mailing.unix.bugtraq Google Group

Sahana 0.6.2.2 Authentication Bypass

2010-03-17T16:54:30Z

Ability to completely disable authentication via stream.php and commented
out module authentication code within it.
[link]<sahana_path>/index.php?mod=ad min&act=acl_enable_acl
Authenticates correctly.
[link]<sahana_path>/stream.php?mod=a dmin&act=acl_enable_acl
Does not.

Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure

2010-03-17T15:33:39Z

============================== ============================== ==========
Secunia Research 17/03/2010
- Quicksilver Forums "mysqldump" Password Disclosure -
============================== ============================== ==========
Table of Contents
Affected Software...................... .............................. 1

Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability

2010-03-17T15:33:56Z

============================== ============================== ==========
Secunia Research 17/03/2010
- Quicksilver Forums Cross-Site Request Forgery Vulnerability -
============================== ============================== ==========
Table of Contents
Affected Software...................... .............................. 1

Secunia Research: Quicksilver Forums Backup Information Disclosure

2010-03-17T15:33:47Z

============================== ============================== ==========
Secunia Research 17/03/2010
- Quicksilver Forums Backup Information Disclosure -
============================== ============================== ==========
Table of Contents
Affected Software...................... .............................. 1

Miranda IM silent TLS failure

2010-03-17T00:31:29Z

Summary:
Under certain conditions, Miranda ignores the "Use TLS" setting in
Jabber accounts and uses an unencrypted connection.
Affected: Miranda IM (instant messenger), at least versions 0.8.16,
0.9.0 alpha build #6 Unicode and SVN rev. 11383
Description:
If the following conditions are met:
- "Use TLS" is enabled in the jabber account settings (Network -

Vulnerabilities in VXDate for Joomla

2010-03-16T21:40:35Z

Hello Bugtraq!
I want to warn you about vulnerabilities in component VXDate for Joomla.
-----------------------------
Advisory: Vulnerabilities in VXDate for Joomla
-----------------------------
URL: [link]
-----------------------------
Timeline:
10.05.2009 - found the vulnerabilities.

[security bulletin] HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code

2010-03-16T20:56:56Z

CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability

2010-03-16T20:48:04Z

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Core Security Technologies - CoreLabs Advisory
[link]
eFront-learning PHP file inclusion vulnerability
1. *Advisory Information*
Title: eFront-learning PHP file inclusion vulnerability
Advisory Id: CORE-2010-0311

CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability

2010-03-16T20:11:40Z

Last Call for Papers, CONFidence 2010, 25-26May, Last Call for Papers

2010-03-16T01:15:28Z

CONFidence 2010 Last Call for Papers
Calling all practitioners in the field of IT security! The 7th edition
of CONFidence 2010, is taking place in Krakow on May 25/26, 2010.
[link]
We invite all to send the proposed topic and abstracts of presentation
till the 25th of March. Please, remember that CONFidence is an open,

[USN-913-1] libpng vulnerabilities

2010-03-16T17:34:50Z

============================== =============================
Ubuntu Security Notice USN-913-1 March 16, 2010
libpng vulnerabilities
CVE-2009-2042, CVE-2010-0205
============================== =============================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS

ZDI-10-030: Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability

2010-03-16T16:20:09Z

ZDI-10-030: Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability
[link]
March 16, 2010
-- Affected Vendors:
Apple
Google
-- Affected Products:
Apple WebKit
Apple Safari
Google Chrome
-- TippingPoint(TM) IPS Customer Protection:

SugarCRM Stored XSS vulnerability

2010-03-16T15:07:25Z

Class: Stored Cross Site Scripting (XSS)
CVE: CVE-2010-0465
Remote: Yes
Local: Yes
Published: Jan 1, 2010 12:01AM
Timeline: Submission to Mitre: January 29, 2010
Vendor Contact: February 18, 2010
Vendor Response: February 19, 2010
Patch Available: March 10, 2010
Credit: Jeromie Jackson CISSP, CISM

rPSA-2010-0018-1 bind bind-utils caching-nameserver

2010-03-16T01:21:11Z

rPath Security Advisory: 2010-0018-1
Published: 2010-03-15
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Rating: Severe
Exposure Level Classification:
Remote User Deterministic Vulnerability
Updated Versions:

[SECURITY] [DSA 2017-1] New pulseaudio packages fix insecure temporary directory

2010-03-15T20:14:44Z

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------ ------------------------------ ------------
Debian Security Advisory DSA-2017-1 secur...@debian.org
[link] Giuseppe Iuculano
March 15, 2010 [link]