[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1836-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 16, 2009

[oCERT-2009-011] Android improper camera and audio permission verification

#2009-011 Android improper camera and audio permission verification Description: Android, an open source mobile phone platform, improperly checks permissions when applications access the camera and audio resources. The permissions are Manifest.permission.CAMERA and Manifest.permission.AUDIO_REC

[DSECRG-09-031] Oracle BEA Weblogic 10.3 Linked ХSS vulnerability

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-031 http://dsecrg.com/pages/vul/show.php?id=131 Application:Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs:

[ GLSA 200907-13 ] PulseAudio: Local privilege escalation

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability

Digital Security Research Group [DSecRG] Advisory#DSECRG-09-025 http://dsecrg.com/pages/vul/show.php?id=125 Application:Oracle Secure Enterprise Search (SES) Versions Affected: Oracle Secure Enterprise Search (SES) version 10.1.8.2.0 Vendor URL:

Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....

Hi R, Please read Patch section. There is no effect because Mozilla has patched the bug. RD> On Wed, Jul 15, 2009 at 2:17 PM, Thierry Zoller wrote: >> >> >>                     One bug to rule them all >>       IE5,IE6,

Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)

Hi Vladimir, Please understand that I will not enter that discussion any longer. Please note that : V3D> is not malware/intrusion or malware in the form unused in-the-wild V3D> is not vulnerability. Is false. It is recognised malware, else the test woulnd't make sense - obviousl

Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)

Thierry, I think inability of antivirus / intrusion detection to catch something that is not malware/intrusion or malware in the form unused in-the-wild is not vulnerability. Antivirus (generally) gives no preventive protection. They can add signatures for your PoCs to their database

FRHACK List of Talks and Speakers released

### > FRHACK: By Hackers, For Hackers! http://www.frhack.org ### + + FRHACK 01 + September 7-8, 2009, at the Great Kursaal Hall of Besançon, Fr

Re: Cross-Site Scripting vulnerability in Mozilla, Firefox and Chrome

I agree completely with mz, This is just how FireFox works, the data:text/html,base64;somestringinbase64== is just pure functionality. The redirection parameters is not equal to a vulnerability since as mz said, the attacker could just redirect to his own site. The best way to defend against

Vulnerable DLLs distributed with Terratec HomeCinema 6.3

Once again a sad story of poor software "engineering", missing QA and a TOTALLY unresponsive vendor. The current version 6.3 of Terratec's TV software HomeCinema from 2009-05-05 installs outdated and vulnerable .DLL

[ MDVSA-2009:151 ] dhcp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:151 http://www.mandriva.com/security/