Security Hero Rotating Header Image

Disclosure

ffmpeg

[ MDVSA-2009:297-1 ] ffmpeg

Posted by security on Dec 05

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:297-1

http://www.mandriva.com/security/

_______________________________________________________________________

Package : ffmpeg

Date : December 5, 2009

Affected: 2008.0

_______________________________________________________________________

Problem Description:

Vulnerabilities have been…

URL: http://seclists.org/fulldisclosure/2009/Dec/133

Mozilla Firefox Form History Information Disclosure Vulnerability

Vuln: Mozilla Firefox Form History Information Disclosure Vulnerability

Mozilla Firefox Form History Information Disclosure Vulnerability

URL: http://www.securityfocus.com/bid/36853

Dark side of bookmarks

Dark side of bookmarks

Posted by MustLive on Nov 01

Hello participants of Full-Disclosure!

After my articles about different attacks via redirectors – Redirectors: the

phantom menace (http://websecurity.com.ua/3495/) and Attacks via closed

redirectors (http://websecurity.com.ua/3531/), here is my new article. This

time about attacks via bookmarks. In article Dark side of bookmarks

(http://websecurity.com.ua/3643/) I’ll tell you about risks of bookmarks in

browsers.

There are possible next…

URL: http://seclists.org/fulldisclosure/2009/Nov/0

insecure elements in https protected pages

insecure elements in https protected pages

Posted by Mohammad Hosein on Oct 18

in a certain web application e.g gmail there are times the whole

communication is secured by ssl and sometimes "there are insecure elements"

that raise questions . i’m not a web professional . how to find these

insecure elements ? and how to evaluate if these elements are the results of

a successful man in the middle attack or not ?

regards

URL: http://seclists.org/fulldisclosure/2009/Oct/251

Nikto 2.1.0 released

Nikto 2.1.0 released

Posted by david lodge on Oct 18

It’s final time to stop procrastinating: Nikto 2.1.0 is here!

(Available from http://cirt.net/nikto2)

This version has gone through significant rewrites under the hood to

how Nikto works, to make it more expandable and usable.

Changes include:

* Rewrite to the plugin engine allowing more control of the plugin

structure and making it easier to add plugins

* Rewrite to the reporting engine allowing reporting plugins to cover

more and also…

URL: http://seclists.org/fulldisclosure/2009/Oct/249

milw0rm

Re: milw0rm

Posted by Michal on Oct 17

Anders Klixbull wrote:

at a lemonparty

URL: http://seclists.org/fulldisclosure/2009/Oct/247

When is it valid to claim that a vulnerability leads to a remote attack?

Re: When is it valid to claim that a vulnerability leads to a remote attack?

Posted by Chris on Oct 10

^^^^^^^^^^^^^^^^

Thierry, please fix your clock.

URL: http://seclists.org/fulldisclosure/2009/Oct/154

When is it valid to claim that a vulnerability leads to a remote attack?

Re: When is it valid to claim that a vulnerability leads to a remote attack?

Posted by Thierry Zoller on Oct 10

Hi Dan,

DK> There are a substantial number of file formats that are code-execution

DK> equivalent with no exploits necessary — .exe, .com, .bat, etc. You thus

DK> can’t say that an executed file must not execute code, because there’s no

DK> way for the user to know whether a file on his desktop is an .exe or

DK> something else.

Maybe I misunderstand what you are saying but – Isn’t the point in this

case is that running binary…

URL: http://seclists.org/fulldisclosure/2009/Oct/148

3339 (email_and_web_security_appliance)

CVE-2009-3339 (email_and_web_security_appliance)

Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3339

FreeBSD stuff

FreeBSD stuff

Posted by Kingcope on Aug 22

I am not going to share IIS 0day anymore.

http://isowarez.de/bsd-setusercontext.txt

Bye.

" BIG TIME "

Full-Disclosure – We believe in it.

Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia – http://secunia.com/
Received on Aug 21…

URL: http://seclists.org/fulldisclosure/2009/Aug/0300.html

Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities

Bugtraq: Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities

Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities

URL: http://www.securityfocus.com/archive/1/505997

computer crime statistics

RE: computer crime statistics

<!–
Envelope-to: email@address
Delivery-date: Mon, 27 Jul 2009 22:22:29 +0100
Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com)
by lt.network5.net with esmtp (Exim 4.43)
id 1MVXeP-0004ru-8D
for email@address; Mon, 27 Jul 2009 22:22:29 +0100
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 7CBE42371F8; Mon, 27 Jul 2009 15:19:13 -0600 (MDT)
Mailing-List: contact <a
href=”mailto:bugtraq-help@securityfocus.com”>bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: &lt;bugtraq.list-id.securityfocus.com&gt;
List-Post: &lt;mailto:bugtraq@securityfocus.com&gt;
List-Help: &lt;mailto:bugtraq-help@securityfocus.com&gt;
List-Unsubscribe: &lt;mailto:bugtraq-unsubscribe@securityfocus.com&gt;
List-Subscribe: &lt;mailto:bugtraq-subscribe@securityfocus.com&gt;
Delivered-To: mailing list <a
href=”mailto:bugtraq@securityfocus.com”>bugtraq@securityfocus.com
Delivered-To: moderator for <a
href=”mailto:bugtraq@securityfocus.com”>bugtraq@securityfocus.com
Received: (qmail 10596 invoked from network); 27 Jul 2009 21:15:21 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: computer crime statistics
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 27 Jul 2009 15:15:13 -0600
Content-Type: multipart/signed;
micalg=SHA1;
protocol=&quot;application/x-pkcs7-signature&quot;;
boundary=&quot;—-=_NextPart_000_057C_01CA0ECD.09DC2F70&quot;
Message-ID: &lt;631BA9640B7F2246936CD03153E2F92E20F909@Libmail2.ualibrary.ualberta.ca&gt;
In-Reply-To: &lt;001a01ca0dfa$d7dde8b0$8799ba10$@com&gt;
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: computer crime statistics
Thread-Index: AcoN+oX+xKj011IHRImdAYPfW8fNdQAADRdwAEEC6NA=
References: &lt;001a01ca0dfa$d7dde8b0$8799ba10$@com&gt;
From: &quot;McDonnell, Michael&quot; &lt;michael.mcdonnell@ualberta.ca&gt;
To: &quot;Choon Ming&quot; &lt;choonming2002@gmail.com&gt;,
&lt;bugtraq@securityfocus.com&gt;,
&lt;full-disclosure-bounces@lists.grok.org.uk&gt;
X-IMAPbase: 1176125385 9714
Status: O
X-UID: 9714
Content-Length: 5925
X-Keywords:

n3td3v honored at blackhat 2009 USA – best security intrusion specialist

n3td3v honored at blackhat 2009 USA – best security intrusion specialist

Posted by antisecav_at_hushmail.com on Jul 26

ATTENTION n3tD3v (www.twitter.com/n3td3v):

Thank you for all your help with the antisec movement.

We hope your grant with the intelligence community goes well!

This is Alex Jones, from Infowars,

Over and out.

URL: http://seclists.org/fulldisclosure/2009/Jul/0408.html

Service vulnerability

Cisco WLC 4402 Denial-of-Service vulnerability

Posted by SySS security advisories — Christoph Bott on Jul 26

=======================================

Vulnerable Product: Cisco WLC 4402 (most likely among many others)

Vulnerability discovered: January 2009

Reported to vendor: Jan 01, 2009

Fix available: not yet

=======================================

TIMELINE:

URL: http://seclists.org/fulldisclosure/2009/Jul/0407.html

antisec and n3td3v responsible for Matasano hacking

Breaking: antisec and n3td3v responsible for Matasano hacking

Posted by antisecav_at_hushmail.com on Jul 25

GREAT BRITAIN – n3td3v/antisec is proud to announce official

partnership with antisec ("the scene")

In England, we care about intelligence. There is no better way to

do intelligence then to compromise computers. We are clearly

superior at security.

We eat up the competition….

URL: http://seclists.org/fulldisclosure/2009/Jul/0405.html