hi
can anyone recommend any good security and code audit software for
ASP.NETand .NET applications?
thanks
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8h released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8h of our open source
rPath Security Advisory: 2008-0178-1
Published: 2008-05-27
Products:
rPath Linux 1
Rating: Critical
Exposure Level Classification:
Remote System User Deterministic Unauthorized Access
Updated Versions:
[EMAIL PROTECTED]:1/4.3.11-15.17-1
[EMAIL PROTECTED]:1/4.3.11-15.17-1
In regard to the currently active malware campaign exploiting a zero
day vulnerability in Adobe Flash player, the following assessment
provides a detailed analysis of the situation, including malicious
domains to block, detectio rates for the exploit, and the passwords
stealers served on behalf of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1589-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
May 28, 2008
Internetizens,
Many URL authentication and authorization mechanisms make security decisions
based on the HTTP verb in the request. Many of these mechanisms work in a
counter-intuitive way. This fact, in combination with some oddities in the way
that both web and application servers handle
||| Security Advisory AKLINK-SA-2008-006 |||
||| CVE-2007-6521 (CVE candidate)|||
Opera - heap-based buffer overflow
==
Date released: 28.05.2007
Date reported:
|Where the nuts is my people (seed).|
--
Boost your productivity with new office software. Click now!
http://tagline.hushmail.com/fc/Ioyw6h4dJ1J9MwoYm9b0dErhcvBkUGP1qTxTqik7ELIrmfD3aWM1EM/
___
Full-Disclosure - We believe in it.
Charter:
rPath Security Advisory: 2008-0105-1
Published: 2008-05-28
Products:
rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
[EMAIL PROTECTED]:1/2.4.1-2.3-1
rPath Issue Tracking System:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code
Execution Vulnerability
Advisory ID: cisco-sa-20080528-cw
Revision 1.0
For Public Release 2008 May 28 1600 UTC (GMT
On Tue, 27 May 2008, security curmudgeon wrote:
No mention of CVE-2008-1035 in the [CORE] advisory other than the header
CVE name reference. BID seems to have split the three vulnerabilities,
but given two of them the same CVE. CVE does not have descriptions open
yet.
The descriptions are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:107
http://www.mandriva.com/security/
http://www.sowela.edu/elearning.html
... comments?
--
Charles Morris
[EMAIL PROTECTED],
[EMAIL PROTECTED]
Network Security Administrator,
Software Developer
Office of Computing and Communications Services,
CS Systems Group Old Dominion University
http://www.cs.odu.edu/~cmorris
And people wonder why they get pwned all the time...
Charles Morris wrote:
http://www.sowela.edu/elearning.html
... comments?
--
- simon
--
http://www.snosoft.com
___
Full-Disclosure - We believe in it.
Charter:
What's the issue here? I don't see any problem.
Sincerely,
swadabirsiaghi64
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charles
Morris
Sent: Wednesday, May 28, 2008 4:38 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] wow.
My young padawan missed the joke. We still love you.
XOXO,
Arshan
-Original Message-
From: Marcin Wielgoszewski [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 28, 2008 5:06 PM
To: Arshan Dabirsiaghi
Cc: Charles Morris; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure]
Logon to non-ssl site, password is same as username, username
convention is described right on the site...
On Wed, May 28, 2008 at 4:45 PM, Arshan Dabirsiaghi
[EMAIL PROTECTED] wrote:
What's the issue here? I don't see any problem.
Sincerely,
swadabirsiaghi64
-Original Message-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:108
http://www.mandriva.com/security/
With the Debian OpenSSL fallout and my distrust of CAs in general, this
seems like a great time to stuff Firefox full of CRLs. I found this
page -- http://www.geekwisdom.com/dyn/node/189 -- listing a few major
CRL sources, but that seems like it leaves out a bucket of the CAs that
Firefox comes
Marcin my man, go back and re-read the email... specifically his
signature. If you don't get it... well then abandon all hope.
;]
Marcin Wielgoszewski wrote:
Logon to non-ssl site, password is same as username, username
convention is described right on the site...
On Wed, May 28, 2008 at
Hahaha, it didn't click when I was writing the reply -- only right
after I sent the email to the list did I say, o, duh. Funny one
Arshan. :P
On Wed, May 28, 2008 at 10:19 PM, Simon Smith [EMAIL PROTECTED] wrote:
Marcin my man, go back and re-read the email... specifically his signature.
21 matches
Mail list logo