[Full-disclosure] Multiple Cookies combined to a single Set-Cookie response

Hello everyone, I am facing a trouble setting multiple cookies combined in a single Set-Cookie request. Though following RFC 2109 ( http://www.faqs.org/rfcs/rfc2109) , and MSDN http://msdn.microsoft.com/en-us/library/aa384321(VS.85).aspx both IE and firefox are non

[Full-disclosure] Pixie CMS Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pixie CMS Multiple Vulnerabilities Pixie is a "free, open source web application that will help you quickly create your own website. Many people refer to this type of software as a 'content management system (cms)'" (http://www.getpixie.co.uk). Pixi

[Full-disclosure] LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)

Hi, LittleCMS (or lcms) prior to v1.18beta2 contains various integer overflow, buffer overflow and memory leak errors. At least one of these bugs is a stack-based buffer overflow which is good for arbitrary code execution. I have an exploit that works on my Ubuntu-8.10 laptop but am holding off on

[Full-disclosure] rPSA-2009-0050-1 ghostscript

rPath Security Advisory: 2009-0050-1 Published: 2009-03-19 Products: rPath Linux 2 Rating: Minor Exposure Level Classification: Indirect Deterministic Vulnerability Updated Versions: ghostscript=conary.rpath@rpl:devel/8.61-2.1-1 rPath Issue Tracking System: https://issues.rpat

[Full-disclosure] LAMPSecurity.org Capture the Flag Exercise

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I'm happy to announce that the first installment of LAMPSecurity.org's capture the flag series of exercises is now available. This is a training exercise released in support of the educational mission of LAMPSecurity.org. The exercise is mo

[Full-disclosure] [ GLSA 200903-33 ] FFmpeg: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [USN-741-1] Thunderbird vulnerabilities

=== Ubuntu Security Notice USN-741-1 March 19, 2009 mozilla-thunderbird, thunderbird vulnerabilities CVE-2009-0352, CVE-2009-0772, CVE-2009-0774, CVE-2009-0776 === A security

[Full-disclosure] [ MDVSA-2009:060-1 ] nfs-utils

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:060-1 http://www.mandriva.com/security/

Re: [Full-disclosure] The BBC acquired a botnet, but was it legal? - Update

I hope that the BBC disclosure helps the security problem. On Thu, Mar 19, 2009 at 4:52 PM, Byron Sonne wrote: > > Anyone from Canada/America who laughs at the English for "nanny state" > needs > > to look at their own country...your just a bad. > > Keep on believing that, my friend. Keep on bel

[Full-disclosure] Slides from uCon Security Conference 2009 available online

For those of you who were unable to attend to uCon 2009, speaker presentations from this year's event have been made available online. Materials can be found at http://www.ucon-conference.org/archives.php We also would like to thank all of you who joined us at the conference and helped us make uC

[Full-disclosure] Command Execution in Hannon Hill Cascade Server

Emory University UTS Security Advisory EMORY-2009-01 Topic: Command Execution in Hannon Hill Cascade Server Original release date: March 19, 2009 SUMMARY === Hannon Hill's Cascade Server product is vulnerable to a command execution vulnerability. An attacker with access to an unprivileged a

[Full-disclosure] Secure Computing (McAfee) Smart Filter possible issue

While resolving a tech support issue with McAfee Smart Filter I found the clear text password and user name of the SmartFilter user ID that authenticates to the proxy server in at least one place, the config.txt file in the config subdirectory under c:\Program Files\Secure Computing\Smartfilter Adm

[Full-disclosure] [USN-742-1] JasPer vulnerabilities

=== Ubuntu Security Notice USN-742-1 March 19, 2009 jasper vulnerabilities CVE-2008-3520, CVE-2008-3521, CVE-2008-3522 === A security issue affects the following Ubuntu relea

Re: [Full-disclosure] The BBC acquired a botnet, but was it legal? - Update

> Anyone from Canada/America who laughs at the English for "nanny state" needs > to look at their own country...your just a bad. Keep on believing that, my friend. Keep on believing. Your country will slide into fascism before either one of ours, of that I'm sure. Your excessive, excessive use o

Re: [Full-disclosure] The BBC acquired a botnet, but was it legal? - Update

Anyone from Canada/America who laughs at the English for "nanny state" needs to look at their own country...your just a bad. And, we have hundreds of channels WITH adverts, but we get the BBC advert free, Radio 1 without adverts is brill...radio adverts are WORSE then TV adverts. And you don't HAVE

[Full-disclosure] [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service (DoS)

= INTERNET SECURITY AUDITORS ALERT 2009-001 - Original release date: February 25th, 2009 - Last revised: March 19th, 2009 - Discovered by: Juan Galiana Lara - Severity: 7.8/10 (CVSS Base Scored) = I. VULNERABI