Re: [Full-disclosure] CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator

Hi, In the last CORE's advisories I've seen the following credits: 7. *Credits* This vulnerability was discovered by the SCS team [3] from Core Security Technologies. Does this SCS team's guy have a name ? Even in a football match 'the team' wins the match, but the GOALS are made by

[Full-disclosure] DirectAdmin 1.33.4 Local file overwrite Local root escalation

Subject: DirectAdmin 1.33.4 Local file overwrite Local root escalation Author: Anonymous ReleaseID: d8253f15e447935c24ab38a215735931942a77717d7b55d84200d070d1e54d3b Date: 22-04-2009 The issue on http://www.directadmin.com/features.php?id=968 is larger than the wording would indicate. It fixes

[Full-disclosure] [ MDVSA-2009:093 ] mpg123

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:093 http://www.mandriva.com/security/

Re: [Full-disclosure] [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities

Bkis s...@bkav.com.vn wrote: Bkis has just found many vulnerabilities in the software, related to the processing of 010 Editor Binary Template files (“.bt”) and 010 Editor Script Files (“.1sc”). These vulnerabilities are very dangerous due to the fact that they allow hackers to execute

[Full-disclosure] SUSE Security Announcement: cups (SUSE-SA:2009:024)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:cups Announcement ID:SUSE-SA:2009:024 Date:

[Full-disclosure] [TZO-12-2009] SUN / Oracle JVM Remote code execution

__ SUN/ORACLE JAVA VM Remote code execution __ Release mode: Coordinated. Ref : TZO-122009- SUN Java remote code execution WWW :

Re: [Full-disclosure] THC releases video and tool to create fakeePassports

Incredibly, last week, after performing a series of security tests on the passport application process and discovering some failures, the US GAO still state they don't know much about the fraudulent methods: http://www.gao.gov/new.items/d09583r.pdf Ironically, all their fancy methods for

[Full-disclosure] [ MDVSA-2009:094 ] mysql

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:094 http://www.mandriva.com/security/

Re: [Full-disclosure] Windows Update (re-)installs outdated Flash ActiveX on Windows XP

Dear Stefan Kanthak, As far as I can see, Internet Explorer actually uses flash10b.ocx. Adobe Flash Player 10.0 r22 --Monday, April 20, 2009, 8:17:24 PM, you wrote to bugt...@securityfocus.com: SK Windows Update (as well as Microsoft Update and the Automatic Update) SK installs an outdated (and

Re: [Full-disclosure] [Advisories] CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator

Sergio 'shadown' Alvarez wrote: Hi, In the last CORE's advisories I've seen the following credits: 7. *Credits* This vulnerability was discovered by the SCS team [3] from Core Security Technologies. Does this SCS team's guy have a name ? Even in a football match 'the team' wins

[Full-disclosure] [USN-764-1] Firefox and Xulrunner vulnerabilities

=== Ubuntu Security Notice USN-764-1 April 23, 2009 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309,