-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
VMware Security Advisory
Advisory ID: VMSA-2010-0007
Synopsis: VMware hosted products, vCenter Server and ESX
patches
Java Deployment Toolkit Performs Insufficient Validation of Parameters
-
Java Web Start (henceforth, jws) provides java developers with a way to let
users launch and install their applications using a URL to a Java Networking
jws seems to be one of those gifts that keeps on giving. I don't have
actual numbers, but it seems to me I see it mentioned regularly in their
vulnerability reports.
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On
==
Secunia Research 08/04/2010
- Pulse CMS Arbitrary File Upload Vulnerability -
==
Table of Contents
Affected
==
Secunia Research 08/04/2010
- Pulse CMS Cross-Site Request Forgery -
==
Table of Contents
Affected
[Full-Disclosure] Mailing List Charter
John Cartwright jo...@grok.org.uk
- Introduction Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with
Hello Full-Disclosure!
I want to warn you about security vulnerabilities in system phpCOIN.
-
Advisory: Vulnerabilities in phpCOIN
-
URL: http://websecurity.com.ua/4090/
-
Affected products: phpCOIN 1.6.5 and
2010/4/9 MustLive mustl...@websecurity.com.ua:
Hello Full-Disclosure!
Quoting the list charter: Gratuitous advertisement, product
placement, or self-promotion is forbidden.
And where's the point in reporting several projects that use a -say-
library which has a reported problem? (I mean,
On Fri, 09 Apr 2010 15:49:58 +0200, Jan G.B. said:
And where's the point in reporting several projects that use a -say-
library which has a reported problem? (I mean, you've send quite the
same mail with a different software to bugtraq, today.)
A few years ago, a rather nasty vulnerability
2010/4/9 valdis.kletni...@vt.edu:
On Fri, 09 Apr 2010 15:49:58 +0200, Jan G.B. said:
And where's the point in reporting several projects that use a -say-
library which has a reported problem? (I mean, you've send quite the
same mail with a different software to bugtraq, today.)
A few years
Local File Inclusion (LFI) in Multi Profit Websites
Multi Profit Websites is a commercial script that is running on multiple
domains and they claims that this script earns money for the owner.
Vulnerability
Local File Inclusion Via URL which can be reproduced by
I think Universities should rethink their Software Development courses...
Valdis has got a very strong point. Here's my own. I got Safari to test
websites I develop.
Apple seems to think that during a recommended/critical Safari update, I
should be installing iTunes.
Oh, and surprise, with iTunes
Amen to that. Everything seems to be delivered for installation and even
increasingly with *each* update, carrying various hitch hiker applications...
toolbars, trial software, etc.
Sun Java updates installing toolbars, Adobe doing toolbars, even FoxIT
installed some toolbars (even after I
ZDI-10-068: Apple QuickTime H.263 Array Index Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-068
April 9, 2010
-- CVE ID:
CVE-2010-0062
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
Hi,
Please find the advisory in attachment.
Regards,
Sébastien Duquette
Corelan TeamAdvisory CORELAN-10-022
Reference : CVE-2010-1316
Disclosure date : April 8th, 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-022
00 : Vulnerability information
Product : Tembria
===
Ubuntu Security Notice USN-927-1 April 09, 2010
nss vulnerability
CVE-2009-3555
===
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
This advisory
iDefense Security Advisory 04.09.10
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 09, 2010
I. BACKGROUND
VMware Inc. markets several virtualization products such as ACE, Player,
Server, and Workstation. These products include a video coder-decoder
(codec) called 'vmnc.dll', or
===
Ubuntu Security Notice USN-920-1 April 09, 2010
firefox-3.0, xulrunner-1.9 vulnerabilities
CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177,
CVE-2010-0178, CVE-2010-0179
On Wed, Apr 07, 2010 at 03:52:00PM -0600, Digital X spake thusly:
Having just gone through a PCI audit I can safely say a few things:
Not the fault of PCI. Perhaps you should consider a better auditor.
--
Tracy Reed
http://tracyreed.org
pgp0MpTXa0ifv.pgp
Description: PGP signature
: Firmware version x5.1.1 released [2].
CVE Candidate: CVE-2009-4510
Reference: http://www.vsecurity.com/resources/advisory/20100409-2/
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description
- ---
- From [1]:
The Video Communication
Status: Firmware update released [2]
CVE Candidate: CVE-2009-4511
Reference: http://www.vsecurity.com/resources/advisory/20100409-3/
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description
- ---
- From [1]:
The Video Communication
Vendor Status: Update released (without security advisory) on October 9, 2009
CVE Candidate: CVE-2009-4509
Reference: http://www.vsecurity.com/resources/advisory/20100409-1/
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description
22 matches
Mail list logo