INVITATION:
=
Please consider to contribute to and/or forward to the appropriate groups the
following opportunity to submit and publish original scientific results.
=
== IMMM 2011 | Call for Papers ===
CALL FOR PAPERS, TUTORIALS, PANELS
INVITATION:
=
Please consider to contribute to and/or forward to the appropriate groups the
following opportunity to submit and publish original scientific results.
=
== IMMM 2011 | Call for Papers ===
CALL FOR PAPERS, TUTORIALS, PANELS
rPath Security Advisory: 2011-0010-1
Published: 2011-02-07
Products:
rPath Appliance Platform Linux Service 2
rPath Linux 2
Rating: Informational
Exposure Level Classification:
Local User Non-deterministic
Updated Versions:
kernel=conary.rpath.com@rpl:2/2.6.32_71.7.1.el6-0.11-1
In a recent application security audit for a web-site I came across a
big, blaring breach.
while it's always fun to find a good vulnerability, it turned out to
be quite tricky to actually exploit it. The trickiness was not due to
good security practices but to pure (un)luck (depending on whose
It is your responsibility to ensure your site remains secure no?
So sharing a host could be seen as a risk, one which you would have
considered already.
A reverse DNS on your domain output the following:
- www.shalb.org
- www.websecurity.com.ua
This most likely indicates you are sharing the host
In a recent application security audit for a web-site I came across a big,
blaring breach.
while it's always fun to find a good vulnerability, it turned out to be
quite tricky to actually exploit it. The trickiness was not due to good
security practices but to pure (un)luck (depending on whose
On Mon, 07 Feb 2011 15:54:39 PST, andrew.wallace said:
The point is, should you be giving him tips on such a publicly accessible
platform?
Quite frankly Andrew, I neither know nor care if Cal is an ex-blackhat. He
showed up on full-disclosure asking a legitimate technical question of general
--On February 7, 2011 11:58:50 PM + Bob Smith
bobbyhadababyitsa...@googlemail.com wrote:
Weak passwords, no brute force protection, lots of sql injections,
was easy to take full control of site
Heres the password files
[snipped]
admins fix ur shit or we will be back
Do you seriously
Probably not but I'm pretty sure someone that knows the admin that is
security inclined would notice it and alert the admins.
Luis Santana - Security+
Administrator - http://hacktalk.net
HackTalk Security - Security From The Underground
On Tue, Feb 8, 2011 at 10:46 AM, Paul Schmehl
Bash supports sending the bash history to a remote syslog
server.This way, even if the commands are cleared, the history
is sent (in real time) to the remote, hopefully secured, syslog
system which can be used for analysis.
--
Champ Clark III | Softwink, Inc |
Hi,
For those interested in CTFs, wargames, etc... This is the complete
walkthrough to one of them: the Spanish SbD wargame held ~1 month ago.
Written by the winning team: int3pids.
http://www.rs-labs.com/papers/int3pids_SbD2011_write_up.pdf
Cheers,
-Román
===ADVISORY===
Advisory: Data Encryption Systems - DESLock+ - Local Kernel
Code Execution/Denial of Service
Advisory ID: DSEC-2011-0002
Author:Neil Kettle, Digit Security Ltd
Affected Software:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:023
http://www.mandriva.com/security/
ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-062
February 8, 2011
-- CVE ID:
CVE-2010-4435
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Hewlett-Packard
IBM
Sun Microsystems
ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-063
February 8, 2011
-- CVE ID:
CVE-2011-0092
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Other
-- Vulnerability Details:
This
ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-064
February 8, 2011
-- CVE ID:
CVE-2011-0045
-- CVSS:
6.8, (AV:L/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Windows XP
--
is FD moderated or not? (hint: ask n3td3v).
i suggest this inconsistency be fixed in one way or another :)
--
joro
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
Dear List,
So finally all the vendors fixed this critical issue (remote code
execution).
As usual, here it goes the PoC to help in the exploitation. It works
against all the affected vendors, so just adjust your payload and have fun!
