[CORELAN-10-006] BOF Vulnerability in S.O.M.P.L. Player

|--| | __ __ | | _ / /___ _ / / _ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / _

[ MDVSA-2010:016 ] wireshark

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:016 http://www.mandriva.com/security/

[ MDVSA-2010:018 ] phpMyAdmin

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:018 http://www.mandriva.com/security/

Re: facebook 'routing flaw'?

There is a fairly in depth discussion of the issue here: http://arstechnica.com/web/news/2010/01/facebook-att-play-fast-and-loose-with-user-authentication.ars Not a routing issue, more of a proxy issue, and not uncommon in mobile carrier networks. Getting security right in a mobile application i

[security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01971741 Version: 1 HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possi

[ MDVSA-2010:017 ] ruby

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:017 http://www.mandriva.com/security/

Re: facebook 'routing flaw'?

Hey, AP Report says it was a 'routing problem'? any idea what they are talking about, do THEY know what they are talking about? Did AT&T mix up the destination ip addresses? did facebook NOT CHECK IP ADDRESS AND COOKIES and disable the session when the ip changed? As far as I can tell no techn

RE: facebook 'routing flaw'?

Just my two cents, but... Many mobile providers are implementing caching on their proxies to make up for the overpopulated state of their networks, and depending on how the session ID is generated and stored (being a mobile device this is a bit more complicated than just setting cookies), it would

Blaze Apps Multiple Vulnerabilities

##www.BugReport.ir # #AmnPardaz Security Research Team # # Title:Blaze Apps Multiple Vulnerabilities # Vendor: http://blazeapps.codeplex.com # Vulnerable Version: 1.4.0.051909 (and prior version

ezContents CMS Multiple Vulnerabilities

##www.BugReport.ir # #AmnPardaz Security Research Team # # Title:ezContents CMS Multiple Vulnerabilities # Vendor: http://ezcontents.org/ # Vulnerable Version: 2.0.3 (and prior versions) # Explo

Kingsoft DuBa Browser Shield ActiveX Remote Exec 0day POC

# Date: 2010.01.17 # Author: superli # Software Link: http://i2d.www.duba.net/i2d/kws3/KWSSetup.exe # Version: 3.0 # Tested on: xpsp3 ie6 # greeting to KingSoft,can you really help users avoiding being hacked ? this vuln almost effect in all of the duba security software. # Code :

Baidu Security Center FireFoxProxy ActiveX Remote Exec 0day POC

# Date: 2010.01.17 # Author: superli # Software Link: http://an.baidu.com/ # Version: 2.0 # Tested on: xpsp3 ie6 # Greeting to all the guys of Baidu Security Center,please dont use Kingsoft sh*t to keep your user safe,you can use 360safe instead.I guess I will join your team and play games t

Xunlei XPPlayer ActiveX Remote Exec 0day POC

# Date: 2010.01.17 # Author: superli # Software Link: http://down.sandai.net/Thunder5.9.14.1246.exe # Version: <= 5.9.14.1246 # Tested on: xpsp3 ie6 # Greeting to Xunlei Security Center guys,your guys still not yet release patch or new version to fix the vunl which also can #attack Xunlei KanKan

[ MDVSA-2010:015 ] roundcubemail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:015 http://www.mandriva.com/security/

Multiple Vulnerabilities in XOOPS 2.4.3 and earlier

= CodeScan Advisory, codescan.com = = Multiple vulnerablities in Xoops 2.4.3 = = Vendor Website: = http://www.xoops.org = = Affected Version: =Xoops 2.4.3 And Earlier = = Researched By =CodeScan Labs = = Public disc

Re: facebook 'routing flaw'?

I logged out of the mobile interface on my AT&T cell phone. "Just in case" What is also frightening / interesting is that facebook seems to link the two sessions so that when I logged out of the phone based session to m.facebook.com, I was also logged out of my web based session as well. Even

Re: All China, All The Time

Steven J. Koch wrote in part: >The following is opinion, not necessarily fact. The same is true here. >While penalties for "hacking" (why can't anyone use the appropriate >term, cracking?), have become more severe in China, unfortunately >those outside the jurisdiction of China's laws have noth

OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability

Product: OpenOffice Tested Vulnerable Versions: 3.1.1 and 3.1.0 Vulnerability: Null Pointer Description: Hellcode Research discovered a null pointer vulnerability in Openoffice for Windows. Opening a malformed ".slk" file with Openoffice, causes a crash on "soffice.bin" PoC: http://tcc.h

JBroFuzz 1.9 Fuzzer Released!

Version 1.9 has been released, http://www.owasp.org/index.php/Category:OWASP_JBroFuzz New Features: Implemented HTTP Proxy support Header panel is now accessible via Tools -> Headers (Ctrl+H) Added UTF-16 to the available fuzzer encodings Added a User-Agent fuzzer (check example 6 in the install