[Full-disclosure] rPSA-2009-0091-1 cyrus-sasl cyrus-sasl-server

rPath Security Advisory: 2009-0091-1 Published: 2009-05-27 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Critical Exposure Level Classification: Remote Root Deterministic Unauthorized Access

[Full-disclosure] rPSA-2009-0092-1 ntp ntp-utils

rPath Security Advisory: 2009-0092-1 Published: 2009-05-27 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Remote Root Deterministic Unauthorized Access Updated

[Full-disclosure] rPSA-2009-0095-1 tshark wireshark

rPath Security Advisory: 2009-0095-1 Published: 2009-05-27 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: tshark=conary.rpath@rpl:1/1.0.8-0.1-1 wireshark=conary.rpath@rpl:1/1.0.8-0.1-1 rPath

[Full-disclosure] ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability

ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-021 May 13, 2009 -- CVE ID: CVE-2009-0010 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint

Re: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)

Sure, you say that now, but wait until I maliciously entice you to click on my BROWSER-HANGING SVG OF DEATH!!! Chris Evans wrote: On Wed, May 27, 2009 at 12:03 PM, Thierry Zoller thie...@zoller.lu mailto:thie...@zoller.lu wrote: Hi Michal, Yep, positive, welcome to the world of

[Full-disclosure] Survey: MIME/Content-Type-Sniffing Issues in Image Uploads in Forum Scripts

Survey: MIME/Content-Type-Sniffing Issues in Image Uploads in Forum Scripts Author: Jacques Copeau Abstract Internet Explorer, especially versions 7 and 6, can be tricked to treat images as html, opening XSS vulnerabilities in software that

Re: [Full-disclosure] [TZO-27-2009] Firefox Denial of Service (Keygen)

Thierry Zoller thie...@zoller.lu wrote: According to a Bugzilla entry memory is also leaked during the process. So let's recap, we have a function that generates key material and looping causes memory to leak. One might think this should be important enough to investigate, especially if you

[Full-disclosure] Drupal Embedded Media Field Module Multiple XSS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Details of this disclosure are posted at http://lampsecurity.org/drupal-6-embed-media-xss-vulnerability Vendor notified: 5/27/09 Vendor response: (see below) Description of Vulnerability: - - Drupal (http://drupal.org) is

[Full-disclosure] HackersBlog: WhiteHat Scum

NP: Down - Jay Sean ft. Lil Wayne Right. -- NOTICE**: THIS IS NOT AN ATTACK ON ORANGE, IM FED UP WITH WHITEHAT BASTARDS POSTING ALL THEIR CRAP. NO-ONE GIVES A FUCK, WE GOT THE POINT, NOW STOP BEFORE YOU PISS EVEN MORE PEOPLE OFF. -- Ive had enough of your fucking

Re: [Full-disclosure] [TZO-27-2009] Firefox Denial of Service (Keygen)

Thierry Zoller thie...@zoller.lu wrote: Hi Tavis, The bug title says Denial of service, not information leak, or crypto leak or whatever. I'm confused what it is you're replying to, I was clearly pointing out your misunderstanding of the term memory leak in the impact section of your post

Re: [Full-disclosure] [TZO-27-2009] Firefox Denial of Service (Keygen)

Hi Travis, With all due respect: A memory leak in an interactive program that requires you to view a hostile page for 9hours is clearly of negligible security impact. Ok I will take the strawman : The impact is Denial of Service. Ignoring that this discussion is of *any* interest to anybody

Re: [Full-disclosure] [TZO-27-2009] Firefox Denial of Service (Keygen)

Thierry Zoller thie...@zoller.lu wrote: A memory leak in an interactive program that requires you to view a hostile page for 9hours is clearly of negligible security impact. Ok I will take the strawman : Your random application of meaning to terminology is at least entertaining. Only a few

Re: [Full-disclosure] HackersBlog: WhiteHat Scum

Takes a real genius to Google query your way into SQL injections.. Oh look, I can site:orange.co.uk inurl:id!!!oneone... am I as cool as you 'kids' are?, oh wait.. I need to install my sqlmap and let it run and output the shit for me, cause I am so eleet.. -_-' Seriously, pr0j3ct m4yh3m?

Re: [Full-disclosure] [TZO-27-2009] Firefox Denial of Service (Keygen)

Hi, * Thierry Zoller thie...@zoller.lu [2009-05-28 23:38]: [...] General comment: I am interesting to see the kind of feedback I get when posting an Firefox bug as opposed to bugs of other vendors. It's almost like you hit a little boy and everybody steps into for his defence.

[Full-disclosure] Whitepaper

Hi all, If you plan to take my Application Security: For Hackers and Developers at ShakaCon, BlackHat, ToorCon, and others; I finally got off my can and finished the prerequisite white paper. It can be found here:

Re: [Full-disclosure] HackersBlog: WhiteHat Scum

Does anyone use their real name on the internet anymore? If so, they shouldn't. It makes the world go round and round and.. round. On Thu, May 28, 2009 at 6:37 PM, RoMeO romeo.hax...@gmail.com wrote: Takes a real genius to Google query your way into SQL injections.. Oh look, I can

Re: [Full-disclosure] HackersBlog: WhiteHat Scum

Oh, well... Sometimes we have this kind of amazing discussion coming!!! *sigh* -nb -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Jeremy Brown Sent: Thursday, May 28, 2009 21:58 To:

[Full-disclosure] VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2009-0007 Synopsis: VMware Hosted products and ESX and ESXi patches resolve