Re: Nginx ngx_http_close_connection function integer overflow

2013-04-29 Thread Maxim Konovalov
Hello, On Thu, 25 Apr 2013, 06:52-, saf...@gmail.com wrote: [...] II. DESCRIPTION - Qihoo 360 Web Security Research Team discovered a critical vulnerability in nginx. The vulnerability is caused by a int overflow error within the Nginx ngx_http_close_connection

[security bulletin] HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS)

2013-04-29 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03737200 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03737200 Version: 1 HPSBPI02868

[security bulletin] HPSBPI02869 SSRT100936 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files

2013-04-29 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03744742 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03744742 Version: 1 HPSBPI02869

Hacking IPv6 networks training (slideware, upcoming trainings, etc.)

2013-04-29 Thread Fernando Gont
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, We have posted part of the materials of the BRUCON 2012 edition of our Hacking IPv6 Networks IPv6 security training course. The slideware is available at:

EDSC 2013 CFP Open

2013-04-29 Thread Michael Eddington
The EDSC 2013 CFP is open! EDSC is a new security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike.

[ MDVSA-2013:151 ] curl

2013-04-29 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:151 http://www.mandriva.com/en/support/security/

[ MDVSA-2013:152 ] subversion

2013-04-29 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:152 http://www.mandriva.com/en/support/security/

[ MDVSA-2013:153 ] subversion

2013-04-29 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:153 http://www.mandriva.com/en/support/security/

[KIS-2013-04] Joomla! = 3.0.3 (remember.php) PHP Object Injection Vulnerability

2013-04-29 Thread Egidio Romano
-- Joomla! = 3.0.3 (remember.php) PHP Object Injection Vulnerability -- [-] Software Link: http://www.joomla.org/ [-] Affected Versions: Version 3.0.3 and earlier

Cisco/Linksys E1200 N300 Reflected XSS

2013-04-29 Thread Carl Benedict
Summary Software : Cisco/Linksys Router OS Hardware : E1200 N300 (others currently untested) Version : 2.0.04 (others currently untested) Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict (theinfinitenigma) Product

[ MDVSA-2013:154 ] util-linux

2013-04-29 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:154 http://www.mandriva.com/en/support/security/

[ MDVSA-2013:155 ] fuse

2013-04-29 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:155 http://www.mandriva.com/en/support/security/

Re: Nginx ngx_http_close_connection function integer overflow

2013-04-29 Thread Maxim Konovalov
Hello, Recently a report appeared alleging an integer overflow vulnerability in nginx, claiming remote code execution impact. We've carefully investigated the issue, and cannot confirm the alleged vulnerability exists. Taking this opportunity to remind: if you think you've found a security issue