Oficialne menim karieru. Zacinam hrat naplno plazovy volejbal!
Na poslednim turnaji jsem jiz vyhral ponozky (ty na volejbal:-) a certifikaty do mistnich restauraci. Takze vidim, ze se bez problemu uzivim. Dost uz s podnikanim a psani o podnikani:-).
[photopress:winner.jpg,full,pp_empty]Jestli mate pocit, ze to tady upada, tak tady vidite ten konkretni duvod.:-) Nejak na me padla letni atmosfera. A jeste se blizi svatek 4th July. To znamena velke pripravy na to jake jidlo grilovat.
Tohle je jen pro zasmani. Kousek ze serialu The Wire. Je to serial o baltimorske policii. A pro me Wire pekne ukazuje rozdily mezi vychodnim a zapadnim pobrezi USA. Vychodni pobrezi je vice agresivnejsi, zapadni vice relaxovanejsi. Rozdily jsou ve stylu mluveni, chovani, v tom jak kdo specha, co povazuje za dulezite… Samozrejme se to neda moc generalizovat, protoze kazdy clovek je jiny. Ale casto se to hodne generalizuje a Americane sami diskutuji jake jsou rozdily. Jednomu memu kamaradovi prijela na vikend maminka co zije na vychodnim pobrezi. Nekde v nocnim klubu se s nimi dal do reci nejaky clovek. Prvni reakce maminky byla: BACK OFF! What do you want? Kamarad rikal: Easy mom… relax. Proste videl jak je hned az prilis agresivni. Volejbal zase hraju s kamaradem z New Yorku, ktery zase jako kazde druhe slovo rekne FUCK.
Kdyz se divam na Wire tak si na neho vzpomenu. Protoze to je uplne to stejne v celem serialu s tim Fuck. Tohle video je extremni ukazka, kdy dva detektitove pracuji na kriminalni scene a behem peti minut nereknou snad nic jineho.
Americke firmy nadsene objevili Twitter a zpusob jak jej vyuzit pro reklamu. Ale nevim jestli je to idealni zpusob jak toto medium uchopit.
Napr. firma Home Depot, ktera prodava ruzne naradi a material pro kutily sleduje na Twitteru zminky o tom, ze nekdo treba opravuje dum, bude malovat, stehovat se, apod.
Takze kdyz takovou zpravu vidi tak hned napisou zpatky neco ve stylu: Nezapomen si koupit barvu v Home Depot.
Podobne to delaji jine firmy. Nekdo treba napise, ze se chysta neco delat.. a hned mu napisi at vyuzije jejich sluzby.
Co si o tom myslite? Mne osobne se to moc nelibi a nevim jestli tohle muze efektivne fungovat. Nebo vam to pripada jako dobry napad jak delat marketing?
Kazdych par dnu me prijde email s informacemi jake jsou nove obevene bezpecnostni problemy. Posila nam to firma, ktera zajistuje bezpecnost placeni kreditnimi kartami. Vetsine veci nerozumim takze to detailne to nectu. Jen me desi ten rozsah. Kolik toho je. Kdyz si predstavim velkou firmu, ve ktere lide pouzivaji stovky ruznych softwaru a systemu, tak to musi byt docela napor to vse uhlidat. To je i duvod, proc treba radeji ani neukladame cisla kreditnich karet. Cim mene citlivych informaci se uklada tim lepe. Ale i tak je to hruza. Porad nejake viry a podobne problemy. Clovek si uz ani nemuze v klidu pripojit na FTP nebo si vymyslet jednoduse zapamatovatelne heslo:-).
SecurityMetrics, Inc.
Security Bulletin
******************************
We gladly provide this Security Bulletin as a free service.
See the bottom of this message to unsubscribe.
******************************
Evaluating external vulnerability assessment solutions? Try our free
server/firewall test at:
http://www.securitymetrics.
