[Full-disclosure] [SECURITY] [DSA 2571-1] libproxy security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2571-1 secur...@debian.org http://www.debian.org/security/ Raphael Geissert November 04, 2012

[Full-disclosure] [waraxe-2012-SA#096] - Multiple Vulnerabilities in Zenphoto 1.4.3.3

[waraxe-2012-SA#096] - Multiple Vulnerabilities in Zenphoto 1.4.3.3 === Author: Janek Vind waraxe Date: 03. November 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html Description of vulnerable

[Full-disclosure] [SECURITY] [DSA 2572-1] iceape security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2572-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 4, 2012

[Full-disclosure] AWAuctionScript CMS v1.x - Multiple Web Vulnerabilities

Title: == AWAuctionScript CMS v1.x - Multiple Web Vulnerabilities Date: = 2012-11-04 References: === http://www.vulnerability-lab.com/get_content.php?id=741 VL-ID: = 741 Common Vulnerability Scoring System: 8.5 Introduction:

[Full-disclosure] HTP Zine 4

http://pastebin.com/raw.php?i=jhLt7s83 http://htp4.hack-the-planet.tv/htp4/HTP-4.txt http://doxbinumfxfyytnh.onion/HTP4.7z http://uplink.sh/htp4/ http://dikline.org/ http://empathy.hardchats.org/htp4/HTP-4.txt Enjoy ;) -HTP ___ Full-Disclosure - We

[Full-disclosure] [HITB-Announce] #HITB2013AMS Call For Papers Now Open

The Call for Papers for the fourth annual HITBSecConf in Europe is now open! Taking place on the 8th till 11th of April at the Okura Hotel, Amsterdam, #HITB2013AMS will be a triple track conference (with HITB Labs) and features keynotes by Eddie Schwartz, Chief Information Security Officer at

[Full-disclosure] multiple critical vulnerabilities in sophos products

List, I've completed the second paper in my series analyzing Sophos Antivirus internals, titled Practical Attacks against Sophos Antivirus. As the name suggests, this paper describes realistic attacks against networks using Sophos products. The paper includes a working pre-authentication remote

Re: [Full-disclosure] multiple critical vulnerabilities in sophos products

Reading the paper now. The previous one about internals was awesome. enumerating badness keyword :D ROFL Cheers antisnatchor On Mon, Nov 5, 2012 at 3:14 PM, Tavis Ormandy tav...@cmpxchg8b.com wrote: List, I've completed the second paper in my series analyzing Sophos Antivirus internals,

Re: [Full-disclosure] multiple critical vulnerabilities in sophos products

Also, They told me they will work on this, and will improve their internal security practices. is just ridiculous. I have the same feeling you had while reaching out with them, when the results from some of my product pentests cannot be disclosed even after patching. I wish we could always go

[Full-disclosure] [SECURITY] CVE-2012-2733 Apache Tomcat Denial of Service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2012-2733 Apache Tomcat Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.27 - - Tomcat 6.0.0 to 6.0.35 Description: The checks that limited the permitted size of request

[Full-disclosure] [SECURITY] CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.35 - - Tomcat 5.5.0 to 5.5.35 - - Earlier, unsupported