Hi folks,

Firefox 3.6.13 fixes an interesting bug in their same-origin policy
logic for pseudo-URLs that do not have any inherent origin associated
with them. These documents are normally expected to inherit the
context from their parent, or be assigned a unique one. This didn't
work as expected in

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:250
http://www.mandriva.com/security/
______________________________________________________________________

[ more ]  [ reply ]

Vulnerability ID: HTB22720
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_diferior.html
Product: Diferior
Vendor: Povilas Musteikis ( http://www.diferior.com/ )
Vulnerable Version: 8.03 and probably prior versions
Vendor Notification: 25 November 2010
Vulnerability Type: Stored XS

[ more ]  [ reply ]

$ ./nelson
[*] Failed to open file descriptors.
$ uname -r
2.6.35.6-48.fc14.x86_64
$ cat /etc/redhat-release
Fedora release 14 (Laughlin)

But I updated a couple of days ago.

--
Best regards,
Vadim

[ more ]  [ reply ]

www.eVuln.com advisory:

Non-persistent XSS in WWWThreads (perl version)

Summary: http://evuln.com/vulns/157/summary.html

Details: http://evuln.com/vulns/157/description.html

-----------Summary-----------

eVuln ID: EV0157

Software: n/a

Vendor: WWWThreads

Version: v5.0.8 Pro (perl version)

[ more ]  [ reply ]

Debian lenny:

niklas@sandbox:~$ uname -a
Linux sandbox 2.6.26-2-amd64 #1 SMP Thu Sep 16 15:56:38 UTC 2010
x86_64 GNU/Linux
niklas@sandbox:~$ make full-nelson
cc full-nelson.c -o full-nelson
niklas@sandbox:~$ ./full-nelson
[*] Resolving kernel addresses...
[+] Resolved econet_io

[ more ]  [ reply ]

> I've included here a proof-of-concept local privilege escalation exploit
> for Linux. Please read the header for an explanation of what's going
> on. Without further ado, I present full-nelson.c:

Hello Dan, is this exploitation not mitigated by best practice
defense-in-depth strategies such a

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1030-1 December 09, 2010
krb5 vulnerabilities
CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021
===========================================================

A security issue affects the following

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02579879
Version: 1

HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)

NOTICE: The information in t

[ more ]  [ reply ]

Vulnerability ID: HTB22719
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_cmscout.html
Product: CMScout
Vendor: CMScout Team ( http://www.cmscout.co.za/ )
Vulnerable Version: 2.09 and probably prior versions
Vendor Notification: 25 November 2010
Vulnerability Type: CSRF (Cross-Site Reques

[ more ]  [ reply ]

Vulnerability ID: HTB22722
Reference: http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_di
ferior.html
Product: Diferior
Vendor: Povilas Musteikis ( http://www.diferior.com/ )
Vulnerable Version: 8.03 and probably prior versions
Vendor Notification: 25 November 2010
Vulnerabilit

[ more ]  [ reply ]

Google has acknowledged information about fixed versions of Website Optimizer control scripts.
A potential XSS was reported by unnamed person.

More details at
http://websiteoptimizer.blogspot.com/2010/12/update-your-website-optimiz
er-scripts.html

including link to Help Center page with update inst

[ more ]  [ reply ]

Hi all,

I have just blogged about a research we recently did on HTTP Parameter
Pollution [1]. I would like to share it with you.

HPP attacks consist of injecting encoded query string delimiters into
other existing parameters. If a web application does not properly
sanitize the user input, a malici

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1029-1 December 08, 2010
openssl vulnerabilities
CVE-2008-7270, CVE-2010-4180
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02586517
Version: 1

HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon

[ more ]  [ reply ]

iDefense Security Advisory 12.07.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 07, 2010

I. BACKGROUND

QuickTime is Apple's media player product used to render video and other
media. The PICT file format was developed by Apple Inc. in 1984. PICT
files can contain both object-oriente

[ more ]  [ reply ]

> Anyone tested this in sandbox yet?

00:37 linups:../expl/kernel > cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel > uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel > gcc _2.6.37.local.c -o test
00:37 linups:../expl/kernel > ./test
[*] Failed to open f

[ more ]  [ reply ]

Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel 2.6.35-22-generic). Works as expected.

Great job Dan. You're full of win!

Regards,
Ryan Sears
----- Original Message -----
From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming (at) simplicitymedialtd.co (dot) uk [email concealed]>
To: "Dan Rosenberg" <d

[ more ]  [ reply ]

Anyone tested this in sandbox yet?

On 07/12/2010 20:25, Dan Rosenberg wrote:
> Hi all,
>
> I've included here a proof-of-concept local privilege escalation exploit
> for Linux. Please read the header for an explanation of what's going
> on. Without further ado, I present full-nelson.c:
>
> Happy

[ more ]  [ reply ]

Hi all,

I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:

Happy hacking,
Dan

--snip--

/*
* Linux Kernel <= 2.6.37 local privilege escalation
* by Dan

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1028-1 December 07, 2010
imagemagick vulnerability
CVE-2010-4167
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubunt

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1027-1 December 07, 2010
quagga vulnerabilities
CVE-2010-2948, CVE-2010-2949
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-1026-1 December 07, 2010
paste vulnerability
CVE-2010-2477
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02639302Version: 1
HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon

[ more ]  [ reply ]

www.eVuln.com advisory:

HTTP Response Splitting in WWWThreads (php version)

Summary: http://evuln.com/vulns/156/summary.html

Details: http://evuln.com/vulns/156/description.html

-----------Summary-----------

eVuln ID: EV0156

Software: n/a

Vendor: WWWThreads

Version: 2006.11.25

Critical

[ more ]  [ reply ]

======================================================================

Secunia Research 08/12/2010

- QuickTime Track Dimensions Buffer Overflow Vulnerability -

======================================================================
Table of Contents

Affected Software...

[ more ]  [ reply ]

Values placed in the URI of the browser are rendered correctly. Orion NPM
10.1 has just been released, so there is no known fix available as of yet.

Examples:

Most "variable=" that I've checked are vulnerable:

http://<server>/Orion/NetPerfMon/MapView.aspx?Map=4f89095c-35fa-4b1b-813
f-231270=0225b7

[ more ]  [ reply ]

http://www.kryptoslogic.com/advisories/2010/kryptoslogic-winamp-midi.txt

==-===-=====-=======-===========-=============-=================

Winamp 5.6 Arbitrary Code Execution in MIDI Parser

Kryptos Logic, December 2010

==-===-=====-=======-===========-=============-======

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:248
http://www.mandriva.com/security/
______________________________________________________________________

[ more ]  [ reply ]

On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
>
> > Anyone tested this in sandbox yet?
>
> 00:37 linups:../expl/kernel > cat /etc/*release*
> openSUSE 11.3 (i586)
> VERSION = 11.3
> 00:37 linups:../expl/kernel > uname -r
> 2.6.34.4-0.1-desktop
> 00:37 linups:../expl/kernel > gcc _2.6.37.lo

[ more ]  [ reply ]