-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1973-1 secur...@debian.org
http://www.debian.org/security/ Aurelien Jarno
January 19, 2010
==
Secunia Research 20/01/2010
- Adobe Shockwave Player Integer Overflow Vulnerability -
==
Table of Contents
Affected
==
Secunia Research 20/01/2010
- Adobe Shockwave Player Four Integer Overflow Vulnerabilities -
==
Table of Contents
Affected
==
Secunia Research 20/01/2010
- Adobe Shockwave Player 3D Model Buffer Overflow -
==
Table of Contents
Affected
==
Secunia Research 20/01/2010
- Adobe Shockwave Player 3D Model Two Integer Overflows -
==
Table of Contents
Affected
Two NULL pointer crashes, they do not affect MSIE 8.0. Repros can be found
here:
http://skypher.com/index.php/2010/01/20/microsoft-internet-explorer-6-07-0-null-pointer-crashes/
Cheers,
SkyLined
http://skypher.com/index.php/2010/01/20/microsoft-internet-explorer-6-07-0-null-pointer-crashes/
On my IE6 this doesn't work (crash), but it does on IE7. I'm on WinXP Pro
SP3 DEP+.
On Wed, Jan 20, 2010 at 11:57 AM, Berend-Jan Wever berendjanwe...@gmail.com
wrote:
Two NULL pointer crashes, they do not affect MSIE 8.0. Repros can be found
here:
Hi to all,
Using some google dorks it's possible retrieve some host that spreading
malware using CVE-2010-0249.
I found some but the number is predicted to grow. If you are interested. If
you are interested check the following:
Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE
forever. It doesn't suit their image.
On Wed, Jan 20, 2010 at 6:30 AM, Christian Sciberras uuf6...@gmail.comwrote:
On my IE6 this doesn't work (crash), but it does on IE7. I'm on WinXP Pro
SP3 DEP+.
On Wed, Jan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor
CORBA GIOP Overflow Vulnerability
Advisory ID: cisco-sa-20100120-ipm
Revision 1.0
For Public Release 2010 January 20 1600 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service
Vulnerability
Advisory ID: cisco-sa-20100120-xr-ssh
Revision 1.0
For Public Release 2010 January 20 1600 UTC (GMT
Sharepoint
On Wed, Jan 20, 2010 at 9:38 AM, James Matthews nytrok...@gmail.com wrote:
Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE
forever. It doesn't suit their image.
On Wed, Jan 20, 2010 at 6:30 AM, Christian Sciberras uuf6...@gmail.comwrote:
On my IE6
Lol.
Everyone keeps forgetting the social engineering aspects of utilizing
exploits. Especially if someone is using AntiVirus 2011 and has a google
wave account.
On Tue, Jan 19, 2010 at 8:10 PM, valdis.kletni...@vt.edu wrote:
On Tue, 19 Jan 2010 19:01:36 CST, Rohit Patnaik said:
Yeah, no
That's what I said about human error, scanning is no solution unless a clear
UI is used which makes social engineering practically impossible.
On Wed, Jan 20, 2010 at 5:29 PM, omg wtf hexma...@gmail.com wrote:
Lol.
Everyone keeps forgetting the social engineering aspects of utilizing
==
Secunia Research 20/01/2010
- HP Power Manager formExportDataLogs Buffer Overflow -
==
Table of Contents
Affected
==
Secunia Research 20/01/2009
- HP Power Manager formExportDataLogs Directory Traversal -
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1974-1 secur...@debian.org
http://www.debian.org/security/ Steffen Joeris
January 20, 2010
On Wed, 20 Jan 2010 10:38:34 EST, James Matthews said:
Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE
forever. It doesn't suit their image.
Unfortunately, the PR doesn't work that way. Do you really want to be buying
an entire operating system from somebody who
Do you really want to be buying
an entire operating system from somebody who just admitted they can't even
produce a workable browser with all their resources?
Valdis makes the novice assumption that people consider valuations of
this sort when buying the newest iteration of Microsoft products.
On Wed, Jan 20, 2010 at 7:00 PM, valdis.kletni...@vt.edu wrote:
On Wed, 20 Jan 2010 10:38:34 EST, James Matthews said:
Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE
forever. It doesn't suit their image.
Unfortunately, the PR doesn't work that way. Do you
Yeah. Right. Right.
In your dreams, my friend.
