-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: apache-mod_perl
Jianqiang Xin wrote:
hi, all:
In our research project, we need to generate background traffic. One of
the problem is how to use one or two machines to simulate hundreds of
machines? Is there any open source project for this?
You could use FreeBSD and jails.
If you set it up intelligently, you
Hallo securityguru,
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2004-05-20 12:30]:
Can anyone give me the source code to a good web application security scanner written
in C# so I can start my own company? Drop me an email with a link or code off of
the list please.
you will start your compay with
hi
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2004-05-20 12:30]:
There's a packet generator option I've seen when configuring recent Linux
kernels that I've not played with.
CONFIG_NET_PKTGEN:
This module will inject
preconfigured packets, at a configurable
rate, out of a given
interface.It is used
On Tue, 18 May 2004 18:24:00 EDT, [EMAIL PROTECTED] said:
Can anyone give me the source code to a good web application security scanner written
in C# so I can start my own company? Drop me an email with a link or code off of
the list please.
I can think of a lot of really good tools, but
Do you have any reason to believe Our tools are written in
C# will be of any
help in making a sale?
With the right brochures, a few buzzwords and some pretty screen shots, of
course it would. Too many holders of corporate checkbooks are insufferably
clueless about technology, and would easily
From http://ccvs.cvshome.org/servlets/NewsItemView?newsID=107
News Item: ccvs
2004-05-19: Stable CVS Version 1.11.16 Released! (security update)
Contributed by: Derek Price
Stable CVS 1.11.16 has been released.
Stable releases contain only bug fixes from previous versions of CVS.
This version
Why would u want to start your company with someone elses code? Web
application scanner? Are you refering to something like APPSCAN type
thing or are you refering to VA Scanner type thing like Nessus. If you
are seeking for something like Nessus, then obviously the code is out
there, hire someone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
binaries created via perl2exe also are affected.
C:\type 1.pl
#
$a=A x 256; system($a);
C:\perl2exe -v 1.pl
Perl2Exe V7.02 Copyright (c) 1997-2003 IndigoSTAR Software
Cmd = -v 1.pl
CWD = C:\
Known platforms: Win32
Target platform = Win32 5.006001
$I =
$ENV{'PERL5LIB'} =
Found perl.exe at
I want to start my own web application security company using open source code so I
don't have to pay for it. That way I can get everyone else to do my work for me and
make lots of money
-Original Message-
From: Martin Mkrtchian [EMAIL PROTECTED]
Sent: May 20, 2004 1:05 PM
To: [EMAIL
I haven't tested it yet but this also probably means that the msi/Microsoft
service compilor in the Activeperl Developer's Kit is as well then.
- Original Message -
From: morning_wood [EMAIL PROTECTED]
To: 0day [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, May 20, 2004 2:08 PM
On Thu, 20 May 2004 15:24:01 EDT, [EMAIL PROTECTED] said:
I want to start my own web application security company using open source
code so I don't have to pay for it. That way I can get everyone else to do my
work for me and make lots of money
Somehow, I'm having a hard time getting the
the harry potter and lord of the rings movies must have blinded many here
to trolls and flamebait.
On Thu, 20 May 2004 [EMAIL PROTECTED] wrote:
I want to start my own web application security company using open source code so I
don't have to pay for it. That way I can get everyone else to
Everyone else to do your work for you?
Hmmm interesting concept. It seems like you dont have any experience
in this field do you ?
On Thu, 20 May 2004 15:24:01 -0400 (GMT-04:00),
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I want to start my own web application security company using open
Auditor security collection released
Just like to inform, that i have released my penetration test distro
right now on my companys website under the gpl. The main difference
between phlack, fire and knoppix-std is, that it is focused on
usability. As you know remote-exploit.org was focused in
Auditor security collection released
Just like to inform, that i have released my penetration test distro
right now on my companys website under the gpl. The main difference
between phlack, fire and knoppix-std is, that it is focused on
usability. As you know remote-exploit.org was focused in
Perl2Exe rolls the interpreter up into the exe so if the interpreter is vulnerable,
then the exe will be too. With the service compiler you will have the same situation
in services compiled as 'standalone'; if you compile 'dependent' services you are at
the mercy of the perl interpreter on the
In reference to Troels Bay ([EMAIL PROTECTED]) post to this list
on Sun, 16 May 2004 00:00:08 +0200,
This HTML can be embedded into Apple Mail (using Mozilla's HTML mail
editor for example) and sent as a link which once clicked runs the code
as per the exploit below:
!DOCTYPE html PUBLIC
-disclosure-charter.html
Information from NOD32
This message was checked by NOD32 Antivirus System for Linux Mail Server.
part000.txt - is OK
http://www.nod32.com
__ NOD32 1.768 (20040520) Information __
This message was checked by NOD32 antivirus system.
http
I found I was able to modify a supposedly password-locked Excel file
without the password, with Gnumeric (a free *nix clone of Excel) and
Applix (a commercial *nix clone of Office).
To test this further (since I don't do Windoze) would anyone happen to
have some non-sensitive locked spreadsheets
Eudora 6.1.1 for Windows was released recently. Some buffer oveflow
(exploitable to execute any code) issues seem to be solved, but serious
problems remain. (I do not know if Eudora for Macs is affected.)
Though known for years, the spoofing of attachments is still not fixed.
The problem with
Quoting Max ([EMAIL PROTECTED]):
The Swiss Army Knife for security assessments.
I am sorry but a guy by the name Larry Wall beat you to that.
It is Perl that is 'The Swiss Army Knife for security assessments'
or any other task for that matter. ;)
--
.signature: No such file or directory
This is actually a behavior that is part of Windows Explorer, not
Internet Explorer. I think we have covered this in the past on lists as
well. If it is not already documented somewhere it should be, as this is
how Windows file queries (inside IE) are performed on the local file
system.
Dave Horsfall [EMAIL PROTECTED] wrote:
I found I was able to modify a supposedly password-locked Excel file
without the password, with Gnumeric (a free *nix clone of Excel) and
Applix (a commercial *nix clone of Office).
Similar issues have been discussed previously, in the context of Word.
On Fri, 21 May 2004, Paul Szabo wrote:
[ ... ]
Is the Excel issue related?
Yeah, looks like it. Since the file wasn't encrypted, you don't even need
a hex-editor: just use something other than Excel to open it...
-- Dave
___
Full-Disclosure - We
29 matches
Mail list logo