Full Disclosure | Full-Disclosure

Full Disclosure | Full-Disclosure Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ en-us (c) Gossamer Threads Inc. All rights reserved. 13 Feb 2012 01:42:56 -0800 120 Gossamer Threads | Full Disclosure | Full-Disclosure 75 23 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg [ MDVSA-2012:017 ] firefox -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 12 Feb 2012 12:23:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85020 Trustwave and Mozilla Hi All, https://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972 In case folks are interested in t 12 Feb 2012 02:54:30 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85009 eFront Community++ v3.6.10 - SQL Injection Vulnerability Title: ====== eFront Community++ v3.6.10 - SQL Injection Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab 11 Feb 2012 10:53:38 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85011 Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability Title: ====== Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab.c 11 Feb 2012 10:51:42 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85010 [Announcement] ClubHack Mag - Call for Articles Hello All, ClubHack Magazine is seeking submissions for next issue, Issue 26 - March 2012. Topics:- 1. Web App Sec 2. OS Exploitation and Security 3 10 Feb 2012 22:22:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85004 [ MDVSA-2012:016 ] glpi -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 10 Feb 2012 11:00:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84998 New Android Malware Botnet Reversed/Uncovered Hello, one of InfoSec Institute's security researchers reverse engineered a new botnet that is active for the Android platform. RootSmart has some uni 10 Feb 2012 10:56:17 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84997 [Off-Spanish] Webinario gratuito - Ataques DoS en latino america Fecha y hora: Sabado, Febrero 11 2012 - 18:00 PM ( Hora Argentina GMT - 3:00 ) En el webinario veremos de forma practica y teorica como se ejecutan l 10 Feb 2012 10:24:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84996 Multiple CSRF, DoS and XSS vulnerabilities in D-Link DAP 1150 Hello list! I want to warn you about new security vulnerabilities in D-Link DAP 1150 (Wi-Fi Access Point and Router). These are Cross-Site Request 10 Feb 2012 10:21:29 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84995 Yahoo Messenger - Buffer Overflow Vulnerability [Video] Title: ====== Yahoo Messenger - Buffer Overflow Vulnerability [Video] Date: ===== 2012-02-10 References: =========== Download: http://www.vu 10 Feb 2012 09:41:17 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85005 Zen-Cart Admin CSRF/XSRF - Delete / Disable Products | UPS-2011-0018 | CVE-2011-4403 *Advisory Information* Title: Zen-Cart Admin CSRF/XSRF - Delete / Disable Products Date published: 2012-02-10 01:59:45 AM upSploit Ref: UPS-2011-0018 10 Feb 2012 08:10:46 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84993 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability 1. OVERVIEW The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce 10 Feb 2012 08:01:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84992 Linux Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities Title: ====== Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities Date: ===== 2012-02-10 References: =========== http://www.vulnerabil 10 Feb 2012 06:25:56 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84988 Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities Title: ====== Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities Date: ===== 2012-02-06 VL-ID: ===== 418 Abstract: ========= Alexander 10 Feb 2012 03:28:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84984 Astaro Security Gateway - bypass using whitelist domain pattern weakness *Advisory Information* Title: Astaro Security Gateway - bypass using whitelist domain pattern weakness upSploit Ref: UPS-2011-0041 *Advisory Summ 10 Feb 2012 03:00:20 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84985 Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities Title: ====== Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities Date: ===== 2012-02-09 References: =========== http://www.vulnerability-la 10 Feb 2012 02:54:52 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84982 OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities Title: ====== OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities Date: ===== 2012-02-08 References: =========== http://www.vulnerability-lab.com/ge 10 Feb 2012 02:53:19 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84981 Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities Title: ====== Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities Date: ===== 2012-02-07 References: =========== http://www.vulnerability-lab 10 Feb 2012 02:51:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84980 CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI Severity: Important Vendor: GLPI - http://www.glpi-project.org Versions Affected ================= All vers 10 Feb 2012 02:40:35 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84979 Celebrate with PenTest Magazine Celebrate with PenTest Magazine To celebrate the transformation of PenTest StarterKit edition into Auditing & Standards PenTest, we've decided to gi 10 Feb 2012 02:32:33 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84977 Linksys Routers still Vulnerable to Wps vulnerability. Don't buy Linksys Routers they are vulnerable to Wifi unProtected Setup Pin registrar Brute force attack. No patch or workaround exist at the making o 09 Feb 2012 23:40:03 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84976 What's up with the ImmunityInc forums? Hey, anyone know why it's taking so long for the ImmunityInc forums to come back up? It's been weeks, man. __________________________________________ 09 Feb 2012 15:45:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84974 eFront Community++ v3.6.10 - Multiple Web Vulnerabilities Title: ====== eFront Community++ v3.6.10 - Multiple Web Vulnerabilities Date: ===== 2012-02-09 References: =========== http://www.vulnerability-la 09 Feb 2012 10:01:12 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84973 [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability -------------------------------------------------------------------------------------------------- CVE-2011-4367: Apache MyFaces information disclosu 09 Feb 2012 07:54:42 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84972 List Charter [Full-Disclosure] Mailing List Charter John Cartwright <johnc@grok.org.uk> - Introduction & Purpose - This document serves as a charter for the [F 09 Feb 2012 07:43:32 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84971