Posted by security on Dec 05

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:297-1

http://www.mandriva.com/security/

_______________________________________________________________________

Package : ffmpeg

Date : December 5, 2009

Affected: 2008.0

_______________________________________________________________________

Problem Description:

Vulnerabilities have been…

URL: http://seclists.org/fulldisclosure/2009/Dec/133

Mozilla Firefox Form History Information Disclosure Vulnerability

URL: http://www.securityfocus.com/bid/36853

Posted by MustLive on Nov 01

Hello participants of Full-Disclosure!

After my articles about different attacks via redirectors – Redirectors: the

phantom menace (http://websecurity.com.ua/3495/) and Attacks via closed

redirectors (http://websecurity.com.ua/3531/), here is my new article. This

time about attacks via bookmarks. In article Dark side of bookmarks

(http://websecurity.com.ua/3643/) I’ll tell you about risks of bookmarks in

browsers.

There are possible next…

URL: http://seclists.org/fulldisclosure/2009/Nov/0

Posted by Mohammad Hosein on Oct 18

in a certain web application e.g gmail there are times the whole

communication is secured by ssl and sometimes "there are insecure elements"

that raise questions . i’m not a web professional . how to find these

insecure elements ? and how to evaluate if these elements are the results of

a successful man in the middle attack or not ?

regards

URL: http://seclists.org/fulldisclosure/2009/Oct/251

Posted by david lodge on Oct 18

It’s final time to stop procrastinating: Nikto 2.1.0 is here!

(Available from http://cirt.net/nikto2)

This version has gone through significant rewrites under the hood to

how Nikto works, to make it more expandable and usable.

Changes include:

* Rewrite to the plugin engine allowing more control of the plugin

structure and making it easier to add plugins

* Rewrite to the reporting engine allowing reporting plugins to cover

more and also…

URL: http://seclists.org/fulldisclosure/2009/Oct/249

Posted by Michal on Oct 17

Anders Klixbull wrote:

at a lemonparty

URL: http://seclists.org/fulldisclosure/2009/Oct/247

Posted by Chris on Oct 10

^^^^^^^^^^^^^^^^

Thierry, please fix your clock.

URL: http://seclists.org/fulldisclosure/2009/Oct/154

Posted by Thierry Zoller on Oct 10

Hi Dan,

DK> There are a substantial number of file formats that are code-execution

DK> equivalent with no exploits necessary — .exe, .com, .bat, etc. You thus

DK> can’t say that an executed file must not execute code, because there’s no

DK> way for the user to know whether a file on his desktop is an .exe or

DK> something else.

Maybe I misunderstand what you are saying but – Isn’t the point in this

case is that running binary…

URL: http://seclists.org/fulldisclosure/2009/Oct/148

Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3339

Posted by Kingcope on Aug 22

I am not going to share IIS 0day anymore.

http://isowarez.de/bsd-setusercontext.txt

Bye.

" BIG TIME "

Full-Disclosure – We believe in it.

Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia – http://secunia.com/
Received on Aug 21…

URL: http://seclists.org/fulldisclosure/2009/Aug/0300.html

Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities

URL: http://www.securityfocus.com/archive/1/505997

<!–
Envelope-to: email@address
Delivery-date: Mon, 27 Jul 2009 22:22:29 +0100
Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com)
by lt.network5.net with esmtp (Exim 4.43)
id 1MVXeP-0004ru-8D
for email@address; Mon, 27 Jul 2009 22:22:29 +0100
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 7CBE42371F8; Mon, 27 Jul 2009 15:19:13 -0600 (MDT)
Mailing-List: contact <a
href=”mailto:bugtraq-help@securityfocus.com”>bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: &lt;bugtraq.list-id.securityfocus.com&gt;
List-Post: &lt;mailto:bugtraq@securityfocus.com&gt;
List-Help: &lt;mailto:bugtraq-help@securityfocus.com&gt;
List-Unsubscribe: &lt;mailto:bugtraq-unsubscribe@securityfocus.com&gt;
List-Subscribe: &lt;mailto:bugtraq-subscribe@securityfocus.com&gt;
Delivered-To: mailing list <a
href=”mailto:bugtraq@securityfocus.com”>bugtraq@securityfocus.com
Delivered-To: moderator for <a
href=”mailto:bugtraq@securityfocus.com”>bugtraq@securityfocus.com
Received: (qmail 10596 invoked from network); 27 Jul 2009 21:15:21 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: computer crime statistics
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 27 Jul 2009 15:15:13 -0600
Content-Type: multipart/signed;
micalg=SHA1;
protocol=&quot;application/x-pkcs7-signature&quot;;
boundary=&quot;—-=_NextPart_000_057C_01CA0ECD.09DC2F70&quot;
Message-ID: &lt;631BA9640B7F2246936CD03153E2F92E20F909@Libmail2.ualibrary.ualberta.ca&gt;
In-Reply-To: &lt;001a01ca0dfa$d7dde8b0$8799ba10$@com&gt;
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: computer crime statistics
Thread-Index: AcoN+oX+xKj011IHRImdAYPfW8fNdQAADRdwAEEC6NA=
References: &lt;001a01ca0dfa$d7dde8b0$8799ba10$@com&gt;
From: &quot;McDonnell, Michael&quot; &lt;michael.mcdonnell@ualberta.ca&gt;
To: &quot;Choon Ming&quot; &lt;choonming2002@gmail.com&gt;,
&lt;bugtraq@securityfocus.com&gt;,
&lt;full-disclosure-bounces@lists.grok.org.uk&gt;
X-IMAPbase: 1176125385 9714
Status: O
X-UID: 9714
Content-Length: 5925
X-Keywords:

Posted by antisecav_at_hushmail.com on Jul 26

ATTENTION n3tD3v (www.twitter.com/n3td3v):

Thank you for all your help with the antisec movement.

We hope your grant with the intelligence community goes well!

This is Alex Jones, from Infowars,

Over and out.

URL: http://seclists.org/fulldisclosure/2009/Jul/0408.html

Posted by SySS security advisories — Christoph Bott on Jul 26

=======================================

Vulnerable Product: Cisco WLC 4402 (most likely among many others)

Vulnerability discovered: January 2009

Reported to vendor: Jan 01, 2009

Fix available: not yet

=======================================

TIMELINE:

…

URL: http://seclists.org/fulldisclosure/2009/Jul/0407.html

Posted by antisecav_at_hushmail.com on Jul 25

GREAT BRITAIN – n3td3v/antisec is proud to announce official

partnership with antisec ("the scene")

In England, we care about intelligence. There is no better way to

do intelligence then to compromise computers. We are clearly

superior at security.

We eat up the competition….

URL: http://seclists.org/fulldisclosure/2009/Jul/0405.html