[Full-disclosure] ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-329 November 16, 2011 - -- CVE ID: CVE-2011-4052 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected

[Full-disclosure] ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-330 November 16, 2011 - -- CVE ID: CVE-2011-4051 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --

[Full-disclosure] [THOTCON 0x3] Call for Papers Ticket Sales

***BEGIN THOTCON TRANSMISSION*** What: THOTCON 0x3 When: 04.27.12 Where: TOP_SECRET Call For Papers Opens: NOW! Call for Papers (CFP) Closes: 01.01.12 More Info: http://www.thotcon.org *** ABOUT ** THOTCON (pronounced

[Full-disclosure] [SECURITY] [DSA 2346-2] proftpd-dfsg regression fix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2346-2 secur...@debian.org http://www.debian.org/security/Florian Weimer November 16, 2011

[Full-disclosure] [SECURITY] [DSA 2347-1] bind9 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2347-1 secur...@debian.org http://www.debian.org/security/Florian Weimer November 16, 2011

[Full-disclosure] CA20111116-01: Security Notice for CA Directory

-BEGIN PGP SIGNED MESSAGE- CA2016-01: Security Notice for CA Directory Issued: November 16, 2011 CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition.

[Full-disclosure] [ MDVSA-2011:176 ] bind

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:176 http://www.mandriva.com/security/

[Full-disclosure] bind dos info?

Hello list, I am wondering if anyone has more details on the bind9 DoS that just came out? (CVE-2011-4313) from what I can tell it appears a negative cached DNS object with a valid RR response associated with it(which shouldn't exist) will cause a vulnerabile bind9 server to crash. See lines 1890

Re: [Full-disclosure] bind dos info?

http://www.isc.org/software/bind/advisories/cve-2011-4313 On Nov 16, 2011 8:53 PM, Larry W. Cashdollar b...@fbi.dhs.org wrote: Hello list, I am wondering if anyone has more details on the bind9 DoS that just came out? (CVE-2011-4313) from what I can tell it appears a negative cached DNS

Re: [Full-disclosure] bind dos info?

Nope...I haven't seen anything yet either. Maybe someone else can enlighten us? ;) On Nov 16, 2011 9:05 PM, Larry W. Cashdollar b...@fbi.dhs.org wrote: Thanks Michael! I guess 'ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached' is

Re: [Full-disclosure] bind dos info?

Thanks Michael! I guess 'ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached' is the part I'm interested in reading about and there are no details yet.. http://www.isc.org/software/bind/advisories/cve-2011-4313 On Nov 16, 2011 8:53

Re: [Full-disclosure] bind dos info?

On Thu, 17 Nov 2011 11:51:09 EST, Larry W. Cashdollar said: Hello list, I am wondering if anyone has more details on the bind9 DoS that just came out? (CVE-2011-4313) from what I can tell it appears a negative cached DNS object with a valid RR response associated with it(which shouldn't exist)