[Full-disclosure] Vulnerabilities in Avaya IP Office Customer Call Reporter

Hello list! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include (Cross-Site Scripting) vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZD

[Full-disclosure] [SECURITY] [DSA 2739-1] cacti security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2739-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff August 21, 2013

[Full-disclosure] [Security-news] SA-CONTRIB-2013-070 - Zen - Cross Site Scripting

View online: https://drupal.org/node/2071157 * Advisory ID: DRUPAL-SA-CONTRIB-2013-070 * Project: Zen [1] (third-party module) * Version: 7.x * Date: 2013-August-21 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DES

[Full-disclosure] Windows Embedded POSReady 2009: cruft, not craft

Hi, the cruft in the evaluation version of Windows Embedded POSReady 2009 (see ) is not only present there, but also in systems built with Microsofts official "OEM preinstallation kit", distributed as DVD X15-28127. Result: all these embedded system

[Full-disclosure] CVE-2013-3186 - The case of a one click sandbox escape on IE

Hi, Lately I have been researching IE sandbox escapes with some nice outcome... Find further details of a 1 click sandbox escape on IE at: http://zhodiac.hispahack.com/index.php?section=blog&day=21&month=8&year=2013 Cheers, --- Fermín J. Serna Web & Blog: http://zhodiac.hispahack.com Pgp key:

[Full-disclosure] Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability Advisory ID: cisco-sa-20130821-cup Revision 1.0 For Public Release 2013 August 21 16:00 UTC (GMT

[Full-disclosure] Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities Advisory ID: cisco-sa-20130821-hcm Revision 1.0 For Public Release 2013 August 21 16:00 UTC (GMT

[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Multiple Vulnerabilities in Cisco Unified Communications Manager Advisory ID: cisco-sa-20130821-cucm Revision 1.0 For Public Release 2013 August 21 16:00 UTC (GMT) +- Summary

[Full-disclosure] [ MDVSA-2013:214 ] python

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:214 http://www.mandriva.com/en/support/security/ __

Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

Hello once more! I was just one step away from seppuku when I remembered I've already asked sillier questions that went unpunished... :D Thank you for your time. It would have taken me some weeks at least to figure out that this hex was no mystery at all to the trained eye. I'm also a lot less wo

[Full-disclosure] HackInTheBox CTF Weapons of Mass Destruction: War of the World

HackInTheBox Capture The Flag Malaysia is now back with more firepower and epic pwnage! #-# #A Bit of Histrory# #-# In our previous CTF (Fallout Apocalypse), each team had a set of daemons (called the Reactor Cores, or RC) running on thei

[Full-disclosure] Last (short) chance to submit papers for PacSec in Tokyo Nov 13-14. Deadline FRIDAY.

Since we didn't mail out to the traditional mailing lists for the PacSec CFP this year, this note is being sent out, and we are allowing submissions to secwes...@pacsec.jp up until this Friday, August 23. After more than ten years, you know the drill, and if you don't CFP details are on the w