[Full-disclosure] Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512

Hi @ll, Fujitsus http://www.fsc-pc.de/ factory preinstallation (as found on a Fujitsu Lifebook A512 purchased a month ago) of Windows 8 Professional x64 (I'm VERY confident that other variants of Fujitsu's Windows 8 factory installation are just the like) has the following vulnerabilities which

[Full-disclosure] [SE-2012-01] New security vulnerabilities and broken fixes in IBM Java

Hello All, Security Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software [1]. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that

[Full-disclosure] [ MDVSA-2013:161 ] java-1.7.0-openjdk

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:161 http://www.mandriva.com/en/support/security/

[Full-disclosure] Introducing libOnionRoute, the library to anonymize software

Hi Everyone: LibOnionRoute, the library to anonymize software was just released. It is basically a modification of Tor to transform it into a library you can link to your software. Some of us believe is more secure in some situations to use it like that. To find out more please visit:

[Full-disclosure] Apache VCL improper input validation

CVE-2013-0267: Apache VCL improper input validation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache VCL 2.1, 2.2, 2.2.1, 2.3, 2.3.1 Description: Some parts of VCL did not properly validate input data. This problem was present both in the Privileges portion

[Full-disclosure] VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6

Hi @ll, the current 3CXPhone6.msi (for Windows), available from http://www.3cx.com/VOIP/sip-phone/, digitally signed on 2012-07-30, installs the following outdated and vulnerable 3rd-party libraries: * libeay32.dll and ssleay32.dll version 0.9.8h (from 2008-05-28) of OpenSSL. The current

[Full-disclosure] VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone System 11

Hi @ll, the current 3CXPhoneSystem11.exe (for Windows), available from http://www.3cx.com/phone-system/download-phone-system/ (pricing see http://www.3cx.com/ordering/pricing/), digitally signed on 2013-01-28, installs the following COMPLETELY outdated and vulnerable 3rd-party (open source)

[Full-disclosure] Vulnerabilities in VideoJS

Hello list! I want to inform you about vulnerabilities in VideoJS. This is popular video and audio player, which is used at hundreds thousands of web sites and in multiple web applications. This is Cross-Site Scripting vulnerability in VideoJS. There is also DoS hole related to this player,

[Full-disclosure] Ruxcon 2013 Call For Papers

Ruxcon 2013 Call For Presentations Melbourne, Australia, October 26th-27th CQ Function Centre http://www.ruxcon.org.au/call-for-papers/ The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013. This year the conference will take place over the weekend of the 26th and

[Full-disclosure] [ESNC-2013-005] Remote Code Injection in SAP ERP Central Component - Project System

[ESNC-2013-005] Remote Code Injection in SAP ERP Central Component - Project System Please refer to http://www.esnc.de for the original security advisory, updates and additional information. 1. Business Impact