[Full-disclosure] [USN-764-1] Firefox and Xulrunner vulnerabilities

=== Ubuntu Security Notice USN-764-1 April 23, 2009 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, C

Re: [Full-disclosure] [Advisories] CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator

Sergio 'shadown' Alvarez wrote: > Hi, > > In the last CORE's advisories I've seen the following credits: > >> 7. *Credits* >> >> This vulnerability was discovered by the SCS team [3] from Core >> Security >> Technologies. > > > Does this "SCS team"'s guy have a name ? > Even in a football mat

Re: [Full-disclosure] Windows Update (re-)installs outdated Flash ActiveX on Windows XP

Dear Stefan Kanthak, As far as I can see, Internet Explorer actually uses flash10b.ocx. Adobe Flash Player 10.0 r22 --Monday, April 20, 2009, 8:17:24 PM, you wrote to bugt...@securityfocus.com: SK> Windows Update (as well as Microsoft Update and the Automatic Update) SK> installs an outdated (an

[Full-disclosure] [ MDVSA-2009:094 ] mysql

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:094 http://www.mandriva.com/security/

Re: [Full-disclosure] THC releases video and tool to create fakeePassports

> Incredibly, last week, after performing a series of security tests on > the passport application process and discovering some failures, the US > GAO still state they don't know much about the fraudulent methods: > http://www.gao.gov/new.items/d09583r.pdf > Ironically, all their fancy methods

[Full-disclosure] [TZO-12-2009] SUN / Oracle JVM Remote code execution

__ SUN/ORACLE JAVA VM Remote code execution __ Release mode: Coordinated. Ref : TZO-122009- SUN Java remote code execution WWW :

[Full-disclosure] SUSE Security Announcement: cups (SUSE-SA:2009:024)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:cups Announcement ID:SUSE-SA:2009:024 Date: W

Re: [Full-disclosure] [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities

Bkis wrote: > Bkis has just found many vulnerabilities in the software, related to the > processing of 010 Editor Binary Template files (“.bt”) and 010 Editor > Script Files (“.1sc”). These vulnerabilities are very dangerous due to the > fact that they allow hackers to execute malicious code on us

[Full-disclosure] [ MDVSA-2009:093 ] mpg123

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:093 http://www.mandriva.com/security/

[Full-disclosure] DirectAdmin < 1.33.4 Local file overwrite & Local root escalation

Subject: DirectAdmin < 1.33.4 Local file overwrite & Local root escalation Author: Anonymous ReleaseID: d8253f15e447935c24ab38a215735931942a77717d7b55d84200d070d1e54d3b Date: 22-04-2009 The issue on http://www.directadmin.com/features.php?id=968 is larger than the wording would indicate. It fixe

Re: [Full-disclosure] CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator

Hi, In the last CORE's advisories I've seen the following credits: > > 7. *Credits* > > This vulnerability was discovered by the SCS team [3] from Core > Security > Technologies. Does this "SCS team"'s guy have a name ? Even in a football match 'the team' wins the match, but the GOALS are m