[Full-disclosure] [GTA-2013-01] - Libsrtp srtp_protect/hmac_compute buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *Title* Libsrtp srtp_protect/hmac_compute buffer overflow *Affected products* - - libsrtp (https://github.com/cisco/libsrtp) all versions *Description* Libsrtp is the Cisco Systems, Inc. reference implementation of the Secure Real-time

[Full-disclosure] [ISecAuditors Security Advisories] Multiple Vulnerabilities in Telaen = 1.3.0

= INTERNET SECURITY AUDITORS ALERT 2013-009 - Original release date: March 15th, 2013 - Last revised: June 4th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) - CVE-ID: CVE-2013-2621, CVE-2013-2623,

[Full-disclosure] 3COM NBX V3000 Networked Telephony Solution Information Disclosure

*Known Affected Versions: *R5_0_31 (Created March 1st, 2007) *Date Discovered: *November 13, 2012 Obviously not anything new to get sensitive data out via the VxWorks remote debugger, but this seemed to warrant specific attention since it did allow for the disclosure of call logs and full access

Re: [Full-disclosure] Any.Do sends passwords in plaintext

As of recently this security hole has been silently fixed. From: Peter Lustlos peter.lustlo...@yahoo.com To: full-disclosure@lists.grok.org.uk Sent: Monday, December 10, 2012 2:57 PM Subject: Any.Do sends passwords in plaintext Any.Do transmits Passwords

[Full-disclosure] OT github search: extension:php mysql_query $_GET

Not following php sploits lately. Someone send me this github search: https://github.com/search?p=3q=extension%3Aphp+mysql_query+%24_GETref=searchresultstype=Code We've found 76,144 code results -- spam ___ Full-Disclosure - We believe in it.

[Full-disclosure] [UPDATED][GTA-2013-01] - Libsrtp srtp_protect/hmac_compute buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *Title* Libsrtp srtp_protect/hmac_compute buffer overflow *Affected products* - - libsrtp (https://github.com/cisco/libsrtp) all versions *Description* Libsrtp is the Cisco Systems, Inc. reference implementation of the Secure Real-time

[Full-disclosure] IA and AFU vulnerabilities in aCMS

Hello list! These are Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the second part of them. - Affected products: - Vulnerable are aCMS

[Full-disclosure] [CORE-2013-0103] Mac OSX Server DirectoryService buffer overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1. *Advisory Information* Title: Mac OSX Server DirectoryService buffer overflow Advisory ID: CORE-2013-0103 Advisory URL: