= CodeScan Advisory, codescan.com
=
= Multiple vulnerablities in Xoops 2.4.3
=
= Vendor Website:
= http://www.xoops.org
=
= Affected Version:
=Xoops 2.4.3 And Earlier
=
= Researched By
=CodeScan Labs
=
= Public disc
Advisory Name: SQL injection in FreePBX 2.5.1
Internal Cybsec Advisory Id: 2010-0103
Vulnerability Class: SQL injection
Release Date: 15/01/2010
Affected Applications: Confirmed in FreePBX 2.5.1. Other versions may also
be affected.
Affected Platforms: Any running FreePBX 2.5.1
Local / Remote
Product:
AOL 9.5
Vulnerability:
ActiveX - Heap Overflow
Discussion:
Vulnerability is in Activex Control ("CDDBControl.dll")
Sending a string to BindToFile() , triggering the vulnerability.
Successful exploits allow remote attackers to execute arbitrary
code.
Debugger Results:
(fd0.1274): A
Bipin,
I'm not "wise" either, at least not when it comes to security, I'm just
still discovering this world.
Other then that, I didn't understand a thing of what you said.
Regards,
Christian Sciberras.
On Mon, Jan 18, 2010 at 8:42 PM, Bipin Gautam wrote:
> Christian!
>
> I may not be "wise" a
Christian!
I may not be "wise" as you all but i left FD long back --- still i
happen to stumble into security bugs every now and then. No i dodnt
sat on a chair to look for it! It JUST followed me like a shadows.
I hate it...
At one point in time i got so sick of it all, i stopped my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:014
http://www.mandriva.com/security/
Bipin,
You're got your priorities wrong, and unfortunately many companies are
coming to the same conclusion.
The problem with security is fixing where is needed rather then shout out
"this product is secure" or "hardening".
What I'm talking about; Windows XP came with it's own Firewall, but plea
(This is a 15 day old news, some of you already know...0-day for few :)
Hint : It looks like, not ALL linkedin back-end servers are updated still!
Last year DIA[1] run into an almost similar problem but the problem of
Linkedin is worst among all.
Facebook doesnt have this problem (but we all kno
So, What is the cost of buying a fighter jet? What would be the cost
of hardening windows (say) by default,straight out of Microsoft, with
good defense in depth strategy (or least an ad-on)?
( Sometimes identifying your enemy is difficult than the battle itself
and sometimes the battle exists wit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:013
http://www.mandriva.com/security/
Poor jack mannino jack.a.mannino at gmail.com
What Web App Security Scanner you using?
What is the defination of simple and not secure?
You may need describe your opinion more.
BYM
___
Full-Disclosure - We believe in it.
Charter: http://lists
Previous advisory was sent out with the wrong USN number.
Here is the corrected version.
===
Ubuntu Security Notice USN-887-1 January 18, 2010
libthai vulnerability
CVE-2009-4012
=
Hello All,
SMobile’s Global Threat Center (GTC) has released a research study on proof of
concept malicious applications for BlackBerry platform. This research exposes
the weakened security posture of BlackBerry device that operate under the
BlackBerry Internet Service environment. The proof of
I improved the counter:
var y = 2;
function changeBody(){
y=y*y
frame.contentWindow.document.body.innerHTML = y + div_html;
setTimeout(changeBody,1);
}
On Mon, Jan 18, 2010 at 4:20 AM, Christian Sciberras wrote:
> Nice...err...counter thingy? I don't see any crashes. Besides, there's a
> lot
===
Ubuntu Security Notice USN-885-1 January 18, 2010
libthai vulnerability
CVE-2009-4012
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.
===
Ubuntu Security Notice USN-886-1 January 18, 2010
pidgin vulnerabilities
CVE-2008-2955, CVE-2009-1376, CVE-2009-2703, CVE-2009-3026,
CVE-2009-3083, CVE-2009-3085, CVE-2009-3615, CVE-2010-0013
=
Last month we announced a technology event called Campus Party EU (
http://www.campus-party.eu/home-en.html), which will take place between 14
and 18 April 2010 in Madrid (Spain). We distributed a Call For Participants,
in which the chosen participants would attend different talks given by great
an
Last month we announced a technology event called Campus Party EU
(http://www.campus-party.eu/home-en.html), which will take place
between 14 and 18 April 2010 in Madrid (Spain). We distributed a Call
For Participants, in which the chosen participants would attend
different talks given by great and
I'm still incredulous as to how many high-profile companies fell for an IE
exploit.
Knowing many PC were for development, how many developers out there actually
use IE?
I'm not getting into the "IE is bad" crap, I'm just saying it was the very
ultimate worst an IE 0day could get.
I'm not buying thi
Wow such depth! Such insight! WOW
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
Densmore, Todd
Sent: 15. januar 2010 23:34
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] All China,
Nice...err...counter thingy? I don't see any crashes. Besides, there's a lot
of redundant (and possibly useless) code?
On Mon, Jan 18, 2010 at 10:57 AM, Tim Kunschke wrote:
> Stack Smasher schrieb:
> >
> >
> >
> >
> >
> >
> >
> > var div_html = '
