Full Disclosure | Full-Disclosure

Full Disclosure | Full-Disclosure Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ en-us (c) Gossamer Threads Inc. All rights reserved. 25 Nov 2009 20:16:33 -0800 120 Gossamer Threads | Full Disclosure | Full-Disclosure 75 23 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg [SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 25 Nov 2009 14:37:47 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70923 need advice on adtmt cookie Since using the virtual software McAfee web and email scanner I have noticed a lot of blocks of the adtmt cookie (seen as an unwanted program) but see 25 Nov 2009 13:18:38 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70922 Re: {Spam?} [funsec] nasty infection from following link if anyone is interested On Wed, Nov 25, 2009 at 2:19 PM, Alex Lanstein <ALanstein@fireeye.com> wrote: > That was yesterdays (or the day befores?) zeus/zbot campaign, fwiw > > 25 Nov 2009 12:55:36 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70921 Re: [funsec] nasty infection from following link if anyone is interested Your modifications doesn't prevent your link to be clickable in all mail clients. Please use methods http : // and/or archive1329101302 . heddasq nex 25 Nov 2009 12:16:30 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70920 nasty infection from following link if anyone is interested one of my sales people fell for a "someone posted a picture of you" emails. Got a real nasty that came with, according to malwarebytes, "Pawnd.bot an 25 Nov 2009 10:54:31 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70919 Re: Some shit going on in seclist > I guess this is an email list. This guy -/ Day Jay, has put up this > vulnerability up on seclist, stating that it relates to microsoft iis > 6.0, w 25 Nov 2009 10:00:50 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70918 Onapsis Research: SAP Security In-Depth Vol. I -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear colleague, The first volume of the Onapsis' SAP Security In-Depth publication has been released. 25 Nov 2009 08:53:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70917 [ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-05 - - - 25 Nov 2009 07:39:04 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70916 [resent] [ GLSA 200911-04 ] dstat: Untrusted search path Due to an oversight on my part, the original email has not been signed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gento 25 Nov 2009 07:14:30 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70915 [ GLSA 200911-04 ] dstat: Untrusted search path - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-04 - - - 25 Nov 2009 07:10:20 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70914 [ GLSA 200911-03 ] UW IMAP toolkit: Multiple vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-03 - - - 25 Nov 2009 05:24:42 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70913 9/11 pager messages released by Wikileaks http://911.wikileaks.org/ "From 3AM on Wednesday November 25, 2009, until 3AM the following day (US east coast time), WikiLeaks is releasing over hal 25 Nov 2009 03:54:47 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70912 Re: Some shit going on in seclist 2009/11/24 Tyler Durten <ty13rdurt3n@gmail.com>: > I guess this is an email list. This guy - Day Jay, has put up this > vulnerability up on seclist, s 25 Nov 2009 03:48:47 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70911 Re: UK jails schizophrenic for refusal to decrypt files To me, the Brits - sorry, their government - are more and more turning into fascists. What, if somebody has 'really' forgotten his password or lost h 25 Nov 2009 03:41:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70910 Re: more on that So youre whining about a 4 year old post? lol and who uses an exploit without changing the shellcode anyway ________________________________ From: f 25 Nov 2009 03:15:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70909 Re: Some shit going on in seclist you have lost your homedir, or what? well, this is very stupid and pretty badly obfuscated, but I wonder how many scriptkiddies have been temporary su 25 Nov 2009 03:11:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70908 Re: PHP "multipart/form-data" denial of service > > Thanks for the good description and test results, Bogdan. Thank you very much Moritz. >> Proof of concept >> ----------------- >> I'm not goin 25 Nov 2009 01:35:59 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70900 rPSA-2009-0156-1 sun-jdk sun-jre rPath Security Advisory: 2009-0156-1 Published: 2009-11-24 Products: rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 24 Nov 2009 15:58:27 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70905 rPSA-2009-0155-1 httpd mod_ssl rPath Security Advisory: 2009-0155-1 Published: 2009-11-24 Products: rPath Appliance Platform Linux Service 2 rPath Linux 2 Rating: Major Exp 24 Nov 2009 15:57:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70904 rPSA-2009-0154-1 httpd mod_ssl rPath Security Advisory: 2009-0154-1 Published: 2009-11-24 Products: rPath Appliance Platform Linux Service 1 rPath Linux 1 Rating: Major Exp 24 Nov 2009 15:56:52 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70903 UK jails schizophrenic for refusal to decrypt files The first person jailed under draconian UK police powers that Ministers said were vital to battle terrorism and serious crime has been identified by T 24 Nov 2009 14:48:19 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70899 [SECURITY] [DSA 1939-1] New libvorbis packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 24 Nov 2009 14:41:13 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70902 Vulnerabilities in WP-Cumulus for WordPress Hello Full-Disclosure! I want to warn you about security vulnerabilities in plugin WP-Cumulus for WordPress. These are Full path disclosure and Cros 24 Nov 2009 13:56:40 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70901 more on that And this is what I'm talking about: http://seclists.org/fulldisclosure/2005/Apr/412 24 Nov 2009 13:41:54 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70907 Re: PHP "multipart/form-data" denial of service Bogdan Calin wrote: > Description > ------------ > PHP version 5.3.1 was just released. This release contains a patch for a > denial of service condit 24 Nov 2009 13:40:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70898