ZDI-11-065: Adobe Reader Controlled memset Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-065
February 8, 2011
-- CVE ID:
CVE-2011-0567
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Reader
--
ZDI-11-066: Adobe Acrobat Reader U3D Texture .iff RLE Decompression Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-066
February 8, 2011
-- CVE ID:
CVE-2011-0590
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
ZDI-11-067: Adobe Acrobat Reader U3D Texture rgba RLE Decompression Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-067
February 8, 2011
-- CVE ID:
CVE-2011-0591
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
ZDI-11-068: Adobe Acrobat Reader U3D Texture bmp RLE Decompression Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-068
February 8, 2011
-- CVE ID:
CVE-2011-0592
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
ZDI-11-069: Adobe Acrobat Reader U3D Texture psd RLE Decompression Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-069
February 8, 2011
-- CVE ID:
CVE-2011-0593
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
ZDI-11-070: Adobe Acrobat Reader U3D Texture .fli RLE Decompression Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-070
February 8, 2011
-- CVE ID:
CVE-2011-0595
-- CVSS:
9.7, (AV:N/AC:L/Au:N/C:C/I:C/A:P)
-- Affected Vendors:
Adobe
-- Affected
ZDI-11-071: Adobe Reader BMP RLE_8 Decompression Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-071
February 8, 2011
-- CVE ID:
CVE-2011-0596
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Reader
--
ZDI-11-072: Adobe Reader BMP ColorData Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-072
February 8, 2011
-- CVE ID:
CVE-2011-0599
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Reader
--
ZDI-11-073: Adobe Reader ICC Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-073
February 8, 2011
-- CVE ID:
CVE-2011-0598
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Reader
-- Vulnerability
ZDI-11-074: Adobe Reader u3d Parent Node Count Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-074
February 8, 2011
-- CVE ID:
CVE-2011-0600
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Reader
--
ZDI-11-075: Adobe Acrobat Reader rt3d.dll Multimedia Playing Arbitrary Memory
Overwite Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-075
February 8, 2011
-- CVE ID:
CVE-2011-0606
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
--
On 02/08/2011 06:40 PM, ZDI Disclosures wrote:
ZDI-11-072: Adobe Reader BMP ColorData Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-072
February 8, 2011
-- CVE ID:
CVE-2011-0599
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
ZDI-11-076: RealNetworks Real Player Predictable Temporary File Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-076
February 8, 2011
-- CVE ID:
CVE-2011-0694
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
RealNetworks
-- Affected
ZDI-11-077: Adobe Acrobat Reader U3D Texture Parser ILBM Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-077
February 8, 2011
-- CVE ID:
CVE-2011-0590
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe
I don't know who is a more worthless idiot, the people posting things
that will (without question) flood into oblivion because no one gives
a shit... or the town idiot who always feels the need to chime in to
prolong it. You'd think on a list this size, there would be tons of
town idiots...
But
ZDI-11-078: Adobe Shockwave Player FF88 Record Count Element Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-078
February 8, 2011
-- CVE ID:
CVE-2010-4192
-- CVSS:
9, (AV:N/AC:L/Au:N/C:C/I:P/A:P)
-- Affected Vendors:
Adobe
-- Affected Products:
ZDI-11-079: Adobe Shockwave Player 0xFF45 Record Count Element Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-079
February 8, 2011
-- CVE ID:
CVE-2011-0557
-- CVSS:
9, (AV:N/AC:L/Au:N/C:C/I:P/A:P)
-- Affected Vendors:
Adobe
-- Affected Products:
ZDI-11-080: Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-080
February 8, 2011
-- CVE ID:
CVE-2010-4190
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
ZDI-11-081: Adobe Flash Player Point Object Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-081
February 8, 2011
-- CVE ID:
CVE-2011-0578
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Flash Player
--
Andrew, go fuck yourself :)
On Wed, Feb 9, 2011 at 2:12 AM, andrew.wallace
andrew.wall...@rocketmail.com wrote:
On Tue, Feb 8, 2011 at 2:55 PM, valdis.kletni...@vt.edu wrote:
Quite frankly Andrew, I neither know nor care if Cal is an ex-blackhat.
The fact that you state that you don't
38 matches
Mail list logo