[Full-disclosure] Fwd: Trustlook discovered Microsoft’s first high risk Android Vulnerability

http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/ Imagine in a leisurely afternoon, you are sitting in a coffee shop. You want to search for the latest movie information for tonight’s dating. So you connected to the public wifi called “Starbucks”,

[Full-disclosure] Contact PSIRT Fortinet

Does anyone have a contact person in the PSIRT at Fortinet ? The email PSIRT at Fortinet not have response. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://sec

[Full-disclosure] Remote Command Injection Vulnerability in SkyBlueCanvas CMS

Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 (and probably prior versions) Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it

[Full-disclosure] [SECURITY] [DSA 2826-2] denyhosts regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2826-2 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez January 23, 2014

[Full-disclosure] CALL FOR PAPERS - NUIT DU HACK - 28/29 JUNE 2014

CALL FOR PAPERS - NUIT DU HACK - 28/29 JUNE 2014 https://www.nuitduhack.com/CALL-FOR-PAPERS-NUIT-DU-HACK-28-29-JUNE-2014 If you’re reading this, you know what NDH and a CFP stands for, so I won’t bother you that long. - Conference format: 45min, including 5 to 10min of Q&A - Submission: https://s

[Full-disclosure] Healthcare.gov noise

This site is making waves on twitter: http://7in4mins.wordpress.com/ So what say you? Has our dear sweet Lord of the SET hacked healthcare.gov? Or did he lie about what is really going on to get close to his hero's at Fox News? Has the spotlight turned him into another Gregory Evans? Desperate

Re: [Full-disclosure] Chrome (and Safari) antiXSS filter bypass

Hey, I got a 403 while attempting to visit the URL. Error 403 demofaast.elevenpaths.com Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.19 Thanks, Pedro 2014/1/22 vu...@11paths.com > Modern browsers usually have an antiXSS filter, that protects users fro

[Full-disclosure] [CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7

### 01. ### Advisory Information ### Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. ### Vulnera

[Full-disclosure] ADV: IBM QRadar SIEM

Hello, Copy/paste from http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html: IBM QRadar SIEM CSRF - XSS - MITM - RCE I have found the IBM QRadar Security Intelligence Platform auto update mechanisms exposes a number of security bugs. Web Interface Sreenshot (/console/do

[Full-disclosure] DAVOSET v.1.1.6

Hello participants of Mailing List. After making public release of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html), I've made next update of the software. At 24th of January DAVOSET v.1.1.6 was released - DDoS attacks via other sites execution

[Full-disclosure] [ MDVSA-2014:021 ] perl-Proc-Daemon

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:021 http://www.mandriva.com/en/support/security/ __

[Full-disclosure] [ MDVSA-2014:022 ] augeas

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:022 http://www.mandriva.com/en/support/security/ __

[Full-disclosure] [ MDVSA-2014:023 ] hplip

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:023 http://www.mandriva.com/en/support/security/ __

[Full-disclosure] [ MDVSA-2014:024 ] graphviz

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:024 http://www.mandriva.com/en/support/security/ __

[Full-disclosure] Dictatorial laws in Ukraine

Hello participants of Mailing List. Last week I wrote about multiple vulnerabilities at president.gov.ua (http://seclists.org/fulldisclosure/2014/Jan/125). This is continuation of that letter. I remind you, that in Ukraine last week parliament in non-constitutional way voted for "Dictatorial