$0.99 Kindle Books Security Vulnerabilities

Gale EVP_VerifyFinal() Security Bypass Vulnerability

The host is running Gale and is prone to security bypass ...

Gale EVP_VerifyFinal() Security Bypass Vulnerability

Gale is prone to a security bypass...

CentOS 3 / 4 / 5 : squirrelmail (CESA-2009:0010)

An updated squirrelmail package that resolves various security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail...

RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:0010)

An updated squirrelmail package that resolves various security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail...

squirrelmail security update

CentOS Errata and Security Advisory CESA-2009:0010 SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum...

(RHSA-2009:0010) Moderate: squirrelmail security update

SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum browser-compatibility, strong MIME support, address books, and folder.....

[oCERT-2008-016] Multiple OpenSSL signature verification API misuses

2008-016 multiple OpenSSL signature verification API misuse Description: Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue....

OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞

BUGTRAQ ID: 33150 CVE ID：CVE-2008-5077 CNCVE ID：CNCVE-20085077 OpenSSL是一款开放源码的SSL实现，用来实现网络通信的高强度加密。 部分OpenSSL函数验证DSA和ECDSA密钥时不正确验证"EVP_VerifyFinal()"函数返回值，发送特殊构建的签名证书链给客户端，可绕过签名检查。 通过恶意服务器或中间人攻击，可使证书链中的畸形SSL/TLS签名绕过客户端软件检查，导致盲目信任并泄漏敏感信息。 成功利用此漏洞需要服务器使用包含DSA或者ECDSA密钥的证书。 Ubuntu Ubuntu Linux 8.10...

CVE-2009-0047

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...

CVE-2009-0047

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...

Input validation

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...

CVE-2009-0047

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...

Wordpress Page Flip Image Gallery 0.2.2 File Disclosure

...

Wordpress Plugin Page Flip Image Gallery <= 0.2.2 Remote FD Vuln

No description provided by...

WordPress Plugin Page Flip Image Gallery 0.2.2 - Remote File Disclosure

WordPress Plugin Page Flip Image Gallery 0.2.2 - Remote File...

Wordpress Plugin Page Flip Image Gallery <= 0.2.2 Remote FD Vuln

Exploit for unknown platform in category web...

WordPress Plugin Page Flip Image Gallery 0.2.2 - Remote File Disclosure

...

[SECURITY] Fedora 8 Update: chmsee-1.0.0-6.31.fc8

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized....

[SECURITY] Fedora 9 Update: chmsee-1.0.1-7.fc9

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized....

CVE-2008-5643

SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to...

Sql injection

SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to...

CVE-2008-5643

SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to...

CVE-2008-5643

SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to...

Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability

Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause...

CVE-2008-5285

Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite...

Cross site request forgery (csrf)

Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite...

[SECURITY] Fedora 9 Update: chmsee-1.0.1-6.fc9

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized....

[SECURITY] Fedora 8 Update: chmsee-1.0.0-5.31.fc8

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized....

CVE-2008-5005

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail...

Stack overflow

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail...

Unfixed XSS vulnerability at www.christianbook.com

Security researcher Uber0n, has submitted on 11/04/2008 a cross-site-scripting (XSS) vulnerability affecting www.christianbook.com, which at the time of submission ranked 12194 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/04/2008. It is...

Verity's Search 97查看任意文件漏洞

BUGTRAQ: 162 Verity's Search97是Verity公司搜索引擎的Web访问界面。 Verity's Search97的search97.vts脚本未对用户如入做充分过滤，远程攻击者可能利用此漏洞进行目录遍历攻击，导致系统文件泄漏。 软件包中的search97.vts对用户输入的“..”未做充分过滤，攻击者可能通过构造特殊的请求来读取任何服务器上任何Web服务进程有读权限的文件。 2.1 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 暂时停止使用该软件。 厂商补丁： Verity...

CVE-2008-4685

Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an...

Design/Logic Flaw

Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an...

A stack overflow attack and the anti-vulnerability warning-the black bar safety net

Overflow is the security of the network is often a contact to a problem, once there is some kind of overflow vulnerability, the network of thousands of computers will become a Hacker brothers and sisters on the chopping block of meat. Then the overflow in the end is what? This attack method...

mon symbolic links vulnerability

Symbolic links vulnerability on temporary files...

Read Address Book

Added: 10/07/2008 Background This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files (.WAB, .PAB) on the target. Limitations A connection to the target is required to run this tool. Recent versions of Microsoft Outlook no longer store address books...

Read Address Book

Added: 10/07/2008 Background This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files (.WAB, .PAB) on the target. Limitations A connection to the target is required to run this tool. Recent versions of Microsoft Outlook no longer store address books...

Read Address Book

Added: 10/07/2008 Background This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files (.WAB, .PAB) on the target. Limitations A connection to the target is required to run this tool. Recent versions of Microsoft Outlook no longer store address books...

Read Address Book

Added: 10/07/2008 Background This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files (.WAB, .PAB) on the target. Limitations A connection to the target is required to run this tool. Recent versions of Microsoft Outlook no longer store address books...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...

CVE-2008-3827

Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary...

[SECURITY] Fedora 8 Update: chmsee-1.0.0-4.31.fc8

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized....

[SECURITY] Fedora 9 Update: chmsee-1.0.1-5.fc9

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized....

CVE-2008-4085

plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in...

Command injection

plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in...

CVE-2008-3274

The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP...

Default configuration

The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP...

Wireshark 1.0.2存在多个安全漏洞

BUGTRAQ ID: 31009 CNCAN ID：CNCAN-2008090507 Wireshark是一款功能强大的协议分析程序。 Wireshark存在多个安全问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 -NCP解析器存在多个缓冲区溢出和无线循环问题，影响0.9.7到1.0.2版本。 -当解压ZLIB压缩的报文数据时可导致应用程序崩溃，影响0.10.14到1.0.2版本。 -读取Tektronix .rf5文件时可导致应用程序崩溃，影响 0.99.6到1.0.2版本。 Wireshark Wireshark 1.0.2 Wireshark Wireshark...

CVE-2008-3920

Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified...