[Full-disclosure] [SECURITY] [DSA 2650-2] libvirt regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2650-2 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 17, 2013

Re: [Full-disclosure] n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access

I think because if/when someone enables it there is no authentication needed to remote log in as root? On Mar 16, 2013 4:32 PM, Julius Kivimäki julius.kivim...@gmail.com wrote: Why exactly is this a bug? 2013/3/15 secur...@nruns.com n.runs AG http://www.nruns.com/ security(at)nruns.com

[Full-disclosure] Port scanning /0 using insecure embedded devices

-  Internet Census 2012  -   Port scanning /0 using insecure embedded devices   -  Carna Botnet  -     While playing around with the Nmap Scripting Engine we discovered an amazing  number of

[Full-disclosure] [SE-2012-01] The allowed behavior in Java SE 7 (Issue 54)

Hello All, We decided to release technical details of Issue 54 that was reported to Oracle on Feb 25, 2013 and that was evaluated by the company as the allowed behavior. As of Mar 18, 2013 we have no information that Oracle treats Issue 54 as a security vulnerability. We believe that 3 weeks

[Full-disclosure] [ MDVSA-2013:026 ] sudo

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:026 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2013:027 ] clamav

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:027 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2013:028 ] nagios

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:028 http://www.mandriva.com/en/support/security/

[Full-disclosure] Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue

-20130318-type4 -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlFHFKYACgkQUddfH3/BbTpPQAD/S/gS0O+btwWu5rI7rugYeRzD m38z8zGANgZ9IlEz/OoA/RZVrhrJJ1eRTlHo0/IHuYK3AYUtT5cA8PprIJoUX1Qg =R0TE -END PGP SIGNATURE

[Full-disclosure] iKAT 2013 Release - Interactive Kiosk Attack Tool

iKAT - Interactive Kiosk Attack Tool v2013 Paul Craig - p...@ha.cked.net - It is with my greatest of pleasure that i would like to announce the availability of iKAT v2013! iKAT (The Interactive Kiosk Attack Tool) has become

Re: [Full-disclosure] Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb and others

So have many of these did you report to the developers of the software? Please give links to bug tracker, changelog or similar. --- Henri Salo signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter:

[Full-disclosure] [CVE-2013-2294] Multiple Cross Site Scripting (XSS) vulnerabilities in ViewGit

Vulnerability Report Author: Matthew R. Bucci bu...@sas.upenn.edu Date: 18 March, 2013 CVE-2013-2294 Description of Vulnerability: - ViewGit is a git web repository viewer that aims to be easy to set up and upgrade, light on dependencies, and comfortable to use.

[Full-disclosure] Remote command execution in Ruby Gem Command Wrap

Remote command execution in Ruby Gem Command Wrap 3/15/2013 http://rubygems.org/gems/command_wrap Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename. Examining