[Full-disclosure] [SECURITY] [DSA 1410-1] New ruby1.8 packages fix insecure SSL certificate validation

2007-11-25 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1410-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2007

[Full-disclosure] [SECURITY] [DSA 1412-1] New ruby1.9 packages fix insecure SSL certificate validation

2007-11-25 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1412-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2007

[Full-disclosure] [SECURITY] [DSA 1411-1] New libopenssl-ruby packages fix insecure SSL certificate validation

2007-11-25 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1411-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2007

Re: [Full-disclosure] Aurigma ImageUploader 4.1 Multiple stack overflows

2007-11-25 Thread Elazar Broad
I have been in contact with Aurigma and they have fixed the issue. They plan on releasing an update on Monday. I would like to thank Andrew S. and the Aurigma development team for a fast response and a quick turnaround. Elazar ___ Full-Disclosure - W

[Full-disclosure] PHP 5.2.4 mail.force_extra_parameters unsecure

2007-11-25 Thread Maksymilian Arciemowicz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [PHP 5.2.4 mail.force_extra_parameters unsecure ] Author: Maksymilian Arciemowicz (cXIb8O3) SecurityReason Date: - - Written: 06.09.2007 - - Public: 0x.0x.2007 SecurityReason Research SecurityAlert Id: 47 CVE: CVE-2007-3378 SecurityRisk: Medium Aff

[Full-disclosure] [ GLSA 200711-33 ] nss_ldap: Information disclosure

2007-11-25 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] [ GLSA 200711-34 ] CSTeX: Multiple vulnerabilities

2007-11-25 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] XSS with UTF-7 in yahoo.com

2007-11-25 Thread HASEGAWA Yosuke
XSS with UTF-7 in yahoo.com Abstract: XSS with UTF-7 was found in yahoo.com (already fixed). Although charset was specified in HTTP response header, but charset-name was incorrect so XSS occurred. PoC: http://search.yahoo.com/search?p=%2BADw-/title%2BAD4-%2BADw-script%2BAD4-alert(document.cookie

[Full-disclosure] False advertisting and possible click fraud about n3td3v

2007-11-25 Thread worried security
Well everytime I type in "n3td3v" into Google "web" search, a sponsored link appears at the side claiming "Learn more about n3td3v here", however when users click on the URL, it goes to http://security.yahoo.com which in reality has no information about n3td3v there. So many problems araise from t