Static analysis tool exposition (SATE) 2010 Call for participation

2010-05-27 Thread Vadim Okun
We are preparing the third Static Analysis Tool Exposition (SATE). Briefly, participating tool makers run their tool on a set of programs. Researchers led by NIST analyze the tool reports. The results and experiences are reported at a workshop. The tool reports and analysis are made publicly avail

Re: SQL injection vulnerability in 360 Web Manager

2010-05-27 Thread Packet Storm
Already discovered 01/2008. http://packetstormsecurity.org/0801-exploits/360-sql.txt 904cc6b6c4da1afe893909ea684ba118 360 Web Manager version 3.0 suffers from a SQL injection vulnerability. Authored By mailto:innos_got[at]rambler.ru";>Ded MustD!e On Tue, May 25, 2010 at 07:47:45PM +0200, advis

Re: Ghostscript 8.64 executes random code at startup

2010-05-27 Thread paul . szabo
The ghostscript people in http://bugs.ghostscript.com/show_bug.cgi?id=691339 told me to use the -P- switch, and marked it "RESOLVED WONTFIX". I guess -P- should be the default, as well as -dSAFER should be. The way gv invokes gs is "wrong". For example, using command gv /tmp/any.ps will do:

FreeBSD Security Advisory FreeBSD-SA-10:04.jail

2010-05-27 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-10:04.jail Security Advisory The FreeBSD Project Topic: I

FreeBSD Security Advisory FreeBSD-SA-10:05.opie

2010-05-27 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-10:05.opie Security Advisory The FreeBSD Project Topic: O

FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient

2010-05-27 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-10:06.nfsclient Security Advisory The FreeBSD Project Topic: U

Cross Site URL Hijacking by using Error Object in Mozilla Firefox

2010-05-27 Thread subs
I want to represent a method for performing Cross Site URL Hijacking (which we can call XSUH) by using the error object of Mozilla Firefox. XSUH attack is used to steal another website URL. This URL can show the clientÂ’s situation on that website, and it can contain confidential parameters such

EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30)

2010-05-27 Thread Dragos Ruiu
EUSecWest 2010 MiniCFP (PacSec CFP Follows) One of our presenters was unable to get corporate approval for his travel and cancelled out. As such we are opening up one or two available slots for last minute submissions. We are also offering a referral bounty of a free conference registration for

[ MDVSA-2010:110 ] clamav

2010-05-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:110 http://www.mandriva.com/security/

[ MDVSA-2010:109 ] gtk+2.0

2010-05-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:109 http://www.mandriva.com/security/