[Full-disclosure] Black Hat USA Videos available to D/L

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hey Full Disclosure, I am proud to announce that the audio and video from BH USA 2008 is now available for free download, and is in several formats, the first of which is a large, hi-res format with video-sync speaker and presentation: https://www

[Full-disclosure] [USN-750-1] OpenSSL vulnerability

=== Ubuntu Security Notice USN-750-1 March 30, 2009 openssl vulnerability CVE-2009-0590 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.

[Full-disclosure] Zabbix Multiple Frontend CSRF (Password reset & command execution)

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-006 - Zabbix Multiple Frontend CSRF Application: Zabbix 1.6.2 Vendor: Zabbix Vendor website: http://www.zabbix.com Author: Adam Baldwin (adam_bald...@ngenuity-is.com) I. BACKGROUND "ZABBIX is

Re: [Full-disclosure] Funny bugs in Windows Server 2003

You should clarify that the triggers fot these 31337 non-real security bugs are "%n" x 1100 and not "%n%n%n..." x 1100 for the lower intelligence crowd that currently subscribes to this list. FYI: Microsoft's operating system, Windows, has many format overflows in _vsprintf() that result in the BS

[Full-disclosure] DeepSec 2009 - Call for Papers is open

=== DeepSec In-Depth Security Conference 2009 - The Third Call for Papers and Experts The DeepSec organisation is happy to announce the Call for Papers for the next conference in November 2009. The conference will take place at the Imperial Riding School Renaissance Hotel in Vienna, Austria.

[Full-disclosure] Funny bugs in Windows Server 2003

"Cuz they say two thousand zero zero party over - Oops, out of time. So tonight I'm gonna party like it's 1999" sort.exe %n%n%n... x 1100 odbcconf.exe %n%n%n... x 1100 locator.exe %n%n%n... x 1100 ldifde.exe %n%n%n... x 1100 cprofile.exe %n%n%n... x 1100 csvde.exe %n%n%n... x 1100 As

[Full-disclosure] CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == Openswan & Strongswan Security Notification March 30, 2009 Remote DoS Vulnerability in Openswan & Strongswan IPsec CVE-2009-0790 ===

[Full-disclosure] [SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1757-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris March 30, 2009

[Full-disclosure] ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability

ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-015 March 30, 2009 -- CVE ID: CVE-2009-1044 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.0.x -- Vulnerability Details: This vulne

[Full-disclosure] Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 POSITRON SECURITY LLC Security Advisory #2009-000 Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 Author: Joe Testa Da

[Full-disclosure] [ GLSA 200903-41 ] gedit: Untrusted search path

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-41 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1758-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 30, 2009

[Full-disclosure] [USN-749-1] libsndfile vulnerability

=== Ubuntu Security Notice USN-749-1 March 30, 2009 libsndfile vulnerability CVE-2009-0186 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu

[Full-disclosure] [ MDVSA-2009:082 ] krb5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:082 http://www.mandriva.com/security/

[Full-disclosure] Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow

- Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow - Description The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client