[IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage

2008-08-28 Thread iViZ Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- [ iViZ Security Advisory 08-00825/08/2008 ] - --- iViZ Techno Solutions Pvt. Ltd.

[IVIZ-08-007] DriveCrypt Security Model bypass exploiting wrong BIOS API usage

2008-08-28 Thread iViZ Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- [ iViZ Security Advisory 08-00725/08/2008 ] - --- iViZ Techno Solutions Pvt. Ltd.

[IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage

2008-08-28 Thread iViZ Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- [ iViZ Security Advisory 08-00325/08/2008 ] - --- iViZ Techno Solutions Pvt. Ltd.

[USN-638-1] Yelp vulnerability

2008-08-28 Thread Kees Cook
=== Ubuntu Security Notice USN-638-1August 27, 2008 yelp vulnerability CVE-2008-3533 === A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04

[IVIZ-08-004] Intel BIOS Plain Text Password Disclosure

2008-08-28 Thread iViZ Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- [ iViZ Security Advisory 08-00425/08/2008 ] - --- iViZ Techno Solutions Pvt. Ltd.

XSS and Data Manipulation attacks found in CMS PHPCart.

2008-08-28 Thread vaibhav aher
Dear Sir, I have found that the CMS PHPCart is vulnerable to XSS attack and Data Manuplation I have attached the poc with the mail.. this exploit is found by me 'h4x0r' I hope u will publish it soon. Thanks, h4x0r -- -- Vaibhav Aher ISO27001,C|EH Security Consultant +91 09225325661

[IVIZ-08-002] Hewlett-Packard BIOS Plain Text Password Disclosure

2008-08-28 Thread iViZ Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- [ iViZ Security Advisory 08-00225/08/2008 ] - --- iViZ Techno Solutions Pvt. Ltd.

[IVIZ-08-005] IBM Lenovo BIOS Plain Text Password Disclosure

2008-08-28 Thread iViZ Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- [ iViZ Security Advisory 08-00525/08/2008 ] - --- iViZ Techno Solutions Pvt. Ltd.

[security bulletin] HPSBUX02365 SSRT080118 rev.1 - HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)

2008-08-28 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01539432 Version: 1 HPSBUX02365 SSRT080118 rev.1 - HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS) NOTICE: The information in this Security Bulletin should

reviving the botnets@ mailing list: a new statregy in fighting cyber crime

2008-08-28 Thread Gadi Evron
The public botnets@ mailing list, where malicious activity on the Internet can be openly shared, has been revived, and boy is it active. Warning: live samples and malicious URLs are openly shared there. Mailing list URL: http://www.whitestar.linuxbox.org/mailman/listinfo/botnets Reasons,

ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

2008-08-28 Thread zdi-disclosures
ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-054 August 28, 2008 -- CVE ID: CVE-2008-2927 -- Affected Vendors: Adium Pidgin -- Affected Products: Adium Adiumx Pidgin Pidgin -- Vulnerability