ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-106
March 18, 2011
-- CVE ID:
CVE-2010-4228
-- CVSS:
9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Novell
-- Affected Products:
Novell Netware
-- TippingPo
ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-105
March 18, 2011
-- CVE ID:
CVE-2011-0889
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
H
===
Ubuntu Security Notice USN-1089-1March 18, 2011
linux, linux-ec2 vulnerabilities
CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4162,
CVE-2010-4163, CVE-2010-4175, CVE-2010-4242
==
Lol, I didn't know about the commercial product 'decaptcher'.
For shits and giggles, I was going to write a decaptcha myself and release
as open source, never had time though :S
One option would be to apply rate limitations to API calls per IP.
Or, possibly some realy heavily obfuscated
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2186-2 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
March 18, 2011
with services like decaptcher and deathbycaptcha this would not be a
hindrance anyway
2011/3/15 Cal Leeming
> Agreed. These public API methods should have brute force protection at the
> very least. But, because they want instant in-line form validation for email
> address availability, this mak
They've been targeting apache, php, sourceforge, and all popular opensource
ware sites.
On Fri, Mar 18, 2011 at 10:03 PM, Benji wrote:
> Happened 3 months ago;
>
> http://bjori.blogspot.com/2010/12/php-project-and-code-review.html
>
> One could theorize that same user used same password for th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 03.01.2011
- - Pub.: 18.03.2011
CVE: CVE-2011-0421
CERT: VU#325039
Affected Softw
Happened 3 months ago;
http://bjori.blogspot.com/2010/12/php-project-and-code-review.html
One could theorize that same user used same password for the wiki and had
file upload permissions. Worrying that PHP.net didn't do a review everything
that account could access.
On Fri, Mar 18, 2011 at 10:2
The OWASP AppSec USA 2011 Call for Papers (CFP) is now open. Visit the
following URL to submit your abstract for the September 22-23, 2011
talks in Minneapolis, Minnesota:
http://www.appsecusa.org/talks.html
We're excited to announce that speakers will be in good company with
our first keynote, O
On 03/13/2011 07:13 PM, 김동욱 wrote:
>
> I'm looking for information or materials about cyberwar between
> nations for research purpose.
>
Check out /Inside Cyber Warfare/ by Jeffrey Carr, published by O'Reilly.
A little over a year old, it talks most of the higher profile pre-2010
cyberwar events.
Hi all,
Here is the copy of my recent presentation 'Primer on Password
Security' @ IIT Guwahati ISEA Security Conference
http://securityxploded.com/download/ISEA_IIT_Guwahati_2011_Password_Security_Presentation.zip
You can find complete coverage about the event here
http://tinyurl.com/6esq8us
Ch
Hi
Someone report a security incident about php.net
http://www.wooyun.org/bugs/wooyun-2010-01635
The picture show that some php.net site was compromised,and hacker
backdoored php source
:)
___
Full-Disclosure - We believe in it.
Charter: http://lists.
Hi,
I posted a new article:
https://www.infosecisland.com/blogview/12596-The-Lots-of-Sex-Risk-and-Security-Project.html
There's some interesting info in there for pen testers who ply social
engineering or phishing tactics. But if you can come to the Troopers
con (troopers.de) at the end of the
Hi guys,
You can find the software affected at :
http://www.koyotesoft.com/appli/Setup_FreeScreenVideo.exe
Thanks,
Metropolis
/*
# Exploit Title: Free Screen To Video V1.2 DLL Hijacking Exploit (iacenc.dll)
# Date: 15/03/2011
# Author: Metropolis
# Url: http://metropolis.fr.cr
# Software L
Agreed. These public API methods should have brute force protection at the
very least. But, because they want instant in-line form validation for email
address availability, this makes it difficult. In an ideal world, they'd
have a CAPTCHA on the form, and only validate upon submit with valid
capt
This conceptual flaw exists in most web apps which have a "reset password by
email address" feature, as most will display an error if the email address
does not exist in their database.
On Tue, Mar 15, 2011 at 12:19 PM, Reverse Skills
wrote:
> Simple and easy way to get a list of email accounts u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2194-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
March 18, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2193-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
March 16, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2192-1 secur...@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
March 15, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:048
http://www.mandriva.com/security/
_
XOOPS 2.5.0 <= Cross Site Scripting Vulnerability
1. OVERVIEW
The XOOPS 2.5.0 and lower versions were vulnerable to Cross Site Scripting.
2. BACKGROUND
XOOPS is an acronym of eXtensible Object Oriented Portal System. It's
the #1 Content Management System (CMS) project on www.sourceforge.net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:047
http://www.mandriva.com/security/
_
23 matches
Mail list logo