[Full-disclosure] [SECURITY] [DSA 2743-1] kfreebsd-9 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2743-1secur...@debian.org http://www.debian.org/security/ Aurelien Jarno August 27, 2013

[Full-disclosure] [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

Hi everyone, I am testing an Apache Tomcat server 6.0.36 on Ubuntu Linux I would like to reproduce  CVE-2012-3544 Denial of Service Vulnerability with Apache Tomcat 6.0.36 I tried to send a request using chunked transfer encoding  with a web proxy (Burp proxy) but I think I am making a

Re: [Full-disclosure] DC4420 - London DEFCON - August Meet - Tuesday 27th August 2013

I read the blog post, great work! RFID has become so interesting lately especially with the introduction of the self checkout EFT machines. You're basically left alone with an RFID reader. Will have heaps of fun with one of these RFIDlers! On 26/08/2013 6:34 PM, Major Malfunction

[Full-disclosure] IBM Lotus iNotes 8.5.x cross-site scripting vulnerabilities

IBM has released a security advisory to address four cross-site scripting vulnerabilities Check the url: http://www-01.ibm.com/support/docview.wss?uid=swg21647740 Thanks Alrashid http://www.itsecuritycenter.com/ ___ Full-Disclosure - We believe in it.

Re: [Full-disclosure] CAPTCHA re-riding attack in https://google.com

Hi Adam, As discussed, this issue just a captcha bypass problem. Except this case, I don't know google still uses this captcha somewhere or not :). Anyway, thank you Adam! Your reply is a very clear way to explain it. See more: https://www.owasp.org/index.php/Testing_for_Captcha_(OWASP-AT-008)

[Full-disclosure] Atlassian Confluence - Sensitive Information Leakage

Hello list, Since vendor does not seem to care about this issue more than a year after initial report (https://jira.atlassian.com/browse/CONF-23985), I think that is time to share this issue. - Affected products: - Atlassian Confluence 3.x and 4.x

[Full-disclosure] [ MDVSA-2013:220 ] lcms

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:220 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2013:221 ] php

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:221 http://www.mandriva.com/en/support/security/

[Full-disclosure] SEC-T 2013 Speaker list published. Register today and come visit us in Sweden.

Hi! The 6:th annual SEC-T Conference is happening in Stockholm, Sweden on the 12-13:th of September this year. We currently have the speaker list online, schedule will follow soon so check it out: https://www.sec-t.org/2013/speakers.html As always we'll sport a decent con party, challenges

[Full-disclosure] [SECURITY] [DSA 2744-1] tiff security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2744-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff August 27, 2013

[Full-disclosure] [ MDVSA-2013:222 ] puppet

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:222 http://www.mandriva.com/en/support/security/

[Full-disclosure] AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP

Asterisk Project Security Advisory - AST-2013-004 Product Asterisk Summary Remote Crash From Late Arriving SIP ACK With SDP Nature of Advisory Remote Crash

[Full-disclosure] AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request

Asterisk Project Security Advisory - AST-2013-005 ProductAsterisk SummaryRemote Crash when Invalid SDP is sent in SIP Request Nature of Advisory Remote Crash

[Full-disclosure] [PSA-2013-0827-1] Oracle Java ByteComponentRaster.verify() Memory Corruption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 +--+ | Packet Storm Advisory 2013-0827-1| | http://packetstormsecurity.com/ |