[Full-disclosure] Everfocus EDR1600 remote authentication bypass

2009-10-22 Thread Andrea Fabrizi
** Product: Everfocus EDR1600 Version affected: all Website: http://www.everfocus.com/ Discovered By: Andrea Fabrizi Email: andrea.fabr...@gmail.com Web: http://www.andreafabrizi.it Vuln: remote DVR authentication bypass **

[Full-disclosure] How to own a windows domain - video tutorial

2009-10-22 Thread Z
A short video tutorial about how to become to a windows domain admin if you have physical access to one of the domain member workstations for ~20 minutes and every builtin local administrator user on the workstations have the same password. http://securitytube.net/How-to-own-a-Windows-Domain-video

[Full-disclosure] [ MDVSA-2009:287 ] xpdf

2009-10-22 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:287 http://www.mandriva.com/security/

[Full-disclosure] [ GLSA 200910-02 ] Pidgin: Multiple vulnerabilities

2009-10-22 Thread Tobias Heinlein
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200910-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [USN-850-2] poppler regression

2009-10-22 Thread Marc Deslauriers
=== Ubuntu Security Notice USN-850-2 October 22, 2009 poppler regression https://launchpad.net/bugs/457985 === A security issue affects the following Ubuntu releases: Ubuntu 6

Re: [Full-disclosure] NSOADV-2009-003: Websense Email Security Cross Site Scripting

2009-10-22 Thread Hubbard, Dan
The vulnerability has been fixed within the latest version which is 7.2. This is set to be released Friday, October 23, 2009. Websense would like to thank Nikolas for working with us on the issue. Websense customers can get the new version for free through mywebsense.com and details on the sec

[Full-disclosure] Snort <= 2.8.5 IPV6 Remote DoS

2009-10-22 Thread laurent gaffie
= - Date: October 22th, 2009 - Discovered by: Laurent Gaffié - Severity: Low = I. VULNERABILITY - Snort <= 2.8.5 IPV6 Remote DoS II. DESCRIPTION - A remote DoS

[Full-disclosure] H D Moore sells Metasploit: Open source project in commercial hands

2009-10-22 Thread Ivan .
http://risky.biz/metasploit_sold ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] H D Moore sells Metasploit: Open source project in commercial hands

2009-10-22 Thread Rohit Patnaik
I don't really see this as a bad thing. Metasploit's new hybrid license seems to force contributions to be open-sourced so Rapid7's contributions should flow back to the community. --Rohit Patnaik On Thu, Oct 22, 2009 at 6:14 PM, Ivan . wrote: > http://risky.biz/metasploit_sold > > ___

Re: [Full-disclosure] H D Moore sells Metasploit: Open source project in commercial hands

2009-10-22 Thread James Lay
From: Rohit Patnaik Date: Thu, 22 Oct 2009 18:52:57 -0500 To: "Ivan ." Cc: Full-disclosure Subject: Re: [Full-disclosure] H D Moore sells Metasploit: Open source project in commercial hands I don't really see this as a bad thing.  Metasploit's new hybrid license seems to force contributions to

Re: [Full-disclosure] H D Moore sells Metasploit: Open source project in commercial hands

2009-10-22 Thread Ivan .
quick, wget the whole site before it all goes commercial ;-p On Fri, Oct 23, 2009 at 11:08 AM, James Lay wrote: > *From: *Rohit Patnaik > *Date: *Thu, 22 Oct 2009 18:52:57 -0500 > *To: *"Ivan ." > *Cc: *Full-disclosure > *Subject: *Re: [Full-disclosure] H D Moore sells Metasploit: Open sourc