Full Disclosure

Syndicate content
An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.
Updated: 1 hour 49 min ago

2nd CfP: ICCGI 2010 || September 20-25, 2010 - Valencia, Spain

8 hours 37 min ago

Posted by Miguel . Garcia on Mar 12

2nd CfP: ICCGI 2010 || September 20-25, 2010 - Valencia, Spain

INVITATION:

=================
Please consider to contribute to and/or forward to the appropriate
groups the following opportunity to submit and publish original
scientific results.
=================

============== ICCGI 2010 | Call for Papers ===============

CALL FOR PAPERS, TUTORIALS, PANELS

ICCGI 2010: The Fifth International Multi-Conference on Computing in the
Global...

2nd CfP: INTERNET 2010 || September 20-25, 2010 - Valencia, Spain

8 hours 48 min ago

Posted by Sandra Sendra on Mar 12

INVITATION:

=================
Please consider to contribute to and/or forward to the appropriate groups the following opportunity to submit and
publish original scientific results.
=================

============== INTERNET 2010 | Call for Papers ===============

CALL FOR PAPERS, TUTORIALS, PANELS

INTERNET 2010: The Second International Conference on Evolving Internet
September 20-25, 2010 - Valencia, Spain

General page:...

SecurityFocus to partially shut down

8 hours 50 min ago

Posted by netinfinity on Mar 12

*Since its inception in 1999, SecurityFocus has been a mainstay in the
security community. From original news content to detailed technical papers
and guest columnists, we’ve strived to be the community’s source for all
things security related. SecurityFocus was formed with the idea that the
community needed a place to come together and share its collected wisdom and
knowledge. *
* At the time, the security community was fairly fragmented...

[SECURITY] [DSA 2014-1] New moin packages fix several vulnerabilities

9 hours 1 min ago

Posted by Giuseppe Iuculano on Mar 12

------------------------------------------------------------------------
Debian Security Advisory DSA-2014-1 security () debian org
http://www.debian.org/security/ Giuseppe Iuculano
March 12, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : moin
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2012-1] New Linux 2.6.26 packages fix several issues

9 hours 2 min ago

Posted by dann frazier on Mar 12

----------------------------------------------------------------------
Debian Security Advisory DSA-2012-1 security () debian org
http://www.debian.org/security/ dann frazier
March 11, 2010 http://www.debian.org/security/faq
----------------------------------------------------------------------

Package : linux-2.6
Vulnerability : privilege escalation/denial of service
Problem...

Fw: Ubisoft DDoS

11 hours 22 min ago

Posted by Shinnok on Mar 12

----- Forwarded Message ----
From: Shinnok <raydenxy () yahoo com>
To: Jan Schejbal <jan.mailinglisten () googlemail com>
Sent: Fri, March 12, 2010 10:43:30 AM
Subject: Re: [Full-disclosure] Ubisoft DDoS

Hi,

I'd more likely believe that this is a story made up by Ubisoft to hide out their big failure in the new centralized
DRM system.
Buyers of Assassins Creed and alikes that use the new DRM system haven't been able to play it for...

[USN-911-1] MoinMoin vulnerabilities

11 March, 2010 - 21:01

Posted by Jamie Strandboge on Mar 11

===========================================================
Ubuntu Security Notice USN-911-1 March 11, 2010
moin vulnerabilities
CVE-2010-0668, CVE-2010-0669, CVE-2010-0717
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu,...

iDefense Security Advisory 03.11.10: Multiple Vendor WebKit HTML Element Use After Free Vulnerability

11 March, 2010 - 19:22

Posted by iDefense Labs on Mar 11

iDefense Security Advisory 03.11.10
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 11, 2010

I. BACKGROUND

WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.

http://webkit.org/

II. DESCRIPTION

Remote exploitation of a memory corruption vulnerability in WebKit, as
included with...

Last day to download WinScanX Basic or WinScanX Pro... forever.

11 March, 2010 - 18:42

Posted by Reed Arvin on Mar 11

I have received a cease and desist letter regarding certain tools on
http://windowsaudit.com. Regardless of the validity of the
accusations, I do not have the financial means to support legal
defense.

