Security Hero Rotating Header Image

Disclosure

Gerix Wifi Cracker NG

Re: Gerix Wifi Cracker NG

Posted by Emanuele Gentili on Jul 26

Anyway, it`s python+QT.. you can download the deb package.. unpack it

and see the source code..

E.

Emanuele Gentili wrote:

> Nice thank you, and sorry again about the "borkage".

>

> Have a nice test day. 🙂

>

> E.

>

>

>

> Earl Rollington wrote:

URL: http://seclists.org/fulldisclosure/2009/Jul/0403.html

IXXO Cart! Standalone and Joomla Component SQL Injection

Re: IXXO Cart! Standalone and Joomla Component SQL Injection

Posted by YEHG Group on Jul 26

Thanks, I’ll update the database of

http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project

On Sat, Jul 25, 2009 at 3:57 PM, SmOk3<smok3f00_at_gmail.com> wrote:

> Original advisory at:

> …

URL: http://seclists.org/fulldisclosure/2009/Jul/0394.html

AntiSec is DEAD

Re: AntiSec is DEAD

Posted by srshaxsir_at_hushmail.com on Jul 25

You are an idiot.

anti-sec never threatened to show any 0day, it is against the point

you moron.. unless you believe anyone that signs his email with

‘anti-sec’.

We are still online, we are still auditing and hacking your code on

a daily basis, you just won’t know about it anymore until you…

URL: http://seclists.org/fulldisclosure/2009/Jul/0390.html

Matasano Creampie

Matasano Creampie

Posted by Tobias Martin on Jul 25

WELCOME TO THE WHITEHAT HOLOCAUST

h4v3 phun suck1ng d1q @ BLACKHAT

BLACKHAT l0l m0r3 lyk3 WHITEHAT am1r1t3????

"Matasano Promotes Disclosure"

"Matasano publishes vulnerabilities. We think it’s the right thing to do"

"We encourage vendors to publish, so their…

URL: http://seclists.org/fulldisclosure/2009/Jul/0388.html

Matasano celebrates the opening of BLACKHAT USA by getting owned

Matasano celebrates the opening of BLACKHAT USA by getting owned

Posted by adam_at_matasano.com on Jul 25

"We are evangelists for disclosure"

http://www.matasano.com/

h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4…

URL: http://seclists.org/fulldisclosure/2009/Jul/0384.html

Matasano celebrates the opening of BLACKHAT USA by getting owned

Matasano celebrates the opening of BLACKHAT USA by getting owned

Posted by Tobias Martin on Jul 25

"We are evangelists for disclosure"

http://www.matasano.com/

h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4 h4

h4 h4 h4 h4 h4 h4 h4 h4…

URL: http://seclists.org/fulldisclosure/2009/Jul/0383.html

1 kernel

rPSA-2009-0111-1 kernel

Posted by rPath Update Announcements on Jul 24

rPath Security Advisory: 2009-0111-1

Published: 2009-07-24

Products:

    rPath Appliance Platform Linux Service 1

    rPath Appliance Platform Linux Service 2

    rPath Linux 2

Rating: Severe

Exposure Level Classification:

URL: http://seclists.org/fulldisclosure/2009/Jul/0381.html

Slashdot defacement screenshot

Re: Slashdot defacement screenshot

Posted by Cance Consulting on Jul 24

it must be true if it’s on the internet

sunjester wrote:

> and we should believe a photo? sweet.

>

> —

> Founder/Activist

> http://fusecurity.com/ | "Free Security Technology"

> ————————————————————————

>

URL: http://seclists.org/fulldisclosure/2009/Jul/0370.html

memory required for a PNG file

memory required for a PNG file

Posted by Murthy N Srinivas-B22237 on Jul 24

Hi

How do we calculate memory required for a PNG file from the dimensions

of width and height contained in the file?

It seems that attackers make use width and height to take control of

clients.

Thanks

-nsmurthy

URL: http://seclists.org/fulldisclosure/2009/Jul/0367.html

Adobe Reader / Acrobat and Flash Remote Code Execution

Adobe Reader / Acrobat and Flash Remote Code Execution

Summary:

Fortinet’s FortiGuard Global Security Research Team investigates a vulnerability in multiple Adobe products through SWF.

Impact:

Remote Code Execution.

Affected Software:

  • Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions
  • Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions

Solutions:

  • The FortiGuard Global Security Research Team released a signature “Adobe.Products.SWF.Remote.Code.Execution”, which covers this specific vulnerability.
  • Apply the suggested workaround from Adobe

The FortiGuard Global Security Research Team continues to monitor attacks against this vulnerability.

Fortinet customers who subscribe to Fortinet¡¦s intrusion prevention (IPS) service should be protected against this remote code execution vulnerability. Fortinet¡¦s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat’s lifecycle.

References:

URL: http://www.fortiguardcenter.com/advisory/FGA-2009-29.html

iPhone remote code execution

Re: [GSEC-TZO-45-2009] iPhone remote code execution

Posted by Rob Fuller on Jul 23

Are there memory protections in 3.x to stop this or is it purely a lack of

time/testing to find the exploit vector?

URL: http://seclists.org/fulldisclosure/2009/Jul/0355.html

New xulrunner packages fix several vulnerabilities

[SECURITY] [DSA 1840-1] New xulrunner packages fix several vulnerabilities

Posted by Steffen Joeris on Jul 23

————————————————————————

Debian Security Advisory DSA-1840-1 security_at_debian.org

http://www.debian.org/security/ Steffen Joeris

July 23, 2009 http://www.debian.org/security/faq

URL: http://seclists.org/fulldisclosure/2009/Jul/0353.html

Akamai Technologies Security Advisory 2009-0001(Download Manager)

Akamai Technologies Security Advisory 2009-0001(Download Manager)

Posted by Akamai Security Team on Jul 22

Akamai Technologies Security Advisory 2009-0001

* Akamai ID: 2009-0001

* Date: 07/22/2009

* Product Name: Download Manager

* Affected Versions: < 2.2.4.8

* Fixed Version: 2.2.4.8

* CVE IDs: {TBD}

* CVSS Base Score:…

URL: http://seclists.org/fulldisclosure/2009/Jul/0351.html

Troll exploit of mailing lists and newsgroups

Re: [Mailing list Vulnerability] Troll exploit of mailing lists and newsgroups

Posted by Stephen Menard on Jul 22

Your Clock’s off

DOH! time for a beer

Received: from lists.grok.org.uk (localhost [127.0.0.1])

        by lists.grok.org.uk (Postfix) with ESMTP id CB44E1CB;

        Wed, 22 Jul 2009 15:45:17 +0100 (BST)

URL: http://seclists.org/fulldisclosure/2009/Jul/0350.html

(no subject)

Re: (no subject)

Posted by Ed Carp on Jul 21

Do not fuck with anti-suck. LOL!

URL: http://seclists.org/fulldisclosure/2009/Jul/0329.html