Full Disclosure | Full-Disclosure

Full Disclosure | Full-Disclosure Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ en-us (c) Gossamer Threads Inc. All rights reserved. 08 Nov 2009 17:46:10 -0800 120 Gossamer Threads | Full Disclosure | Full-Disclosure 75 23 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg [ MDVSA-2009:295 ] apache -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 08 Nov 2009 13:20:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70747 [SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 08 Nov 2009 11:47:33 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70746 [SECURITY] [DSA 1931-1] New NSPR packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 08 Nov 2009 02:07:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70744 Linux 2.6.x fs/pipe.c local root exploit (CVE-2009-3547) For those who were not yet aware, there is at least 3 public exploits since 11/05/2009 for CVE-2009-3547 targeting *all* linux kernels from 2.6.0 to 2 07 Nov 2009 11:37:13 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70740 [SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 06 Nov 2009 16:46:57 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70741 How to receive SPAM mail Hi Full-disclosure I have a SPAM filter and virus firewall testing. So, I want to get the real SPAM is sent to a specific email address. What better 06 Nov 2009 11:11:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70728 [ GLSA 200911-01 ] Horde: Multiple vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-01 - - - 06 Nov 2009 05:36:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70720 MySQL trick for SQL injection Good day! I recently encountered a problem with the implementation of SQL injection. I wanted to write a file with the code interpreter to execute 06 Nov 2009 04:55:22 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70719 [ MDVSA-2009:294 ] firefox -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 05 Nov 2009 16:52:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70698 [SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1 05 Nov 2009 16:51:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70716 Using Blended Browser Threats involving Chrome to steal files on your computer For complete post with images, please visit http://securethoughts.com/2009/11/using-blended-browser-threats-involving-ch rome-to-steal-files-on-your-c 05 Nov 2009 16:47:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70699 [SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1 05 Nov 2009 14:03:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70715 SSL/TLS MiTM PoC It might not work with up-to-date OpenSSL. Fixing that is left as an exercise for the reader. -- Pavel Kankovsky aka Peak / 05 Nov 2009 13:54:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70697 [USN-855-1] libhtml-parser-perl vulnerability =========================================================== Ubuntu Security Notice USN-855-1 November 05, 2009 libhtml-parser-perl vulnerabil 05 Nov 2009 12:28:34 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70696 [USN-854-1] GD library vulnerabilities =========================================================== Ubuntu Security Notice USN-854-1 November 05, 2009 libgd2 vulnerabilities CVE-200 05 Nov 2009 11:30:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70695 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-08 05 Nov 2009 10:08:36 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70712 CORE-2009-0912: Blender .blend Project Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ 05 Nov 2009 09:12:52 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70694 [SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1 05 Nov 2009 08:21:03 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70714 [Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report eoCMS SQL injection vulnerability 1. General information eoCMS is an open source code software which is used to develop Internet forum (http://eocm 04 Nov 2009 21:22:29 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70692 Exp1oit for Serv-U 9.0.0.5 new bug hi, I have written a piece of code to demonstrate the new serv-u bug. Attached please find the source code for Win2k3 SP2 + DEP. Perhaps you shoul 04 Nov 2009 19:41:12 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70691 CONFidence 2.0, schedule online, last time to register. Dear Madame/Sir, CONFidence is the one of the most technical conference in Eastern Europe. You can find videos from the latest edition here: http://2 04 Nov 2009 17:13:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70713 Argentinean Arnet isp webmail Moderate vulnerability in argentinean ARNET isp webmail. well, there is some kind of weakened authentication on the webmail of Arnet (webmail.arnet. 04 Nov 2009 15:00:20 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70718 AST-2009-009: Cross-site AJAX request vulnerability Asterisk Project Security Advisory - AST-2009-009 +------------------------------------------------------------------------+ | Product 04 Nov 2009 12:12:42 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70673 AST-2009-008: SIP responses expose valid usernames Asterisk Project Security Advisory - AST-2009-008 +------------------------------------------------------------------------+ | Product 04 Nov 2009 12:12:22 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70672 ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-080 November 4 04 Nov 2009 11:50:57 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70711