With that said, please take this opportunity to download WinScanX
Basic or purchase WinScanX Pro before they are gone forever. After
today, all that remains is a slim chance to find the product(s) via
some other means.

The http://windowsaudit.com...

[SECURITY] [DSA 2013-1] New egroupware packages fix several vulnerabilities

11 March, 2010 - 17:30

Posted by Moritz Muehlenhoff on Mar 11

------------------------------------------------------------------------
Debian Security Advisory DSA-2013-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
March 11, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : egroupware
Vulnerability : several
Problem type : remote...

[ MDVSA-2010:061 ] ncpfs

11 March, 2010 - 15:05

Posted by security on Mar 11

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:061
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ncpfs
Date : March 11, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0...

Re: New Internet Explorer code-execution

11 March, 2010 - 14:50

Posted by Georgi Guninski on Mar 11

haha, they updated their ``advisory'' to 1.1 from 1.0 at
http://www.microsoft.com/technet/security/advisory/981374.mspx

they changed ``targeted'' to ``public'' and the rest seems the same.

are targeted customers less important than public customers?

extra points for spelling eCHO as Echo:

Echo y| cacls %WINDIR%\SYSWOW64\iepeers.DLL /E /P everyone:N
Impact of workaround. Extended MSHTML functionality such as printing and
Web folders may be...

Re: Multiple vulnerabilities in SUPERAntiSpyware and Super Ad Blocker

11 March, 2010 - 14:02

Posted by netinfinity on Mar 11

*I am really sorry and appologize for using lame file uploading sites,
but I don't own a domain:( I tried to attach ZIP archive, but it seems
it's being filtered*

Use tar.gz not zip. Or .rar could also work.

ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability

11 March, 2010 - 13:09

Posted by ZDI Disclosures on Mar 11

ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-027
March 11, 2010

-- Affected Vendors:
Skype

-- Affected Products:
Skype

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8328.
For further product information on the TippingPoint IPS,...

ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerability

11 March, 2010 - 13:08

Posted by ZDI Disclosures on Mar 11

ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-028
March 11, 2010

-- Affected Vendors:
Skype

-- Affected Products:
Skype

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8329.
For further product information on the TippingPoint IPS, visit:...

Vulnerabilities in Abton

11 March, 2010 - 10:19

Posted by MustLive on Mar 11

Hello Full-Disclosure!

I want to warn you about vulnerabilities in Abton. It's commercial Ukrainian
CMS.

-----------------------------
Advisory: Vulnerabilities in Abton
-----------------------------
URL: http://websecurity.com.ua/2886/
-----------------------------
Timeline:

31.03.2008 - found the vulnerabilities.
16.02.2009 - announced at my site.
17.02.2009 - informed developers.
24.11.2009 - disclosed at my site....

Skype URI Handler Input Validation

11 March, 2010 - 10:17

Posted by Paul Craig on Mar 11

( , ) (,
. `.' ) ('. ',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_='`"``=.

presents..

Skype URI Handler Input Validation...

[SECURITY] [DSA 2011-1] New dpkg packages fix path traversal

11 March, 2010 - 10:15

Posted by Nico Golde on Mar 11

--------------------------------------------------------------------------
Debian Security Advisory DSA-2011-1 security () debian org
http://www.debian.org/security/ Nico Golde
March 10th, 2010 http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package : dpkg
Vulnerability : path traversal
Problem type :...

[SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities

11 March, 2010 - 10:13

Posted by dann frazier on Mar 11

------------------------------------------------------------------------
Debian Security Advisory DSA-2010 security () debian org
http://www.debian.org/security/ Dann Frazier
March 10, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : kvm
Vulnerability : privilege escalation/denial of service
Problem type...

Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability

11 March, 2010 - 10:12

Posted by Secunia Research on Mar 11

======================================================================

Secunia Research 10/03/2010

- XnView DICOM Parsing Integer Overflow Vulnerability -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...