Re: Default key algorithm in Thomson and BT Home Hub routers

btw, the example SSIDs in our bugtraq post should read: SpeedTouchF8A3D0 and BTHomeHub-20E3

AST-2008-006 - 3-way handshake in IAX2 incomplete

Asterisk Project Security Advisory - AST-2008-006 ++ | Product | Asterisk |

LayerOne 2008 - Final Pre-Con Update

We're less than a month out from the event and we're starting to make final preparations for the con. Speakers and Scheduling: We are currently beginning to schedule the talks for this years event. The speaker line-up is full and we have some pretty amazing talks lined up. Check out our speaker

Horde Webmail XSS [Aria-Security]

Aria-Security Team (Persian Security Network) http://Aria-Security.com http://Aria-Security.net -- Greetz: AurA, imm02tal, Mormoroth ,NULL, Kinglet http://www.horde.org/

NetClassifieds Sql Injection

Aria-Security Team (Persian Security Team) http://Aria-Security.Net (Persian) http://Aria-Security.com (ENG) Greetz: Aura, imm02tal, Null, Kinglet, Mormoroth http://www.scriptdevelopers.net/ (tested on NetClassifieds) Original Post @

Zune software - arbitrary file overwrite

Vulnerability class : Arbitrary file overwrite Discovery date : 21 April 2008 Remote : Yes Credits : J. Bachmann B. Mariani from ilion Research Labs Vulnerable : Zune software: EncProfile2 Class An arbitrary file overwrite as been discovered in an ActiveX control installed with the Zune

[ GLSA 200804-25 ] VLC: User-assisted execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[SECURITY] [DSA 1555-1] New iceweasel packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1555-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff April 23, 2008

[ GLSA 200804-26 ] Openfire: Denial of Service

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Re: NetClassifieds Sql Injection

Please can you do a simple SEARCH before you start an 'audit' on a software ? http://search.securityfocus.com/swsearch?query=netclassifiedssbm=%2Fsubmit=Search%21metaname=alldocsort=swishrank http://milw0rm.com/exploits/4092 http://www.securityfocus.com/archive/1/471944 Thanks for

PR07-43: Cross-domain redirect on RSA Authentication Agent

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PR07-43: Cross-domain redirect on RSA Authentication Agent Vulnerability found: 5th December 2007 Vendor informed: 13th December 2007 Severity: Medium-low Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for Internet Information

PR07-44: XSS on RSA Authentication Agent login page

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PR07-44: XSS on RSA Authentication Agent login page Vulnerability found: 5th December 2007 Vendor informed: 13th December 2007 Severity: Medium-high Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for Internet Information

[W01-0408] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation

[ Wintercore Advisory ] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation :: Non-Technical Description Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. Successful exploitation grants SYSTEM

xine-lib NES Sound Format Demuxer Buffer Overflow

Hi there Original advisory: http://milw0rm.com/exploits/5458 There's another stack-based buffer overflow in demux_nfs.c line 111: this-copyright = strdup(header[0x4E]); line 189: char copyright[100]; line 208: sprintf(copyright, (C) %s, this-copyright); Regards Laurent Gaffié