******************************
May 08, 2009
2009-05-08: Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities
An attacker can exploit these issues to access sensitive information that may aid in further attacks; other attacks are also possible.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability
Successfully exploiting this issue will allow an attacker to execute arbitrary commands with SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Sorinara Streaming Audio Player ‘.pla’ File Remote Stack Buffer Overflow Vulnerability
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘ptrace_attach()’ Local Privilege Escalation Vulnerability
A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Mozilla Firefox ‘nsTextFrame::ClearTextRun()’ Remote Memory Corruption Vulnerability
Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected browser or crash the browser, denying service to legitimate users.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: HP-UX ‘useradd’ Local Unauthorized Access Vulnerability
HP-UX is prone to a local unauthorized-access vulnerability because the software fails to properly restrict access to certain directories and files.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Pango ‘pango_glyph_string_set_size()
Successful exploits may allow attackers to crash the application that uses the library, denying service to legitimate users. Due to the nature of this issue arbitrary code-execution may be possible, however this has not been confirmed.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: GNU screen Insecure Temporary File Creation Vulnerability
An attacker with local access could disclose sensitive information or perform symbolic-link attacks to overwrite arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Chinagames ActiveX Control ‘CreateChinagames()’ Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: TCPDB ‘user/index.php’ Authentication Bypass Vulnerability
This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Techno Dreams Job Career Package Cookie Authentication Bypass Vulnerability
Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Sorinara Soritong MP3 Player ‘.m3u’ File Remote Stack Buffer Overflow Vulnerability
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: webSPELL ‘getlang.php’ SQL Injection Vulnerability
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: PHP ‘mb_ereg_replace()’ String Evaluation Vulnerability
Exploiting this issue may allow attackers to execute arbitrary PHP commands in the context of the affected application.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Multiple Mini-stream Software Products ‘.asx’ File Remote Stack Buffer Overflow Vulnerability
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: libwmf WMF Image File Remote Code Execution Vulnerability
Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: HP OpenView Network Node Manager ‘ovalarmsrv.exe’ Remote Code Execution Vulnerability
Successfully exploiting this issue allows an attacker to execute arbitrary code with the privileges of the user running the affected application.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Multiple Mini-stream Software Products ‘.ram’ File Remote Stack Buffer Overflow Vulnerability
Attackers may leverage this issue to execute arbitrary code in the context of an affected application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: MPFR Library ‘printf.c’ Multiple Buffer Overflow Vulnerabilities
An attacker can exploit these issues to execute arbitrary code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: libmodplug ‘load_pat.c’ Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: libmodplug ‘s3m’ Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Grabit ‘NZB’ File Remote Stack Buffer Overflow Vulnerability
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: BaoFeng Storm ActiveX Control ‘SetAttributeValue()’ Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: BaoFeng Storm ActiveX Control ‘OnBeforeVideoDownload()’ Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Aladdin eSafe Unspecified Archive File Scan Evasion Vulnerability
Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: acpid Local Denial of Service Vulnerability
Successful exploits will allow attackers to make the daemon unresponsive, resulting in denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Memcached and MemcacheDB ASLR Information Disclosure Weakness
Attackers can exploit this weakness to gain access to sensitive information such as stack, heap, and shared-library memory locations. Information obtained may aid in other attacks.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘exit_notify()’ CAP_KILL Verification Local Privilege Escalation Vulnerability
A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘locks_remove_flock()’ Local Race Condition Vulnerability
A local attacker may exploit this issue to crash the computer or gain elevated privileges.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘ecryptfs_write_metadata_to_
Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel Audit System ‘audit_syscall_entry()’ System Call Security Bypass Vulnerability
A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘NFS filename’ Local Denial of Service Vulnerability
Attackers can exploit this issue to trigger a kernel oops, resulting in a denial-of-service condition.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘sock.c’ SO_BSDCOMPAT Option Information Disclosure Vulnerability
Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘dell_rbu’ Local Denial of Service Vulnerabilities
A local unprivileged attacker can exploit these issues to cause a vulnerable system to crash, resulting in denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel Cloned Process ‘CLONE_PARENT’ Local Origin Validation Weakness
