rPath Security Advisory: 2009-0091-1
Published: 2009-05-27
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Rating: Critical
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
rPath Security Advisory: 2009-0092-1
Published: 2009-05-27
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Rating: Major
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated
rPath Security Advisory: 2009-0095-1
Published: 2009-05-27
Products:
rPath Linux 1
Rating: Minor
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
tshark=conary.rpath@rpl:1/1.0.8-0.1-1
wireshark=conary.rpath@rpl:1/1.0.8-0.1-1
rPath
ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-021
May 13, 2009
-- CVE ID:
CVE-2009-0010
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint
Sure, you say that now, but wait until I maliciously entice you to click
on my BROWSER-HANGING SVG OF DEATH!!!
Chris Evans wrote:
On Wed, May 27, 2009 at 12:03 PM, Thierry Zoller thie...@zoller.lu
mailto:thie...@zoller.lu wrote:
Hi Michal,
Yep, positive, welcome to the world of
Survey: MIME/Content-Type-Sniffing Issues in Image Uploads in Forum Scripts
Author: Jacques Copeau
Abstract
Internet Explorer, especially versions 7 and 6, can be tricked to treat images
as html, opening XSS vulnerabilities in software that
Thierry Zoller thie...@zoller.lu wrote:
According to a Bugzilla entry memory is also leaked during the process.
So let's recap, we have a function that generates key material and looping
causes memory to leak. One might think this should be important enough to
investigate, especially if you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Details of this disclosure are posted at
http://lampsecurity.org/drupal-6-embed-media-xss-vulnerability
Vendor notified: 5/27/09
Vendor response: (see below)
Description of Vulnerability:
- -
Drupal (http://drupal.org) is
NP: Down - Jay Sean ft. Lil Wayne
Right.
--
NOTICE**: THIS IS NOT AN ATTACK ON ORANGE, IM FED UP WITH
WHITEHAT BASTARDS POSTING ALL THEIR CRAP.
NO-ONE GIVES A FUCK, WE GOT THE POINT, NOW STOP BEFORE YOU PISS
EVEN MORE PEOPLE OFF.
--
Ive had enough of your fucking
Thierry Zoller thie...@zoller.lu wrote:
Hi Tavis,
The bug title says Denial of service, not information leak, or crypto
leak or whatever.
I'm confused what it is you're replying to, I was clearly pointing out your
misunderstanding of the term memory leak in the impact section of your
post
Hi Travis,
With all due respect:
A memory leak in an interactive program that requires you to view a hostile
page for 9hours is clearly of negligible security impact.
Ok I will take the strawman :
The impact is Denial of Service.
Ignoring that this discussion is of *any* interest to anybody
Thierry Zoller thie...@zoller.lu wrote:
A memory leak in an interactive program that requires you to view a
hostile page for 9hours is clearly of negligible security impact.
Ok I will take the strawman :
Your random application of meaning to terminology is at least entertaining.
Only a few
Takes a real genius to Google query your way into SQL injections..
Oh look, I can site:orange.co.uk inurl:id!!!oneone... am I as cool
as you 'kids' are?, oh wait.. I need to install my sqlmap and let it
run and output the shit for me, cause I am so eleet.. -_-'
Seriously, pr0j3ct m4yh3m?
Hi,
* Thierry Zoller thie...@zoller.lu [2009-05-28 23:38]:
[...]
General comment: I am interesting to see the kind of feedback I
get when posting an Firefox bug as opposed to bugs of other vendors.
It's almost like you hit a little boy and everybody steps into for
his defence.
Hi all,
If you plan to take my Application Security: For Hackers and
Developers at ShakaCon, BlackHat, ToorCon, and others;
I finally got off my can and finished the prerequisite white paper.
It can be found here:
Does anyone use their real name on the internet anymore? If so, they
shouldn't. It makes the world go round and round and.. round.
On Thu, May 28, 2009 at 6:37 PM, RoMeO romeo.hax...@gmail.com wrote:
Takes a real genius to Google query your way into SQL injections..
Oh look, I can
Oh, well... Sometimes we have this kind of amazing discussion coming!!!
*sigh*
-nb
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf
Of Jeremy Brown
Sent: Thursday, May 28, 2009 21:58
To:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID: VMSA-2009-0007
Synopsis: VMware Hosted products and ESX and ESXi patches
resolve
18 matches
Mail list logo