Speaking of Firefox and open source software, firefox crashes once in an
hour (and even more with flash in it). I'm developing an app for linux, the
PC at work can't run a single version of linux (I tried the major 4 distros
namely, ubuntu,
===
Ubuntu Security Notice USN-888-1 January 20, 2010
bind9 vulnerabilities
CVE-2009-4022, CVE-2010-0097, CVE-2010-0290
===
A security issue affects the following Ubuntu
===
Ubuntu Security Notice USN-889-1 January 20, 2010
gzip vulnerabilities
CVE-2009-2624, CVE-2010-0001
===
A security issue affects the following Ubuntu releases:
Ubuntu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:019
http://www.mandriva.com/security/
I'm developing an app for linux, the PC at work can't run a single
version of linux
Post a copy of lspci -v and I bet somebody proves you wrong.
Cheers,
Michael Holstein
Cleveland State University
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:020
http://www.mandriva.com/security/
__
Security Advisory NSOADV-2010-001 (Version 2)
__
__
Title: Panda Security Local Privilege Escalation
Severity: Medium
===
Ubuntu Security Notice USN-890-1 January 20, 2010
expat vulnerabilities
CVE-2009-2625, CVE-2009-3560, CVE-2009-3720
===
A security issue affects the following Ubuntu
On Wed, Jan 20, 2010 at 10:25 AM, Dan Kaminsky d...@doxpara.com wrote:
On Wed, Jan 20, 2010 at 7:00 PM, valdis.kletni...@vt.edu wrote:
On Wed, 20 Jan 2010 10:38:34 EST, James Matthews said:
Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE
forever. It doesn't suit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:021
http://www.mandriva.com/security/
Reading
Reports of DEP being bypassed
http://blogs.technet.com/srd/archive/2010/01/20/reports-of-dep-being-bypassed.aspx
I see:
... less than 1% (1/256 + 1/255 + 1/254) of ...
Funny arithmetic! No wonder MS cannot do security.
Cheers,
Paul Szabo p...@maths.usyd.edu.au
Sorry, --as per the title, you got it all wrong:
http://www.youtube.com/results?search_query=ylmf
;)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Evans wrote:
On Wed, Jan 20, 2010 at 10:25 AM, Dan Kaminsky d...@doxpara.com wrote:
On Wed, Jan 20, 2010 at 7:00 PM, valdis.kletni...@vt.edu wrote:
On Wed, 20 Jan 2010 10:38:34 EST, James Matthews said:
Why doesn't microsoft throw some of
Microsoft response: Shrug, oh wait a minute does this vulnerability effect
our bottom line?
OSS community response: We're on it, a fix will be available asap.
Testing takes time. That's why both Microsoft and Mozilla test. A
fix being *available* and a fix being *deployable* are not at all
Fuck yeah.
Mozilla would be able to hire a few more developers, excellent! I've always
felt that they're held back by an overly small development team - while this
results in a clean, stable, fast browser, it means they can't support enough
other stuff :(
Oh... wait...
2010/1/21 James Matthews
ZDI-10-003: Novell ZENworks Asset Management docfiledownload Remote SQL
Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-003
January 12, 2010
-- Affected Vendors:
Novell
-- Affected Products:
Novell Zenworks
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint
Well, that's exactly what I'm saying. Pretending that this is some kind new
exploit class simply because Google Wave is used is stupid. This is the
logical extension of e-mail and instant message and social network attacks
to the next potential platform.
-- Rohit Patnaik
On Tue, Jan 19, 2010
It appears Mozilla has the resources to hire additional staff as
required [1]. Perhaps Mozilla needs a few Wall Street/Harvard School
of Business MBAs in their accounting department.
On more developers (perhaps things have changed a bit):
Another interesting item in the report is the fact
Date: Wed, 20 Jan 2010 19:25:11 +0100
From: Dan Kaminsky d...@doxpara.com
Subject: Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes
To: valdis.kletni...@vt.edu
Cc: Full-disclosure full-disclosure@lists.grok.org.uk
Message-ID:
Testing takes time. That's why both Microsoft and Mozilla test.
Testing almost never legitimately takes months or years, unless the
process is severely broken; contrary to the popular claims,
personally, I have serious doubts that QA is a major bottleneck when
it comes to security response -
On Wed, Jan 20, 2010 at 10:25 AM, Dan Kaminsky d...@doxpara.com wrote:
Seriously. I mean, just look at Linux, Firefox, and OpenOffice.
Pristine code, not a single security vulnerability between them :)
That's a red herring. His point was the public perception of the
software company-- true or
TheGreenBow VPN Client Local Stack Overflow - Security Advisory - SOS-10-001
Release Date. 21-Jan-2010
Last Update. 21-Jan-2010
Vendor Notification Date. 11-Dec-2009
Product. TheGreenBow VPN Client
Platform.
42 matches
Mail list logo