A local attacker may exploit this issue to kill vulnerable processes, resulting in a denial-of-service condition. In some cases, other attacks may also be possible.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘keyctl_join_session_keyring()
Attackers can exploit this issue to cause a crash by exhausting memory resources.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘parisc_show_stack()’ Local Denial of Service Vulnerability
Local attackers can exploit this issue to crash the affected computer, denying service to legitimate users.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘FWD-TSN’ Chunk Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘ib700wdt.c’ Buffer Underflow Vulnerability
A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges or crash the affected computer, denying service to legitimate users.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘/ipc/shm.c’ Local Denial of Service Vulnerability
Attackers can exploit this issue to cause the Linux kernel to lock up, resulting in a denial-of-service condition.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel MIPS Untrusted User Application Local Denial of Service Vulnerability
Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel CIFS Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘drivers/char/agp/generic.c’ Local Information Disclosure Vulnerability
Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Linux Kernel ‘qdisc_run()’ Local Denial of Service Vulnerability
Local attackers can exploit this issue to cause a soft lockup, denying service to legitimate users.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: razorCMS ‘Create New Page’ Form HTML Injection Vulnerability
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: ldns ‘rr.c’ Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in denial-of-service conditions.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Kayako SupportSuite Ticket Notes HTML Injection Vulnerability
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: FreePBX Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker may also exploit these issues to obtain sensitive information.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Verlihub Control Panel Multiple Cross-Site Scripting Vulnerabilities
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: 32bit FTP ‘CWD’ Response Remote Buffer Overflow Vulnerability
An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: Claroline ‘claroline/linker/notfound.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/
May 08, 2009
2009-05-08: URUWorks ViPlay3 ‘.vpl’ File Remote Buffer Overflow Vulnerability
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/
May 07, 2009
2009-05-07: ST-Gallery ‘example.php’ Multiple SQL Injection Vulnerabilities
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/
May 07, 2009
2009-05-07: JobScript ‘changepassword.php’ Remote Password Change Vulnerability
Exploiting this issue may allow the attacker to gain unauthorized access to the affected application. Successful exploits will completely compromise victims’ accounts.
http://www.securityfocus.com/
May 07, 2009
2009-05-07: Simple Customer ‘profile.php’ Remote Password Change Vulnerability
Exploiting this issue may allow the attacker to gain unauthorized access to the affected application. Successful exploits will completely compromise victims’ accounts.
http://www.securityfocus.com/
May 07, 2009
2009-05-07: VideoScript.us YouTube Video Script ‘admin/index.php’ Multiple SQL Injection Vulnerabilities
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/
May 07, 2009
2009-05-07: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.
http://www.securityfocus.com/
May 07, 2009
2009-05-07: Garmin Communicator Plugin ‘npGarmin.dll’ Security Bypass Vulnerability
Attackers may exploit the issue to bypass certain security restrictions and perform unauthorized actions.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Cscope ‘find.c’ Stack Based Buffer Overflow Vulnerability
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: SilverStripe ‘AjaxUniqueTextField’ Parameter SQL Injection Vulnerability
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: ReVou ‘adminlogin/password.php’ Remote Password Change Vulnerability
Exploiting this issue may allow the attacker to gain unauthorized access to the affected application. Successful exploits will completely compromise victims’ accounts.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Multiple F-Secure Products RAR/ZIP Files Scan Evasion Vulnerability
Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: FunGamez Local File Include and SQL Injection Vulnerabilities
An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the webserver process. Information harvested may aid in further attacks.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Flatchat ‘pmscript.php’ Local File Include Vulnerability
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Sun Solaris DTrace Handler IOCTL Request Multiple Local Denial of Service Vulnerabilities
An attacker can exploit these issues to cause a system panic, denying service to legitimate users. Very few technical details are currently available. We will update this BID as more information emerges.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Coccinelle Insecure Temporary File Creation Vulnerability
An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: SMA-DB Cross Site Scripting and Remote File Include Vulnerabilities
An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Attackers may also execute script code in an unsuspecting user’s browser or steal cookie-based authentication credentials; other attacks are also possible.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Sun Solaris ip(7P) Kernel Module Minor Number Allocation Local Denial Of Service Vulnerability
