Wireshark 1.4.0 Malformed IKE Packet Denial of Service

Wireshark 1.4.0 Malformed IKE Packet Denial of Service -- I. Summary A flaw has been identified in Wireshark 1.4.0 when send a specific malformed IKE packet that will cause a denial of service .

Re: [Full-disclosure] Binary Planting Goes "Any File Type"

Ok, Dan, just for you: Launch Internet Explorer 9 on Windows 7 (probably other IE/Win works too), go to File->Open (or press Ctrl+O), browse to Test.html and open it. No double-clicking and you couldn't launch an executable this way. Better? Cheers, Mitja On Jul 8, 2011, at 9:10 PM, Dan Kamins

[slackware-security] bind (SSA:2011-189-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] bind (SSA:2011-189-01) New bind packages are available for Slackware 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: +--+ patches/packages/bind-9.7.

[SECURITY] [DSA 2276-1] asterisk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2276-1 secur...@debian.org http://www.debian.org/security/ Luciano Bello July 10, 2011

[HITB-Announce] REMINDER: HITB2011 - Malaysia Call for Papers Closes on the 15th

This is a reminder that the Call for Papers for the 9th annual HITBSecConf in Malaysia is closing this Friday, 15th of July. The event takes place from the 10th - 13th of October at the Intercontinental Kuala Lumpur. As always, talks that are more technical or that discuss new and never before se

Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple Vulnerabilities

## www.BugReport.ir ### # # AmnPardaz Security Research Team # # Title: Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple Vulnerabilities # Vendor: www.fcms.ir # Exploit: Available # Vulnerable Version: 1

[slackware-security] mozilla-thunderbird (SSA:2011-189-02)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2011-189-02) New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +

phpMyAdmin 3.x preg_replace RCE POC

I'm flooded with requests for a POC and many doubt that these vulnerabilities are exploitable. And since this vulnerability is rather technically interesting I believe many could learn from it. http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html

[security bulletin] HPSBUX02689 SSRT100494 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02896506 Version: 1 HPSBUX02689 SSRT100494 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as poss

[security bulletin] HPSBMU02690 SSRT100569 rev.1 - HP Business Availability Center (BAC) Running on Solaris and Windows, Remote Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02906075 Version: 1 HPSBMU02690 SSRT100569 rev.1 - HP Business Availability Center (BAC) Running on Solaris and Windows, Remote Denial of Service (DoS) NOTICE: The information in this Security

[SECURITY] [DSA 2275-1] openoffice.org security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2275-1 secur...@debian.org http://www.debian.org/security/Nico Golde July 7, 2011

ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability

ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-233 July 7, 2011 -- CVE ID: CVE-2011-0549 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Symantec -- Affected Products: Symantec Web Gateway -- TippingP

[SECURITY] [DSA 2277-1] xml-security-c security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2277-1 secur...@debian.org http://www.debian.org/security/Nico Golde July 10, 2011

ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability

ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-234 July 11, 2011 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Trend Micro -- Affected Products: Trend Micro Control Man

POC2011 Call for Paper

The 6th international hacking and security conference "POC2011" by hackers will be held in Seoul, Korea on November 3 ~ 4. 'POC' means “Power of Community”. POC believes that the power of community can make the world safer. POC doesn’t pursue money. So POC is free to show real hacking and secur

Re: [Full-disclosure] Binary Planting Goes "Any File Type"

It's a nice attempt, but no. The social engineering required to pull that off exceeds what's required to get somebody to download and execute setup.exe, and we don't call that RCE either. Hundreds of false bugs are blinding you to probably a dozen real bugs. Likely more. In security as in finan

[SECURITY] [DSA 2274-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2274-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff July 07, 2011

phpMyAdmin 3.x Multiple Remote Code Executions

### phpMyAdmin 3.x Multiple Remote Code Executions ###[ Advisory from ]### ¨#¨¨¨

bcksrvr format string in Sybase Adaptive Server 15.5

### Luigi Auriemma Application: Sybase Adaptive Server http://www.sybase.com/products/databasemanagement/adaptiveserverenterprise Versions: <= 15.5 Platforms:Solaris, Windows,