c868aaeb05091eebf05d2264a9ae0a388169e7afa4691506db33a26a57fc9
Cybershade CMS version 0.2b suffers from a session hijacking vulnerability.
14ce583c55a5ed3d19649a70c7bb7cfc53a20fa68723a78e98b09df1170420f2
Mandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
e08356d2265f5bbf8e1e1d35a2a50499020c9010536a56aec7e5bd3169bf8174
Apache Tomcat versions 4.1.0 through 4.1.37 and 5.5.0 through 5.5.26 suffer from a directory traversal vulnerability.
784cbced69953a4b6c5cd8a8fbd15a313f674bac5a000ed841e40acb7d3d8787
AtACimo release candidate 2 suffers from a cross site scripting vulnerability.
9e0d4b0f825ff97e709506dd7e253dfbd37e93941c1e3b5aa8b90ea088487271
The tcb suite implements the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl) which allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. It is being made available separately from Owl primarily for use by other distributions. This package contains three core components of the tcb suite: pam_tcb (a PAM module which supersedes pam_unix), libnss_tcb (the accompanying NSS module), and libtcb (a library for accessing tcb shadow files, used by the PAM and NSS modules as well as by user management tools on Owl).
df2b3d32c1f1b767d5777589695fb8947404f6068101ad147c6b58305da0c6d1
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.
db897484183389e5e4b83a6bfcd238179e1e2bfce0787f85c9be19d87090deda
The Comptel InstantLink system suffers from a cross site scripting vulnerability.
126feb8bc88964d80e385256db2a9e47fedd26d6459474ab9eef67d939954928
Oracle Siebel Loyalty version 8.1 suffers from a cross site scripting vulnerability.
b93b1060eee35e6f9fe03d649232909f4ab9c419cde427a22ad100637f664028
The Joomla JoomlaConnect_be component suffers from a remote SQL injection vulnerabilities.
0744117df97d33fe748fee71acae4b33e346e42d7d78a1c94c36e17b5481e2cd
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.
6aa196607cb2dc1c22eca5f8515302ac10958b410b35527ab69880d4c0e8caed
Mandriva Linux Security Advisory 2010-048 - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue.
5a74a11549ef957148ffdfc501ea49d478176ec6645d67961c660a4b2edc9d22
RedBanc.cl, the Chilean ATM / banking network, suffers from a cross site scripting vulnerability.
634b798cea85a277862662913608c23f4803894f0d226dcbc1387293e3d3a86a
WebAdministrator Lite CMS suffers from a remote SQL injection vulnerability.
352a68b7739ff5001115d68f541be5dbaeb4c36c5e0370bceb430900ac14d367
IBM Websphere Portal Server and Lotus Web Content Management systems suffer from a cross site scripting vulnerability.
91942922c8003dfbfec21b6086688dd980aad8df11ec3cc970f82ef9bcb39a73
The DATEV Active-X control suffers from a remote command execution vulnerability.
0813b6e932bdf3408d8be317740e7fb909e9982105a6a146fa81b12ae71dbb2b
This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
de2b37c604aa41ff0e596df449f770135048223b2482bc370245289a93342173
GameScript version 3.0 suffers from a remote SQL injection vulnerability.
45a1c144b40020782b9154b6b792d647ff8a03db40c9fa3cdab3b3b17b0731f1
Secunia Security Advisory - A security issue has been reported in Asterisk, which can be exploited by malicious people to potentially bypass certain security restrictions.
cb7691a7d72f6398bfb3a87125f6fd54d3c21d2155d5731fb531f8f43c895e07
Secunia Security Advisory - Fedora has issued an update for mingw32-libltdl. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.
2eea838cca988ed6f1dd1bdc96d5ab0a425fa9a7390d7ee9cdf0c0ca3c64653b