[Full-disclosure] Capstone 1.0 disassembly framework release!

2013-12-17 Thread Nguyen Anh Quynh
Hi, We are excited to announce the 1.0 version for Capstone, the multi-arch, multi-platform disassembly framework you are longing for! Why this engine is unique? Capstone offers some unparalleled features: - Support all important hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86. - Clea

[Full-disclosure] CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability

2013-12-17 Thread CORE Advisories Team
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ RealPlayer Heap-based Buffer Overflow Vulnerability 1. *Advisory Information* Title: RealPlayer Heap-based Buffer Overflow Vulnerability Advisory ID: CORE-2013-0903 Advisory URL: http://www.coresecurity.com/advisories/realplaye

[Full-disclosure] Fw: xss

2013-12-17 Thread VMw4r3
On Tuesday, 17 December 2013, 20:58:23, VMw4r3 wrote: http://www.pearsonvue.com/accommodations/pv_review.asp?clientName=FOR_FREE%22/%3E%3C/scriPt%3E%3Cscript%3Ealert%281%29;%3C/script%3E http://www.pearsonvue.com/accommodations/pv_review.asp?clientName=FOR_FREE__Do%20That%20Test%22/%3E

Re: [Full-disclosure] [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application

2013-12-17 Thread coderman
On Mon, Dec 16, 2013 at 2:50 PM, Fyodor wrote: > ... > Apparently you touched a nerve! If the legal threats we received for > archiving this security advisory on SecLists.org are any indication, > ZippyYum really doesn't want anyone to know they were storing users' credit > card info (including s

[Full-disclosure] [ MDVSA-2013:287-1 ] drupal

2013-12-17 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:287-1 http://www.mandriva.com/en/support/security/ __

[Full-disclosure] [ MDVSA-2013:288 ] subversion

2013-12-17 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:288 http://www.mandriva.com/en/support/security/ __

Re: [Full-disclosure] [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application

2013-12-17 Thread William Scott Lockwood III
Hilarious. If I were just plain ignoring the PCI DSS, I'd want to hide evidence of it, too. If you really want to ruin their day, report this to VISA. -- W. Scott Lockwood III GWB20090338817 AMST Tech On Dec 17, 2013 3:12 AM, "Fyodor" wrote: > On Fri, Dec 6, 2013 at 8:07 PM, Daniel Wood wrote

[Full-disclosure] CSRF, DoS and IL vulnerabilities in WordPress

2013-12-17 Thread MustLive
Hello list! As I've announced earlier (http://seclists.org/fulldisclosure/2013/Nov/219), I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes (they were placed at my site for your attention). And this is translation

Re: [Full-disclosure] [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application

2013-12-17 Thread Fyodor
On Fri, Dec 6, 2013 at 8:07 PM, Daniel Wood wrote: > Title: [CVE-2013-6986] Insecure Data Storage in Subway Ordering for > California (ZippyYum) 3.4 iOS mobile application > > Reported to Vendor: May 2013 > CVE Reference: CVE-2013-6986 > Apparently you touched a nerve! If the legal threats we r

[Full-disclosure] [SECURITY] [DSA 2820-1] nspr security update

2013-12-17 Thread Raphael Geissert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2820-1 secur...@debian.org http://www.debian.org/security/ Raphael Geissert December 17, 2013