Security Hero Rotating Header Image

Posts Tagged ‘Disclosure’

ffmpeg

[ MDVSA-2009:297-1 ] ffmpeg Posted by security on Dec 05 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:297-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ffmpeg Date : December 5, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Vulnerabilities have been… URL: http://seclists.org/fulldisclosure/2009/Dec/133

Mozilla Firefox Form History Information Disclosure Vulnerability

Vuln: Mozilla Firefox Form History Information Disclosure Vulnerability Mozilla Firefox Form History Information Disclosure Vulnerability URL: http://www.securityfocus.com/bid/36853

Dark side of bookmarks

Dark side of bookmarks Posted by MustLive on Nov 01 Hello participants of Full-Disclosure! After my articles about different attacks via redirectors – Redirectors: the phantom menace (http://websecurity.com.ua/3495/) and Attacks via closed redirectors (http://websecurity.com.ua/3531/), here is my new article. This time about attacks via bookmarks. In article Dark side of bookmarks (http://websecurity.com.ua/3643/) I’ll tell you [...]

insecure elements in https protected pages

insecure elements in https protected pages Posted by Mohammad Hosein on Oct 18 in a certain web application e.g gmail there are times the whole communication is secured by ssl and sometimes "there are insecure elements" that raise questions . i’m not a web professional . how to find these insecure elements ? and how [...]

Nikto 2.1.0 released

Nikto 2.1.0 released Posted by david lodge on Oct 18 It’s final time to stop procrastinating: Nikto 2.1.0 is here! (Available from http://cirt.net/nikto2) This version has gone through significant rewrites under the hood to how Nikto works, to make it more expandable and usable. Changes include: * Rewrite to the plugin engine allowing more control [...]

milw0rm

Re: milw0rm Posted by Michal on Oct 17 Anders Klixbull wrote: at a lemonparty URL: http://seclists.org/fulldisclosure/2009/Oct/247

When is it valid to claim that a vulnerability leads to a remote attack?

Re: When is it valid to claim that a vulnerability leads to a remote attack? Posted by Chris on Oct 10 ^^^^^^^^^^^^^^^^ Thierry, please fix your clock. URL: http://seclists.org/fulldisclosure/2009/Oct/154

When is it valid to claim that a vulnerability leads to a remote attack?

Re: When is it valid to claim that a vulnerability leads to a remote attack? Posted by Thierry Zoller on Oct 10 Hi Dan, DK> There are a substantial number of file formats that are code-execution DK> equivalent with no exploits necessary — .exe, .com, .bat, etc. You thus DK> can’t say that an executed [...]

3339 (email_and_web_security_appliance)

CVE-2009-3339 (email_and_web_security_appliance) Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable [...]

FreeBSD stuff

FreeBSD stuff Posted by Kingcope on Aug 22 I am not going to share IIS 0day anymore. http://isowarez.de/bsd-setusercontext.txt Bye. " BIG TIME " Full-Disclosure – We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia – http://secunia.com/ Received on Aug 21… URL: http://seclists.org/fulldisclosure/2009/Aug/0300.html

Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities

Bugtraq: Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities URL: http://www.securityfocus.com/archive/1/505997

computer crime statistics

RE: computer crime statistics <!– Envelope-to: email@address Delivery-date: Mon, 27 Jul 2009 22:22:29 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1MVXeP-0004ru-8D for email@address; Mon, 27 Jul 2009 22:22:29 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 7CBE42371F8; Mon, 27 Jul 2009 15:19:13 -0600 (MDT) Mailing-List: [...]

n3td3v honored at blackhat 2009 USA – best security intrusion specialist

n3td3v honored at blackhat 2009 USA – best security intrusion specialist Posted by antisecav_at_hushmail.com on Jul 26 ATTENTION n3tD3v (www.twitter.com/n3td3v): Thank you for all your help with the antisec movement. We hope your grant with the intelligence community goes well! This is Alex Jones, from Infowars, Over and out. URL: http://seclists.org/fulldisclosure/2009/Jul/0408.html

Service vulnerability

Cisco WLC 4402 Denial-of-Service vulnerability Posted by SySS security advisories — Christoph Bott on Jul 26 ======================================= Vulnerable Product: Cisco WLC 4402 (most likely among many others) Vulnerability discovered: January 2009 Reported to vendor: Jan 01, 2009 Fix available: not yet ======================================= TIMELINE: … URL: http://seclists.org/fulldisclosure/2009/Jul/0407.html

antisec and n3td3v responsible for Matasano hacking

Breaking: antisec and n3td3v responsible for Matasano hacking Posted by antisecav_at_hushmail.com on Jul 25 GREAT BRITAIN – n3td3v/antisec is proud to announce official partnership with antisec ("the scene") In England, we care about intelligence. There is no better way to do intelligence then to compromise computers. We are clearly superior at security. We eat up [...]

Bad Behavior has blocked 465 access attempts in the last 7 days.