Posted by Nathan Grandbois on Dec 04

John Bennett wrote:

John,

You might want to take a look at the WASC list here:

http://projects.webappsec.org/Web-Application-Security-Scanner-List

The thread is still under discussion on the webappsec mailing list.

_nathan

URL: http://seclists.org/pen-test/2009/Dec/5

Posted by Mohammad Hosein on Oct 18

in a certain web application e.g gmail there are times the whole

communication is secured by ssl and sometimes "there are insecure elements"

that raise questions . i’m not a web professional . how to find these

insecure elements ? and how to evaluate if these elements are the results of

a successful man in the middle attack or not ?

regards

URL: http://seclists.org/fulldisclosure/2009/Oct/251

Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3339

<!–
Envelope-to: email@address
Delivery-date: Mon, 27 Jul 2009 22:22:29 +0100
Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com)
by lt.network5.net with esmtp (Exim 4.43)
id 1MVXeP-0004ru-8D
for email@address; Mon, 27 Jul 2009 22:22:29 +0100
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 7CBE42371F8; Mon, 27 Jul 2009 15:19:13 -0600 (MDT)
Mailing-List: contact <a
href=”mailto:bugtraq-help@securityfocus.com”>bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: &lt;bugtraq.list-id.securityfocus.com&gt;
List-Post: &lt;mailto:bugtraq@securityfocus.com&gt;
List-Help: &lt;mailto:bugtraq-help@securityfocus.com&gt;
List-Unsubscribe: &lt;mailto:bugtraq-unsubscribe@securityfocus.com&gt;
List-Subscribe: &lt;mailto:bugtraq-subscribe@securityfocus.com&gt;
Delivered-To: mailing list <a
href=”mailto:bugtraq@securityfocus.com”>bugtraq@securityfocus.com
Delivered-To: moderator for <a
href=”mailto:bugtraq@securityfocus.com”>bugtraq@securityfocus.com
Received: (qmail 10596 invoked from network); 27 Jul 2009 21:15:21 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: computer crime statistics
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 27 Jul 2009 15:15:13 -0600
Content-Type: multipart/signed;
micalg=SHA1;
protocol=&quot;application/x-pkcs7-signature&quot;;
boundary=&quot;—-=_NextPart_000_057C_01CA0ECD.09DC2F70&quot;
Message-ID: &lt;631BA9640B7F2246936CD03153E2F92E20F909@Libmail2.ualibrary.ualberta.ca&gt;
In-Reply-To: &lt;001a01ca0dfa$d7dde8b0$8799ba10$@com&gt;
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: computer crime statistics
Thread-Index: AcoN+oX+xKj011IHRImdAYPfW8fNdQAADRdwAEEC6NA=
References: &lt;001a01ca0dfa$d7dde8b0$8799ba10$@com&gt;
From: &quot;McDonnell, Michael&quot; &lt;michael.mcdonnell@ualberta.ca&gt;
To: &quot;Choon Ming&quot; &lt;choonming2002@gmail.com&gt;,
&lt;bugtraq@securityfocus.com&gt;,
&lt;full-disclosure-bounces@lists.grok.org.uk&gt;
X-IMAPbase: 1176125385 9714
Status: O
X-UID: 9714
Content-Length: 5925
X-Keywords:

Posted by Taras on Jul 26

On Fri, 17 Jul 2009 13:17:10 -0300

Ulises2k <ulises2k_at_gmail.com> wrote:

> Try this:

>

> GUI

> http://w3af.sf.net

W3AF has also perfect console UI and furthermore it has SQLmap integration.

URL: http://seclists.org/pen-test/2009/Jul/0097.html

Posted by antisecav_at_hushmail.com on Jul 26

ATTENTION n3tD3v (www.twitter.com/n3td3v):

Thank you for all your help with the antisec movement.

We hope your grant with the intelligence community goes well!

This is Alex Jones, from Infowars,

Over and out.

URL: http://seclists.org/fulldisclosure/2009/Jul/0408.html

Posted by antisecav_at_hushmail.com on Jul 25

GREAT BRITAIN – n3td3v/antisec is proud to announce official

partnership with antisec ("the scene")

In England, we care about intelligence. There is no better way to

do intelligence then to compromise computers. We are clearly

superior at security.

We eat up the competition….

URL: http://seclists.org/fulldisclosure/2009/Jul/0405.html

Posted by YEHG Group on Jul 26

Thanks, I’ll update the database of

http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project

On Sat, Jul 25, 2009 at 3:57 PM, SmOk3<smok3f00_at_gmail.com> wrote:

> Original advisory at:

> …

URL: http://seclists.org/fulldisclosure/2009/Jul/0394.html

Posted by srshaxsir_at_hushmail.com on Jul 25

You are an idiot.

anti-sec never threatened to show any 0day, it is against the point

you moron.. unless you believe anyone that signs his email with

‘anti-sec’.

