[Full-disclosure] DeepSec 2010 - Call for Papers and Experts

== Call for Papers and Experts === DeepSec In-Depth Security Conference 2010 - Quad Core, the fourth DeepSec Another year has passed and another Call for Papers is out. The next DeepSec conference will be in Vienna from November 23rd to 26th 2010 and we invite you to send your submission for

Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds

Whether said checkbox is actually the best solution *for the actual problem* is the issue. I've seen cases where checkbox auditors insisted that a certain critical system absolutely positively *HAD* to have a firewall. This is where compensating controls come in with PCI. If there is an

[Full-disclosure] Foxit 3.2.0.303 and Before Command Execution PoC

As seen on Slashdot and other sites. %PDF-1.3 1 0 obj/Type/Catalog/Outlines 2 0 R/Pages 3 0 R/OpenAction 5 0 Rendobj 2 0 obj/Type/Outlines/Count 0endobj 3 0 obj/Type/Pages/Kids[4 0 R]/Count 1endobj 4 0 obj/Type/Page/Parent 3 0 R/MediaBox[0 0 612 792]endobj 5 0

Re: [Full-disclosure] why not a sandbox

Am 05.09.09 04:28, schrieb Fatherlaptop: ok. that's cool. not sure about enterprise compatibility or my English but will check it out. my other option is front end. Lately, we have ha lots of drive by infections. I have though trained users and get calls on the fake alert box. It's a

[Full-disclosure] [HITB-Announce] FINAL CALL - CFP for HITBSecConf2010 Amsterdam

This is the FINAL CALL to submit your talk / presentation proposals for the inaugural HITB Security Conference in Europe! Submissions are due by 19TH APRIL 2010. HITBSecConf2010 - Amsterdam takes place at the Grand Krasnapolsky from the 29th of June till the 2nd of July (Tuesday - Friday) with

[Full-disclosure] [USN-925-1] MoinMoin vulnerabilities

=== Ubuntu Security Notice USN-925-1 April 08, 2010 moin vulnerabilities CVE-2010-0828, CVE-2010-1238 === A security issue affects the following Ubuntu releases: Ubuntu

Re: [Full-disclosure] Vulnerabilities in TAK cms

If there were an account lockout after 5 tries would you be telling us about how there was a DOS vector on the same software? -Travis On Mon, Apr 5, 2010 at 4:35 PM, MustLive mustl...@websecurity.com.ua wrote: Hello Full-Disclosure! I want to warn you about security vulnerabilities in TAK

[Full-disclosure] Vulnerabilities in CMS SiteLogic

Hello Full-Disclosure! I want to warn you about security vulnerabilities in CMS SiteLogic. It's Ukrainian commercial CMS. - Advisory: Vulnerabilities in CMS SiteLogic - URL: http://websecurity.com.ua/3935/ -

[Full-disclosure] www.Demolay.org - full disclosure sql injection vulnerability

Vulnerable URL /d_wnl_ads/?did=14dc=1gid=28 Users: demolaymain demolaystore phpmyadmin root Tables from DEMOLAY database ADVISOR_TYPE..WORK_GROUP_PERMISSION (75 tables) This ought to be fixed, SWIM tells me there's tons of personal stuff in these tables.

[Full-disclosure] Chain based SQL injection

Hello Bugtraq! Hello Full-Disclosure! The study of security web applications stumbled on the possibility of an attack such as the introduction of SQL injection unusual way. All user data, which fall into the base with a query like INSERT filtered using the mysql_real_escape_string(). However,

Re: [Full-disclosure] Vulnerabilities in TAK cms

nah, he'd be telling us how that was an easy way to find valid accounts. -Benji On Thu, Apr 8, 2010 at 6:30 PM, T Biehn tbi...@gmail.com wrote: If there were an account lockout after 5 tries would you be telling us about how there was a DOS vector on the same software? -Travis On Mon, Apr

[Full-disclosure] [USN-926-1] ClamAV vulnerabilities

=== Ubuntu Security Notice USN-926-1 April 08, 2010 clamav vulnerabilities CVE-2010-0098 === A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04

[Full-disclosure] [USN-624-2] Erlang vulnerability

=== Ubuntu Security Notice USN-624-2 April 09, 2010 erlang vulnerability CVE-2008-2371 === A security issue affects the following Ubuntu releases: Ubuntu 9.10 This