date:20120829

ToorCon 14 Call For Papers

2012-08-29 Thread h1kari

TOORCON 14 CALL FOR PAPERS It's that time of year again! ToorCon 14 is coming so get your code finished and submit a talk this time around. We're letting you decide if you want to be a part of our 50-minute talks on Saturday, 20-minute talks on Sunday, and 75-minute talks for our Deep

[ MDVSA-2012:145 ] firefox

2012-08-29 Thread security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:145 http://www.mandriva.com/security/

t2′12: Challenge to be released 2012-09-01 10:00 EEST

2012-08-29 Thread Tomi Tuominen

It is that time of the year again - we’re pleased to announce the release of the t2’12 Challenge! This year’s challenge starts from the homepage of a young woman who is rumored to be the girlfriend of an infamous carder. To solve the challenge, the participants need to step into investigator's

Cross-Site Scripting (XSS) in Phorum

2012-08-29 Thread advisory

Advisory ID: HTB23109 Product: Phorum Vendor: Phorum Team Vulnerable Version(s): 5.2.18 and probably prior Tested Version: 5.2.18 Vendor Notification: August 8, 2012 Public Disclosure: August 29, 2012 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2012-4234 CVSSv2 Base

[ MDVSA-2012:146 ] firefox

2012-08-29 Thread security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:146 http://www.mandriva.com/security/

ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-168 August 29, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --

ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-167 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:

ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-171 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --

ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-169 August 29, 2012 - -- CVE ID: CVE 2012-2516 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --

ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-170 August 29, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -

ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-172 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -

ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-173 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected

ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-176 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:

ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-175 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:

ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-177 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:

ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-178 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:

ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-179 August 29, 2012 - -- CVE ID: CVE-2012-2289 - -- CVSS: 7.5,

ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-181 August 29, 2012 - -- CVE ID: CVE-2011-4186 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --

ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-180 August 29, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:

ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-182 August 29, 2012 - -- CVE ID: CVE-2012-2289 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --

[ MDVSA-2012:147 ] mozilla-thunderbird

2012-08-29 Thread security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:147 http://www.mandriva.com/security/

Sistem Biwes Multiple Vulnerability

2012-08-29 Thread admin

=== Sistem Biwes Multiple Vulnerability === Author: eidelweiss (@randyarios) Product / software: SISTEM BIWES Vendor Site: http://sistembiwes.com/

Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing

2012-08-29 Thread Seeker Research Center

.Net Cross Site Scripting - Request Validation Bypassing == Seeker Research Center By Zamir Paltiel, August 2012 Overview A vulnerability in the .Net Request Validation mechanism allows bypassing the filter and execution of malicious scripts in

ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability

2012-08-29 Thread ZDI Disclosures

ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-174 August 29, 2012 -- CVE ID: -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard

squidGuard 1.4 - Remote Denial of Service - POC

2012-08-29 Thread Stefan Bauer

We're using squidGuard 1.4 and discovered a possible denial of service. When a user is accessing a very long URL, a internal buffer is too small and squidguard is entering emergency mode. In this mode, no blocking is done anymore. The URL for reference:

Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack

2012-08-29 Thread Jeffrey Walton

Hi, found as part of our SE-2012-01 Java SE security research project [3]. Well, it seems Oracle did not feel the issues Security Explorations shared were a priority. Blogging about these things has not produced optimal results either. Have you reported the issues to US Cert? Will you be

Re: [SE-2012-01] information regarding recently discovered Java 7 attack

2012-08-29 Thread Security Explorations

On 2012-08-29 18:10, Jeffrey Walton wrote: Have you reported the issues to US Cert? No. Per our Disclosure Policy, we stick to reporting issues to original vendors only. Will you be disclosing details on Bugtraq/Full Disclosure? Yes. As indicated, we are planning to release a technical

[SECURITY] [DSA 2535-1] rtfm security update

2012-08-29 Thread Florian Weimer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2535-1 secur...@debian.org http://www.debian.org/security/Florian Weimer August 29, 2012

ToorCon 14 Call For Papers

[ MDVSA-2012:145 ] firefox

t2′12: Challenge to be released 2012-09-01 10:00 EEST

Cross-Site Scripting (XSS) in Phorum

[ MDVSA-2012:146 ] firefox

ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability

ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability

ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability

ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability

ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability

ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability

ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability

ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability

ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability

ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability

ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability

ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability

ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability

ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability

ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability

[ MDVSA-2012:147 ] mozilla-thunderbird

Sistem Biwes Multiple Vulnerability

Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing

ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability

squidGuard 1.4 - Remote Denial of Service - POC

Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack

Re: [SE-2012-01] information regarding recently discovered Java 7 attack

[SECURITY] [DSA 2535-1] rtfm security update

28 matches

Site Navigation

Mail list logo

Footer information