Local attackers may exploit this issue to exhaust certain system resources, denying service to legitimate users.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Drupal HTML Injection and Information Disclosure Vulnerabilities
An attacker may leverage these issues to obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: CUPS and Xpdf JBIG2 Symbol Dictionary Processing Heap Buffer Overflow Vulnerability
Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: CUPS Insufficient ‘Host’ Header Validation Weakness
An attacker can use this weakness to carry out certain attacks such as DNS rebinding against the vulnerable server.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: SunGard Banner Student ‘twbkwbis.P_SecurityQuestion’ HTML Injection Vulnerability
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: MIT Kerberos ‘asn1_decode_generaltime()’ Uninitialized Pointer Memory Corruption Vulnerability
Successful exploits may allow remote attackers to crash Kerberos servers, including the ‘kadmind’ administration daemon. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level or superuser privileges, but this has not been confirmed.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Google Chrome ‘chromehtml:’ Protocol Handler Same Origin Policy Bypass Vulnerability
Google Chrome is prone to a vulnerability that allows attackers to bypass the same-origin policy and obtain sensitive information, including the existence of local files and authentication credentials for web applications. Other attacks are also possible.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Nucleus Kernel Recovery for Mac and Novell Multiple Buffer Overflow Vulnerabilities
Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: VerliAdmin ‘index.php’ Multiple Cross-Site Scripting Vulnerabilities
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: LinkBase Users Menu HTML Injection Vulnerability
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Cisco Subscriber Edge Services Manager Cross Site Scripting And HTML Injection Vulnerabilities
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Almond Classifieds for Joomla! ‘id’ Parameter SQL Injection Vulnerability
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: TemaTres SQL Injection and Cross Site Scripting Vulnerabilities
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Xpdf JBIG2 Processing Multiple Security Vulnerabilities
Exploiting these issues may allow remote attackers to execute arbitrary code in the context of an affected application. Failed exploit attempts will likely cause denial-of-service conditions.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: CUPS ‘_cupsImageReadTIFF()’ Integer Overflow Vulnerability
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: xvfb-run Insecure Magic Cookie Local Information Disclosure Vulnerability
Exploiting this issue may allow a local attacker to obtain sensitive information that may lead to further attacks.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Woodstock 404 Error Page Cross Site Scripting Vulnerability
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: 32bit FTP ‘banner’ Remote Buffer Overflow Vulnerability
An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: GlassFish Enterprise Server Multiple Cross Site Scripting Vulnerabilities
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: IceWarp Merak Mail Server ‘item.php’ Cross-Site Scripting Vulnerability
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: IceWarp Merak Mail Server ‘Forgot Password’ Input Validation Vulnerability
Attackers can exploit this issue via social-engineering techniques to obtain valid users’ login credentials; other attacks may also be possible.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: IceWarp Merak Mail Server ‘cleanHTML()’ Function Cross-Site Scripting Vulnerability
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: IceWarp Merak Mail Server Groupware Component Multiple SQL Injection Vulnerabilities
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Mitel NuPoint Messenger Authentication Credentials Information Disclosure Vulnerability
Exploiting this issue can allow a remote attacker to harvest sensitive information that can aid in further attacks.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: MoinMoin ‘AttachFile.py’ Multiple Cross Site Scripting Vulnerabilities
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Nagios External Commands and Adaptive Commands Unspecified Vulnerability
Very little information is known about this issue. We will update this BID as soon as more information becomes available.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Nagios Web Interface Privilege Escalation Vulnerability
An attacker with low-level privileges may exploit this issue to bypass authorization and cause arbitrary commands to run within the context of the Nagios server. This may aid in further attacks.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.
http://www.securityfocus.com/
May 06, 2009
2009-05-06: Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.
http://www.securityfocus.com/
******************************
This service is provided by SecurityMetrics, Inc.
Tak jsem se konecne podival na porad Den D. Ono to ani neslo se nepodivat, protoze od vcerejska me bombarduji emaily s upozornenimi a pak ty komentare ke clanku (ktery byl uplne o necem jinem).;-)
Kazdopadne se mne porad v televizi libil. Kdo se ze ctenaru prihlasi? Urcite to je dobra prilezitost na propagaci a start noveho podnikani. Skutecne me zajima jestli to nekdo planuje. Kazda prilezitost se musi vyuzit. A po shlednuti poradu si myslim, ze by hodne ctenaru dokazalo prinest lepe pripravene napady nez ty, ktere byly odvysilany.