Re: [Full-disclosure] Multiple Kernel Errors Fixed (DIFF attached)

LOL. you missed out a lot of "Written by" and entries where Copyright wasnt written in English...and MODULE calls with author info...but i'm too lazy to make FIXUPs for such trivial changes! ;-) alan ___ Full-Disclosure - We believe in it. Charter: ht

[Full-disclosure] rPSA-2007-0168-1 rsync

rPath Security Advisory: 2007-0168-1 Published: 2007-08-22 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote User Deterministic Unauthorized Access Updated Versions: rsync=/[EMAIL PROTECTED]:devel//1/2.6.8-1.1-1 References: http://cve.mitre.org/cgi-bin/cvename

[Full-disclosure] DOS vulnerability on Thomson SIP phone ST 2030 using the VIA Header

MADYNES Security Advisory : Remote DOS on Thomson SIP phone ST 2030 Date of Discovery 15 February, 2007 Vendor was notified on 1 March 2007 ID: KIPH8 Synopsis After sending a message where the a space is replaced by a slash after the SIP version in the VIA, the device loo

[Full-disclosure] Cenzic Patents & Lawsuit

Dark Reading did an article on the Cenzic lawsuit against SPI & Hewlett-Packard. I did some Google search on this topic and found this interesting piece. Apparently, Spi had filed a suit against Cenzic back in October 2006.. Hmm, that puts an interesting perspective on things. Looks like Spi/HP

[Full-disclosure] [ MDKSA-2007:170 ] - Updated gimp packages fix input data validation issues in several plugins

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:170 http://www.mandriva.com/security/ ___

[Full-disclosure] FLEA-2007-0048-1 xterm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0048-1 Published: 2007-08-23 Rating: Major Updated Versions: xterm=/conary.rpath.com at rpl:devel//1/202-5.3-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.9-2 References: http://cve.mitre.or

Re: [Full-disclosure] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

After reading the paper (haven't tested the implementation itself yet) I can see two possible design flaws, one, that there are more sources of tainted data than g/p/c, and two, that FSMs cannot be used with recursive languages. More detailed thoughts here: http://mordred.niama.net/blog/?p=120 --

[Full-disclosure] rPSA-2007-0169-1 xterm

rPath Security Advisory: 2007-0169-1 Published: 2007-08-23 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local User Deterministic Unauthorized Access Updated Versions: xterm=/[EMAIL PROTECTED]:devel//1/202-5.3-1 References: http://cve.mitre.org/cgi-bin/cvename.cg

[Full-disclosure] Heap overflow in Skulltag 0.97d-beta4.1

### Luigi Auriemma Application: Skulltag http://www.skulltag.com Versions: <= 0.97d-beta4.1 Platforms:Windows and Linux Bug: heap-overflow Exploitation: remote, versus

[Full-disclosure] Multiple denial of service in Soldat 1.4.2/2.6.2

### Luigi Auriemma Application: Soldat http://www.soldat.pl Versions: game <= 1.4.2 and dedicated server <= 2.6.2 Platforms:Windows (Linux not affected) Bugs: A] client

[Full-disclosure] Ipswitch FTP XSS leads to FTP server compromise

VDA Labs Advisory: -- Ipswitch FTP XSS leads to FTP server compromise. The Vendor has been notified, and given the PoC. Synopsis: There is XSS vulnerability when the WS_FTP server logs client FTP commands. All user commands are logged. When the FTP command i

[Full-disclosure] FLEA-2007-0047-1 rsync

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0047-1 Published: 2007-08-23 Rating: Major Updated Versions: rsync=/conary.rpath.com at rpl:devel//1/2.6.8-1.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.9-2 References: http://cve.mitre.o