[Full-disclosure] CVE-2013-2210

2013-06-27 Thread Cantor, Scott
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2013-2210: Apache Santuario XML Security for C++ contains a heap overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to

[Full-disclosure] [SECURITY] [DSA 2715-1] puppet security update

2013-06-27 Thread Raphael Geissert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2715-1 secur...@debian.org http://www.debian.org/security/ Raphael Geissert June 26, 2013

Re: [Full-disclosure] How to lock up a VirtualBox host machine with a guest using tracepath over virtio-net network interface

2013-06-27 Thread Źmicier Januszkiewicz
Well, I cannot reproduce the issue on 4.2.14, but there is nothing in change logs for that version that can be related to virtio-net. They might have done a silent fix for 4.1.x branch as well. Cheers, Z. 2013/6/27 Nick Boyce nick.bo...@gmail.com On 6/21/13, Thomas Dreibholz dre...@simula.no

[Full-disclosure] [ MDVSA-2013:180 ] curl

2013-06-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:180 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2013:181 ] mesa

2013-06-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:181 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2013:182 ] mesa

2013-06-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:182 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2013:183 ] java-1.7.0-openjdk

2013-06-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:183 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2013:184 ] perl-Dancer

2013-06-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:184 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2013:185 ] perl-Module-Signature

2013-06-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:185 http://www.mandriva.com/en/support/security/

[Full-disclosure] Denial of Service in WordPress

2013-06-27 Thread MustLive
Hello list! These are Denial of Service vulnerabilities WordPress. Which I've disclosed two days ago (http://websecurity.com.ua/6600/). About XSS vulnerabilities in WordPress, which exist in two redirectors, I wrote last year (http://seclists.org/fulldisclosure/2012/Mar/343). About

[Full-disclosure] Please update your plant. On recent WinCC SCADA fixes

2013-06-27 Thread scadastrangelove
Few days ago Siemens published update for WinCC 7.2 SCADA to fix several vulnerabilities discovered by SCADA StrangeLove team. CVE-2013-3957 – most dangers one. Simple SQL Injection because some configuration and architectural issues an attacker can execute arbitrary code in context of SQL server.

Re: [Full-disclosure] Denial of Service in WordPress

2013-06-27 Thread MustLive
Hello Ryan! Attack exactly overload web sites presented in endless loop of redirects. As I showed in all cases of Looped DoS vulnerabilities in web sites and web applications, which I wrote about during 2008 (when I created this type of attacks) - 2013. Particularly concerning web

Re: [Full-disclosure] Denial of Service in WordPress

2013-06-27 Thread Julius Kivimäki
So basically this results in client sending HTTP GET requests very slowly. How will that lead to DoS? (We aren't in 1980 anymore) 2013/6/27 MustLive mustl...@websecurity.com.ua ** *Hello Ryan!* Attack exactly overload web sites presented in endless loop of redirects. As I showed in all

[Full-disclosure] Sony Playstation Network Account Service System - Password Reset (Session) Vulnerability

2013-06-27 Thread Vulnerability Lab
Title: == Sony Playstation Network Account Service System - Password Reset (Session) Vulnerability Date: = 2013-05-12 References: === http://www.vulnerability-lab.com/get_content.php?id=740 VL-ID: = 740 Common Vulnerability Scoring System:

[Full-disclosure] eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities

2013-06-27 Thread Vulnerability Lab
Title: == eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities Date: = 2013-06-24 References: === http://www.vulnerability-lab.com/get_content.php?id=982 VL-ID: = 982 Common Vulnerability Scoring System: 6.8 Introduction:

[Full-disclosure] Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability

2013-06-27 Thread Vulnerability Lab
Title: == Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability Date: = 2013-06-27 References: === http://www.vulnerability-lab.com/get_content.php?id=989 VL-ID: = 989 Common Vulnerability Scoring System: 6.8 Introduction:

[Full-disclosure] Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability

2013-06-27 Thread Vulnerability Lab
Title: == Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability Date: = 2013-06-21 References: === http://vulnerability-lab.com/get_content.php?id=777 BARRACUDA NETWORK SECURITY ID: BNSEC-834 VL-ID: = 777 Common Vulnerability Scoring System:

[Full-disclosure] Barracuda CudaTel 2.6.02.04 - Multiple Web Vulnerabilities

2013-06-27 Thread Vulnerability Lab
Title: == Barracuda CudaTel 2.6.02.04 - Multiple Web Vulnerabilities Date: = 2013-06-25 References: === http://vulnerability-lab.com/get_content.php?id=778 BARRACUDA NETWORK SECURITY ID: BNSEC-811 VL-ID: = 778 Common Vulnerability Scoring System:

Re: [Full-disclosure] Denial of Service in WordPress

2013-06-27 Thread Jann Horn
On Thu, Jun 27, 2013 at 11:50:47PM +0300, MustLive wrote: This just affects the client though right? This DoS only going on client side unlike other types of DoS (see my classification), but issue of web application is in allowing Looped DoS state. You see error message very quickly