[Full-disclosure] ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability

Hi, SecPod Research Team has found new vulnerability in ZeusCart Ecommerce Shopping Cart Software. Advisory details has been attached to this mail. Regards, SecPod Research Team ### ZeusCart Ecommerce Shopping Cart Software

[Full-disclosure] Secunia Research: MantisBT "Add Category" Script Insertion Vulnerability

== Secunia Research 05/08/2010 - MantisBT "Add Category" Script Insertion Vulnerability - == Table of Contents Affected Software..

[Full-disclosure] [USN-969-1] PCSC-Lite vulnerability

=== Ubuntu Security Notice USN-969-1August 05, 2010 pcsc-lite vulnerability CVE-2009-4901, CVE-2009-4902, CVE-2010-0407 === A security issue affects the following Ubuntu rele

[Full-disclosure] TPTI-10-06: Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution Vulnerability

TPTI-10-06: Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-06 August 4, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- Tipp

[Full-disclosure] TPTI-10-05: Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability

TPTI-10-05: Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-05 August 4, 2010 -- CVSS: 7.8, (AV:N/AC:L/Au:N/C:N/I:N/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Prote

[Full-disclosure] ZDI-10-142: Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability

ZDI-10-142: Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-142 August 5, 2010 -- CVE ID: CVE-2010-1785 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- Tipping

[Full-disclosure] ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability

ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-141 August 5, 2010 -- CVE ID: CVE-2010-1786 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Safari

[Full-disclosure] ZDI-10-140: Novell iPrint Client Browser Plugin operation Parameter Remote Code Execution Vulnerability

ZDI-10-140: Novell iPrint Client Browser Plugin operation Parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-140 August 5, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoin

[Full-disclosure] ZDI-10-139: Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution

ZDI-10-139: Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-10-139 August 5, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer

[Full-disclosure] ZDI-10-138: Novell iPrint Server Queue Name Remote Code Execution Vulnerability

ZDI-10-138: Novell iPrint Server Queue Name Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-138 August 5, 2010 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPoint(TM) IPS Customer Protect

[Full-disclosure] [USN-968-1] Dell Latitude 2110 vulnerability

=== Ubuntu Security Notice USN-968-1August 05, 2010 base-files vulnerability CVE-2010-0834 === A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.

[Full-disclosure] BackTrack 4 R1 - Public Release

Hello lists, The BackTrack Dev team is happy to announce the release of BackTrack 4 R1 ­ featuring a 2.6.34 kernel, wider hardware support, faster desktop responsiveness and more. The release can be downloaded at http://www.backtrack-linux.org/downloads/ via direct download or torrent (Torrent is

Re: [Full-disclosure] On the iPhone PDF and kernel exploit

.. surely if this was the index of webroot we'd see faq.html etc? are we sure that this isnt infact a purpose made folder? On Thu, Aug 5, 2010 at 11:59 AM, Mario Vilas wrote: > http://jailbreakme.com/_/ gives me a 404 Not Found error. > > There were a few vulnerabilities in lighthttpd related to

Re: [Full-disclosure] On the iPhone PDF and kernel exploit

On Thu, Aug 5, 2010 at 2:43 PM, Ryan Sears wrote: > Well I'm no expert but I'm going to see if I can reverse engineer the PDFs > used for jailbreaking (obviously I'd need an ARM assembly book or someone > who knows it :-P) and figure out exactly what they're doing. I agree with > was said earlier

Re: [Full-disclosure] On the iPhone PDF and kernel exploit

http://jailbreakme.com/_/ gives me a 404 Not Found error. There were a few vulnerabilities in lighthttpd related to the %00 character but after googling a while I couldn't find this particular one. I guess it's worth reporting if this still works in the current version (1.5.0). On Thu, Aug 5, 201

Re: [Full-disclosure] On the iPhone PDF and kernel exploit

On 5 Aug 2010, at 10:13, Ryan Sears wrote: Well I'm no expert but I'm going to see if I can reverse engineer the PDFs used for jailbreaking (obviously I'd need an ARM assembly book or someone who knows it :-P) and figure out exactly what they're doing. I agree with was said earlier, I'm not sayi

Re: [Full-disclosure] On the iPhone PDF and kernel exploit

Well I'm no expert but I'm going to see if I can reverse engineer the PDFs used for jailbreaking (obviously I'd need an ARM assembly book or someone who knows it :-P) and figure out exactly what they're doing. I agree with was said earlier, I'm not saying they're doing something malicious, but i