[Full-disclosure] DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities

Title: == DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Date: = 2012-04-11 References: === http://www.vulnerability-lab.com/get_content.php?id=507 VL-ID: = 507 Introduction: = To demonstrate the rich possibilities of DHTMLX controls and to show how they

[Full-disclosure] Netjuke 1.0 RC1 - SQL Injection Vulnerabilities

Title: == Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Date: = 2012-04-12 References: === http://www.vulnerability-lab.com/get_content.php?id=506 VL-ID: = 506 Introduction: = The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database

[Full-disclosure] Oracle Service Applications - SQL Injection Vulnerabilities

Title: == Oracle Service Applications - SQL Injection Vulnerabilities Date: = 2012-04-12 References: === http://www.vulnerability-lab.com/get_content.php?id=478 VL-ID: = 478 Introduction: = Oracle Corporation (NASDAQ: ORCL) is an American multinational

[Full-disclosure] CRUNCH TV SHOW - Live Stream Security Videos

Title: == CRUNCH TV SHOW - Live Stream Security Videos Date: = 2012-04-11 References: === Download: http://www.vulnerability-lab.com/resources/videos/508.mov View: http://www.youtube.com/watch?v=G9ECcxvB0dQ VL-ID: = 508 Status: Published

[Full-disclosure] [SECURITY] [DSA 2449-1] sqlalchemy security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2449-1 secur...@debian.org http://www.debian.org/security/Nico Golde April 12, 2012

[Full-disclosure] Crystal Office Suite v1.43 - Buffer Overflow Vulnerability

Title: == Crystal Office Suite v1.43 - Buffer Overflow Vulnerability Date: = 2012-04-12 References: === http://www.vulnerability-lab.com/get_content.php?id=489 VL-ID: = 489 Introduction: = Crystal Office is the essential office suite ideal for home and

[Full-disclosure] [ MDVSA-2012:056 ] rpm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:056 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2012:057 ] freetype2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:057 http://www.mandriva.com/security/

Re: [Full-disclosure] Backtrack 5 R2 priv escalation 0day found in CTF exercise

And now for some truth / enlightenment: http://www.backtrack-linux.org/backtrack/backtrack-0day-privilege-escalation/ http://www.backtrack-linux.org/forums/showthread.php?t=49411 http://www.secmaniac.com/blog/ On Wed, 11 Apr 2012 09:47:39 -0500, Adam Behnke a...@infosecinstitute.com wrote:

[Full-disclosure] Patrick Belcher

This is just a message for Patrick Belcher, CISSP... we're watching you. Seems he's been investigating, collecting and providing information about Occupy and Anonymous (and similar groups) to people in Law Enforcement and trying to keep his name out of it for fear of retaliation. Welcome to

[Full-disclosure] Most Linux distributions don't use tmpfs nor encrypt swap by default

Hello. After posting the flaw with libvte's handling of the scrollback buffer (writing it to disk), there were several people who made the erroneous claim that most distributions of Linux use tmpfs now and encrypt swap and that this shouldn't be an issue. Because these claims attempted to

[Full-disclosure] Last Mile, April 20 || CfP: SECURWARE 2012 || August 19-24, 2012 - Rome, Italy

INVITATION: = Please consider to contribute to and/or forward to the appropriate groups the following opportunity to submit and publish original scientific results to SECURWARE 2012. The submission deadline is set to April 20, 2012. In addition, authors of selected papers will

[Full-disclosure] [SE-2012-01] Security weakness in Apple Quicktime Java extensions

Hello, Security Explorations discovered a security vulnerability in Apple Quicktime [1] software and its Java extensions in particular. When combined with the Issue 15 reported to Oracle on Apr 2 2012 [2], this new issue might be used to successfully bypass all JVM security restrictions on a

[Full-disclosure] [SECURITY] [DSA 2450-1] samba security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2450-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst April 12, 2012

[Full-disclosure] Erronous post concerning Backtrack 5 R2 0day

Yesterday I made a post concerning a 0day advisory in Backtrack 5 R2: http://seclists.org/fulldisclosure/2012/Apr/123 The posting was incorrect, the vulnerability was NOT in Backtrack but in wicd, no Backtrack contributed code is vulnerable. When we tweeted and emailed to mailing lists the

Re: [Full-disclosure] Erronous post concerning Backtrack 5 R2 0day

in soviet russia, lesson teaches you. in west, no lesson learnt by anyone. On Thu, Apr 12, 2012 at 9:51 PM, Adam Behnke a...@infosecinstitute.com wrote: Yesterday I made a post concerning a 0day advisory in Backtrack 5 R2: http://seclists.org/fulldisclosure/2012/Apr/123 The posting was

Re: [Full-disclosure] Backtrack 5 R2 priv escalation 0day found in CTF exercise

They can now install wicd on a Linux machine and then say Linux priv escalation 0day found in CTF exercise. hehehe 2012/4/12 InterN0T Advisories advisor...@intern0t.net And now for some truth / enlightenment: http://www.backtrack-linux.org/backtrack/backtrack-0day-privilege-escalation/

Re: [Full-disclosure] Most Linux distributions don't use tmpfs nor encrypt swap by default

Fedora Core 15: /dev/mapper/vg_youwish-lv_swap swapswap defaults0 0 tmpfs /tmptmpfs defaults0 0 Removed other options it should have, but defaults do not include nosuid,nodev,noexec. On 4/12/12, Mark Krenz

[Full-disclosure] VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 --- VMware Security Advisory Advisory ID: VMSA-2012-0007 Synopsis:VMware hosted products and ESXi/ESX patches address privilege escalation Issue