Security News

Vuln: JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability

Security Focus Vulnerabilities - 30 December, 2012 - 00:00
JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability

Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability

Security Focus Vulnerabilities - 29 December, 2012 - 00:00
Pligg CMS 'status' Parameter SQL Injection Vulnerability

Vuln: PHP CVE-2012-0057 Security Bypass Vulnerability

Security Focus Vulnerabilities - 17 February, 2012 - 00:00
PHP CVE-2012-0057 Security Bypass Vulnerability

Bugtraq: [ MDVSA-2012:013 ] mozilla

Security Focus Vulnerabilities - 27 min 36 sec ago
[ MDVSA-2012:013 ] mozilla

Bugtraq: ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability

Security Focus Vulnerabilities - 27 min 36 sec ago
ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability

Bugtraq: RFC 6528 on Defending against Sequence Number Attacks

Security Focus Vulnerabilities - 27 min 36 sec ago
RFC 6528 on Defending against Sequence Number Attacks

Bugtraq: [SECURITY] [DSA 2403-1] php5 security update

Security Focus Vulnerabilities - 27 min 36 sec ago
[SECURITY] [DSA 2403-1] php5 security update

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 27 min 36 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Re: when did piracy/theft become expression of freedom

Full Disclosure - 2 hours 14 min ago

Posted by Georgi Guninski on Feb 04

Just a quote:
<quote>
In Germany they first came for the Communists,
and I didn't speak up because I wasn't a Communist.
Then they came for the Jews,
and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists,
and I didn't speak up because I wasn't a trade unionist.
Then they came for the Catholics,
and I didn't speak up because I was a Protestant.
Then they came for me -
and by...

[SECURITY] [DSA 2384-2] cacti regression

Full Disclosure - 3 hours 38 min ago

Posted by Luk Claes on Feb 04

-------------------------------------------------------------------------
Debian Security Advisory DSA-2384-2 security () debian org
http://www.debian.org/security/
February 04, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cacti
Vulnerability : several
Problem type : remote...

Re: can you answer this?

Full Disclosure - 12 hours 27 min ago

Posted by doc mombasa on Feb 04

aah doom has aspergers.. that explains a lot :)

Den 3. feb. 2012 22.10 skrev doomxd () gmail com <doomxd () gmail com>:

Re: Vulnerability-lab.com XSS

Full Disclosure - 12 hours 28 min ago

Posted by doc mombasa on Feb 04

we fear your irc chan :(

Den 3. feb. 2012 22.06 skrev doomxd () gmail com <doomxd () gmail com>:

[ MDVSA-2012:013 ] mozilla

Bug Traq - 3 February, 2012 - 17:07

Posted by security on Feb 03

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:013
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mozilla
Date : February 3, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:...

Bugtraq: [SECURITY] [DSA 2402-1] iceape security update

Security Focus Vulnerabilities - 3 February, 2012 - 16:30
[SECURITY] [DSA 2402-1] iceape security update

Re: Vulnerability-lab.com XSS

Full Disclosure - 3 February, 2012 - 16:22

Posted by doomxd () gmail com on Feb 03

Your the idiot here.. Boone,will give u guys crap ya cuntzzz and I hope yur havin great time tryin to figure out how
badly this list got owned,off yad do,forcing ppl to sho 0days,yet some ppl,nomatter how big yu may think,are anon,and
that's simple,yu fd a good bug,well it gets patched,yur ass gets kicks from any groups ya in,and remembr ,yur bases are
mine,and intercepting yu will be fun,been funny stall the latest bigs,sudo,etc,all...

Re: can you answer this?

Full Disclosure - 3 February, 2012 - 16:16

Posted by doomxd () gmail com on Feb 03

Arserspeage.haha.
Fku lamer.

----- Reply message -----
From: "Zach C." <fxchip () gmail com>
To: <james () zero-internet org uk>
Cc: "funsec" <funsec () linuxbox org>, "RandallM" <randallm () fidmail com>, <full-disclosure () lists grok org uk>,
<full-disclosure-bounces () lists grok org uk>
Subject: [Full-disclosure] can you answer this?
Date: Fri, Feb 3, 2012 8:04 pm
The...

Re: can you answer this?

Full Disclosure - 3 February, 2012 - 13:37

Posted by Full Disclosure mailing list on Feb 03

I've seen this sort of thing before, from misconfigured VPNs.

Do you have someone using "Tunngle" on your network?

It's a VPN product (as far as I understand it, primarily for gaming),
and it appears to (mis)use the 7.xxx.xxx.xxx IP address space. See this
for a report of similar packet sightings:

http://www.tunngle.net/community/topic/18311-bsod/

My guess is that one of your users has set up this VPN in order to...

Re: can you answer this?

Full Disclosure - 3 February, 2012 - 11:58

Posted by Fabian Wenk on Feb 03

Hello

Was there some notebook (or other device), which came out of this
IP range (could also be from somewhere else where internally this
IP range is misused), into your local network?

This is a DHCP request from the client (from port 68) to the dhcp
server or broadcast address (to port 67). Sometimes a dhcp
client, which has just been (re-)connected to the network, tries
to check if the last assigned IP address is still valid. As the...

[ MDVSA-2012:013 ] mozilla

Full Disclosure - 3 February, 2012 - 11:54

Posted by security on Feb 03

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:013
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mozilla
Date : February 3, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:...

ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability

Bug Traq - 3 February, 2012 - 11:41

Posted by Security_Alert on Feb 03

ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability.

EMC Identifier: ESA-2012-010
EMC Identifier: SRCH-7949

CVE Identifier: CVE-2012-0396

Severity Rating: CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Affected products:
EMC SW: EMC Documentum xPlore 1.0 (all patch versions)
EMC SW: EMC Documentum xPlore 1.1 (all patch versions prior to 1.1 P07)
EMC SW: EMC Documentum xPlore 1.2 (all patch versions)...
Syndicate content