[Full-disclosure] [USN-788-1] Tomcat vulnerabilities

=== Ubuntu Security Notice USN-788-1 June 15, 2009 tomcat6 vulnerabilities CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783 === A security issue

[Full-disclosure] Things to do before vulnerability disclosure

Hi list, What are, if any, the legal and ethical things to do before someone could publicly disclosure a given vulnerability? -- Giuseppe ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted

[Full-disclosure] Apple QuickTime 0day

Try it with your latest quicktime player. -- #0:000 !exploitable -v #HostMachine\HostUser #Executing Processor Architecture is x86 #Debuggee is in User Mode #Debuggee is a live user mode debugging session on the local machine #Event

[Full-disclosure] Netgear DG632 Router Authentication Bypass Vulnerability

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: t...@tomneaves.co.uk t...@tomneaves.co.uk Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The

[Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: t...@tomneaves.co.uk t...@tomneaves.co.uk Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632

Re: [Full-disclosure] Things to do before vulnerability disclosure

While US law focused, you might take a look at the few guides by the EFF (Electronic Frontier Foundation). http://www.eff.org/issues/coders/vulnerability-reporting-faq Cheers, --scm On Mon, Jun 15, 2009 at 2:14 PM, Giuseppe Fuggianogiuseppe.fuggi...@gmail.com wrote: What are, if any, the legal

Re: [Full-disclosure] Apple QuickTime 0day

Excellent. Doesn't trigger on Mac. I just did a talk on QuickTime hacking at ShakaCon III -- which btw -- can I just say best place for a con ever!. My slides are at www.vdalabs.com. The slides might give you some insight into the types of exceptions you're hoping for. To boil it down, a

Re: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability

Hi. I'm not quite sure of your question... The DoS can be carried out remotely, however one mitigating factor (which makes it a low risk as opposed to sirens and alarms...) is that its turned off by default - you have to explicitly enable it under Remote Management on the device if you want

Re: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability

Hi. I see where you're going but I think you're missing the point a little. By *default* the web interface is enabled on the LAN and accessible by anyone on that LAN and the remote management interface (for the Internet) is turned off. If the remote management interface was enabled, stopping

Re: [Full-disclosure] Apple QuickTime 0day

Hi WebDEVIL, You base your PoC on this plugin (http://www.codeplex.com/msecdbg) for windbg (as copy/pasted), but i wonder, what make you think it's really exploitable (on quicktime) ? Have you tried that PoC on Itunes ? Itunes, use Quicktime as a module to read .mov files, but Itunes doesn't have