[Full-disclosure] ResEdit Buffer Overflow Vulnerabilities

2012-05-24 Thread Walied Assar
Product Link: http://www.resedit.net/ Affected version: 1.5.11-win32 Type of vulnerabilities: Buffer Overflow. For Further information: http://waleedassar.blogspot.com/2012/05/resedit-named-entries-two-buffer.html POCs: http://code.google.com/p/ollytlscatch/downloads/detail?name=ResEdit_POC1.ex

[Full-disclosure] [SECURITY] [DSA 2480-1] request-tracker3.8 security update

2012-05-24 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2480-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff May 24, 2012

Re: [Full-disclosure] Certificacion - Profesional Pentester

2012-05-24 Thread Thor (Hammer of God)
Certainly. In fact, if anyone else wants to help perform the test on behalf of HoG, please let me know and I'll officially write up a change order to specify additional resources. [Description: Description: Description: Description: Description: Description: Description: Description: Descripti

[Full-disclosure] VMDK Has Left the Building . Some Nasty Attacks Against VMware vSphere 5 Based Cloud Infrastructures

2012-05-24 Thread Enno Rey
List, some of you might find this interesting: http://www.insinuator.net/2012/05/vmdk-has-left-the-building/ have a good one Enno -- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 174 3082474 PGP FP 055F B3F3 FE9D 7

[Full-disclosure] CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF)

2012-05-24 Thread Tiago Natel de Moura
Social Engine 4.2.2 Multiples Vulnerabilities Earlier versions are also possibly vulnerable. INFORMATION Product: Social Engine 4.2.2 Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Discovered by: Tiago Natel de Moura aka "i4k" Discovered at: 10/04/2012 CVE Notified: 10/04/2012 CVE N

[Full-disclosure] [ MDVSA-2012:081 ] firefox

2012-05-24 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:081 http://www.mandriva.com/security/ _

[Full-disclosure] Kingcopes AthCon 2012 Slides & Notes

2012-05-24 Thread HI-TECH .
Hello lists, you can view my slides & notes for my talk entitled "Uncovering Zero-Days and advanced fuzzing" held at AthCon 2012 at the following places: http://www.isowarez.de/ http://kingcope.wordpress.com/ Cheerio, /Kingcope ___ Full-Disclosure -

Re: [Full-disclosure] Certificacion - Profesional Pentester

2012-05-24 Thread Giles Coochey
On 23/05/2012 20:26, Thor (Hammer of God) wrote: Hell Juan. As per the conditions of the contract I forwarded, I am pleased to see that you have given me full permission to assess any systems of yours I feel are within scope. I'm copying in FD again so they can all be witness to the fact yo

[Full-disclosure] [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability

2012-05-24 Thread Stefan Bodewig
CVE-2012-2098: Apache Commons Compress and Apache Ant denial of service vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Commons Compress 1.0 to 1.4 Apache Ant 1.5 to 1.8.3 Description: The bzip2 compressing streams in Apache Commons Co