We are still online, we are still auditing and hacking your code on

a daily basis, you just won’t know about it anymore until you…

URL: http://seclists.org/fulldisclosure/2009/Jul/0390.html

Summary:

Fortinet’s FortiGuard Global Security Research Team investigates a vulnerability in multiple Adobe products through SWF.

Impact:

Remote Code Execution.

Affected Software:

• Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions
• Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions

Solutions:

• The FortiGuard Global Security Research Team released a signature “Adobe.Products.SWF.Remote.Code.Execution”, which covers this specific vulnerability.
• Apply the suggested workaround from Adobe

The FortiGuard Global Security Research Team continues to monitor attacks against this vulnerability.

Fortinet customers who subscribe to Fortinetˇ¦s intrusion prevention (IPS) service should be protected against this remote code execution vulnerability. Fortinetˇ¦s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat’s lifecycle.

References:

• Adobe Security Advisory: APSA09-03
• Adobe PSIRT: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
• CVE ID: CVE-2009-1862
• Bugtraq ID: 35759

URL: http://www.fortiguardcenter.com/advisory/FGA-2009-29.html

About one million spam emails per hour are being sent to Yahoo Groups and other free web services, including Google Groups and LiveJournal, containing bogus pharmaceutical advertising content.

URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/Hhgm3VDE7z4/

Posted by Stephen Menard on Jul 22

Your Clock’s off

DOH! time for a beer

Received: from lists.grok.org.uk (localhost [127.0.0.1])

        by lists.grok.org.uk (Postfix) with ESMTP id CB44E1CB;

        Wed, 22 Jul 2009 15:45:17 +0100 (BST)

…

URL: http://seclists.org/fulldisclosure/2009/Jul/0350.html

The American Civil Liberties Union was in court today for oral arguments in its landmark challenge to the unconstitutional FISA Amendments Act (FAA), which gives the government virtually unchecked power to intercept Americans’ international e-mails and telephone calls. The ACLU filed a lawsuit to stop the government from spying under …

URL: http://www.pogowasright.org/?p=2088

Posted by Kema Druma on Jul 21

OMG, WTF is this.

ANTI-SEC has successfully pwnd a useless website using lulzy sql

injection from milw0rm.com.

u assholes, get a name like "SHITHOLE" and post ur shit somewhere else

and stop polluting anti-sec and the anti-sec movement and

security mailing list FFS.

GO DIE…

URL: http://seclists.org/fulldisclosure/2009/Jul/0295.html

4117

PDF/Exploit.Pidief.ONG, VBS/TrojanDownloader.Small.L (6), Win32/Adware.BHO.GBP (2), Win32/Adware.BHO.NCG (2), Win32/Adware.GooochiBiz (4), Win32/Adware.WSearch, Win32/Agent.NXT (2), Win32/AutoRun.Agent.NP, Win32/AutoRun.Delf.BY, Win32/Delf.PFS, Win32/FlyStudio.NML, Win32/FlyStudio.NMM (5), Win32/Hupigon, Win32/Hupigon.NPE, Win32/KillAV.NDV (2), Win32/Koutodoor.AF (3), Win32/Koutodoor.G, Win32/Peerfrag.AG, Win32/Poison.NBC (2), Win32/PSW.Agent.NLP (2), Win32/PSW.OnLineGames.NMP (2), Win32/PSW.OnLineGames.NMY (3), Win32/PSW.OnLineGames.NNM, Win32/PSW.OnLineGames.NSU (2), Win32/PSW.OnLineGames.OKE, Win32/PSW.WOW.DZI, Win32/PSWTool.MailPassView.151 (4), Win32/Rootkit.Agent.NLY, Win32/Rustock.NIH, Win32/Rustock.NIK (3), Win32/Spy.Banker.AFFJ, Win32/Spy.Banker.QLG (4), Win32/TrojanDownloader.Bredolab.AA (2), Win32/TrojanDownloader.FakeAlert.AAX, Win32/TrojanDownloader.FakeAlert.ABV, Win32/TrojanDownloader.FakeAlert.ACU, Win32/TrojanDownloader.FakeAlert.ACV (2), Win32/TrojanDownloader.Zlob.CZJ, Win32/TrojanDropperDelf.NNM (2), Win32/TrojanDropper.VB.NHZ (2), Win32/Wigon.KU (2), Win32/Wigon.KY

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6089&Itemid=26