EUSecWest/London CFP extended to Nov. 7

Hi folks, some brief news: Some people have asked for late submissions to the EUSecWest paper selections. In the interest of fairness, we are extending the deadline for all until next Tuesday (November 7), at which time the submissions will be reviewed. Details of submissions can be found on the

Re: phpMyConferences = 8.0.2 Remote File Inclusion

mfp.c, In 8.0.2, the surrounding code for this bug is: function insert_cached_module($module_desc) { ... global $lvc_modules_dir; ... if (!$gloaded_modules[$module_name]) { include($lvc_modules_dir.'/'.$module_name.'.module.php'); Since this

[ MDKSA-2006:196 ] - Updated php packages to address buffer overflow issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:196 http://www.mandriva.com/security/

[ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:195 http://www.mandriva.com/security/

Re: Firefox 1.5.0.7 Exploit

Hi, [EMAIL PROTECTED] [2006-11-02 16:43 -]: On Kubuntu Linux the exploits does not just kill firefox but freezes the whole system! Probably it will also freeze other distros! This very much sounds like the recent nvidia driver vulnerability [1]. We currently run extensive testing with the

Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution

Dear Jerome Athias, I said NULL pointer is not exploitable _by itself_. Ability to control unhandled exception filter is different vulnerability. NULL pointer in this case is not exploitation vector, it's only used to initiate attack. --Thursday, November 2, 2006, 10:01:19 PM, you wrote to

Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability

Those security issue were debugged on 3Q firmware (Build-date: 2006-09-30). It’s available from our website (http://www.flexwatch.com)

Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00

Is there any more information available for these patches? Unfortunately SAP makes it difficult to find what you are looking for on the service marketplace sometimes, and I am not sure which avenue to look for the patch 66 for Web AS 7.00. Is this a basis patch, abap patch, java, or kernel

[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1205-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp November 2rd, 2006

[ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

SIMPLOG 0.9.3 injection sql multiple xss

[[ SIMPLOG 0.9.3 ]] cms website : http://www.simplog.org/ xss: [*] Administration Panel - user.php *Name *URL *Email *API Key *Flickr Email

[ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:197 http://www.mandriva.com/security/

XSS in script Mobile

Discovered : SwEET-DeViL HaCkEr sUn Product: http://www.ac4p.com tame : AL-garnei ::### /1/ index.php http://www.site.com/path/index.php?Bloks={XSS} http://www.site.com/path/index.php?Newnews={XSS}