Full Disclosure | Full-Disclosure Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ en-us (c) Gossamer Threads Inc. All rights reserved. 23 Nov 2009 19:49:13 -0800 120 Gossamer Threads | Full Disclosure | Full-Disclosure 75 23 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ 23 Nov 2009 11:43:38 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70887 CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ 23 Nov 2009 11:42:50 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70886 CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ 23 Nov 2009 11:41:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70885 [SECURITY] [DSA 1938-1] New php-mail packages fix insufficient input sanitising -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 22 Nov 2009 23:40:19 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70884 Fwd: ICMPv4/IP fuzzer prototype. Hell no random.randrang -> randrange(_) rtfm. and yeah u'r welcome. 2009/11/23 Andrew Farmer <andfarm@gmail.com> On 22 Nov 2009, at 19:48, lauren 22 Nov 2009 22:09:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70882 [Bkis-13-2009] e107 Multiple Vulnerabilities [Bkis-13-2009] e107 Multiple Vulnerabilities 1. General Information e107 is a free content management system (CMS) written in PHP language and is av 22 Nov 2009 21:19:44 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70880 ICMPv4/IP fuzzer prototype. Should be kweel for UTesting http://g-laurent.blogspot.com/2009/11/releasing-icmpv4ip-fuzzer-prototype.html Enjoy. 22 Nov 2009 19:48:08 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70879 Climategate: how the MSM reported the greatest scandal in modern science - Telegraph Blogs hackers providing a public service...... http://blogs.telegraph.co.uk/news/jamesdelingpole/100017451/climategate-how-the-msm-reported-the-greatest-sc 22 Nov 2009 14:44:52 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70878 Millions of PDF invisibly embedded with your internal disk paths Millions of PDF invisibly embedded with your internal disk paths ---------------------------------------------------------------- I found an interest 22 Nov 2009 12:14:30 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70876 HITB Security Conference 2010 Dubai Call for Papers -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Call for Papers for HITB Security Conference 2010 Dubai is now open! Talks that are more technical 22 Nov 2009 06:13:26 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70875 Vulnerabilities in plugins for WordPress Hello Full-Disclosure! I want to tell you about different vulnerabilities in plugins for WordPress. About some of them there were posts to Bugtraq li 21 Nov 2009 13:25:19 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70874 [ MDVSA-2009:302 ] php -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 21 Nov 2009 08:08:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70872 [SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 20 Nov 2009 21:30:22 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70873 [ MDVSA-2009:301 ] kernel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 20 Nov 2009 16:29:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70870 ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09 20 Nov 2009 15:15:26 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70869 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Sec 20 Nov 2009 12:56:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70867 Pussy and the right to free speech. This whole thing is ridiculous. Kurt Greenbaum is an idiot. What kind of question is that in the first place? Only and idiot would post “what†20 Nov 2009 11:10:41 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70866 PHP "multipart/form-data" denial of service Description ------------ PHP version 5.3.1 was just released. This release contains a patch for a denial of service condition we've reported on 27 Oct 20 Nov 2009 04:03:36 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70864 n3td3v / Andrew Wallace's psychological profile Earlier this year, a very well educated FD member posted the psychological profile of Mr. Wallace. (Found here: http://seclists.org/fulldisclosure/200 19 Nov 2009 19:40:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70863 SecurityReason: KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) ] Author: Maksymilian Arciemowicz 19 Nov 2009 16:26:57 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70860 SecurityReason: Opera 10.01 Remote Array Overrun (Arbitrary code execution) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ Opera 10.01 Remote Array Overrun (Arbitrary code execution) ] Author: Maksymilian Arciemowicz and sp 19 Nov 2009 16:25:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70859 SecurityReason: K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) ] Author: Maksymilian Arciemowicz and 19 Nov 2009 16:23:54 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70858 SecurityReason: SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) ] Author: Maksymilian Arciemowicz an 19 Nov 2009 16:17:31 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70857 Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer. I smell a lawsuit coming on for our friend Greenbaum. "ReadWriteWeb has an article up today discussing an incident in which a school employee lost hi 19 Nov 2009 12:38:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70852 Auto Manager admin.cgi Multiple Field XSS vendor: interactivetools.com, inc., http://www.interactivetools.com/products/automanager/ product: Auto Manager version: 2.52 script: admin.cgi fields 19 Nov 2009 00:03:14 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70845