[Full-disclosure] [SECURITY] [DSA 2340-1] postgresql security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2340-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 7, 2011

[Full-disclosure] foofus.net security advisory - Lexmark Multifunction Printer Information Leakage - percX at foofus.net

Foofus.net Security Advisory: foofus-2007 Title: Lexmark Multifunction Printer Information exposure Version:X656de Vendor:

[Full-disclosure] [SECURITY] [DSA 2336-1] ffmpeg security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2336-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 07, 2011

[Full-disclosure] ZDI-11-320 : GE Proficy iFix HMI/SCADA ihDataArchiver.exe Trusted Header Size Remote Code Execution Vulnerability

ZDI-11-320 : GE Proficy iFix HMI/SCADA ihDataArchiver.exe Trusted Header Size Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-320 November 7, 2011 -- CVE ID: -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: GE -- Affected Products: GE

[Full-disclosure] WordPress All Versions Full Path Disclosure (FPD)

Hi, As part of my research on my tool WPScan, I have run the inspathx tool against every version of WordPress released, excluding BETA and MU releases. The result is this tar file which contains a txt file for every version of WordPress and the Full Path Disclosure vulnerabilities which effect

Re: [Full-disclosure] How not to deal with a vulnerability in your code

Of course I couldn't resist! -- Leon Kaiser - Head of GNAA Public Relations - litera...@gnaa.eu || litera...@goatse.fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923 The

Re: [Full-disclosure] How not to deal with a vulnerability in your code

At least we can see the code and the fuckups freely... Unlike with some OS's... On Sun, Nov 6, 2011 at 1:56 AM, Leon Kaiser litera...@gmail.com wrote: ** Of course I couldn't resist! -- *Leon Kaiser* - Head of GNAA Public

[Full-disclosure] Cisco CUCM - Multiple Vulnerabilities

Recurity Labs GmbH http://www.recurity-labs.com entomol...@recurity-labs.com Date: 08.11.2011 Vendor: Cisco Systems Product:

[Full-disclosure] IPv6 security (slides and training)

Folks, We have uploaded the slides of my IPv6 Security presentation at H2HC 2011 http://www.h2hc.com.br/?lang=en. -- The slides are available at: http://www.si6networks.com/presentations/h2hc2011/fgont-h2hc2011-ipv6-security.pdf. That aside, on November 15-16 I'll be teaching a two-day IPv6

Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers

That's a followUp! TOR Attack isn't hype, and on 10th of november, mayhem will be released don't troll, you fool. http://cvo-lab.blogspot.com/2011/11/tor-attack-technical-details.html - Rumors of

Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers

I think these details released are in line with our understanding of the attack: a) Enumerate network (by trying routes, or reading the broadcast list.) b) Scan the nodes c) Hack the vulnerable ones, installing malware, and/or add your own malicious nodes d) DOS the un-comprimized nodes, forcing

[Full-disclosure] [SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.21 Description: This issue only affects environments running web applications that

Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers

Viewing his blog gave a new entry about this suggestion. It's not gonna happen, and the gonna help the TORpeople. http://cvo-lab.blogspot.com/2011/11/let-us-stop-with-buzz-on-tor.html -neusbeer Op 8-11-2011 16:47, not here schreef: That's a followUp! TOR Attack isn't hype, and on 10th of

[Full-disclosure] CORE-2011-0825: Adobe Shockwave Player TextXtra.x32 vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Adobe Shockwave Player TextXtra.x32 vulnerability 1. *Advisory Information* Title: Adobe Shockwave Player TextXtra.x32 vulnerability Advisory ID: CORE-2011-0825

[Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

http://technet.microsoft.com/en-us/security/bulletin/ms11-083 The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. Microsoft did it once again. - Henri Salo

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Major roflage! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability

[CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability CAL ID: CAL-2011-0052 CVE ID: CVE-2011-2446 Discover: instruder of code audit labs of vulnhunt.com http://www.adobe.com/support/security/bulletins/apsb11-27.html 1 Affected Products

[Full-disclosure] [CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities

[CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities CAL_ID: CAL-2011-0054 CVE ID: CVE-2011-2448 Discover: instruder of code audit labs of vulnhunt.com http://www.adobe.com/support/security/bulletins/apsb11-27.html 1 Affected Products