Re: [Full-disclosure] sourceforge entry point seems still active.

Sourceforge has reported a full report of attack. Seems very close to what I wrote in previous messages and reported in my blog posts related to this thread. Sourceforge Attack: Full Report http://sourceforge.net/blog/sourceforge-attack-full-report/ On Tue, Jan 25, 2011 at 9:18 PM, exploit dev

Re: [Full-disclosure] sourceforge entry point seems still active.

So it actually happened! Not surprising at all. I suspected at first sight about a phish attempt because the email in another domain they sent for contact in case of problems with password reset (didn't bothered about headers anyway). Seems mine was not compromised according to what they say Our

[Full-disclosure] RCE and CSRF vulnerabilities in CMS WebManager-Pro

Hello list! I want to warn you about Remote Code Execution and Cross-Site Request Forgery vulnerabilities in CMS WebManager-Pro. This CMS is widely using at different web sites, including security and government sites. - Affected products: -

[Full-disclosure] [SECURITY] [DSA 2155-1] freetype security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2155-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff January 30, 2011

Re: [Full-disclosure] www.google.com xss vulnerability Using mhtml

Also https://isc.sans.edu/diary.html?storyid=10318 Juha-Matti Michal Zalewski [lcam...@coredump.cx] kirjoitti: FYI, here's a provisional advisory from Microsoft acknowledging this issue: http://www.microsoft.com/technet/security/advisory/2501696.mspx /mz

[Full-disclosure] [HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb

Happy 2011 everyone! Just a reminder that the Call for Papers for the second annual HITBSecConf in Europe is closing on the 18TH OF FEBRUARY! We've received some awesome submissions so far and the event is really shaping up nicely. The event will once again take place at the NH Grand Krasnapolsky