-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass
vulnerability in GNUBoard.
Revision 1.0
Date Published: 2004-12-24 (KST)
Last Update: 2005-01-33
Disclosed by SSR Team ([EMAIL PROTECTED])
Summary
GNUBoard is one
Covered on the F-Secure weblog, the DNS has been pointed at 127.0.0.2
so no more bots will be connecting. Just posting the source incase
5wk.com dies:
#!/usr/bin/perl
#
# # # #
# # # # ## # ### # # # #
On Sat, 25 Dec 2004, Exibar wrote:
His parents become the gardians of his estate by default (assuming he
wasn't married or had children). His parents now own everything that man
had while alive, digital and physical.
You don't seem to understand the terms guardian and own. They have
You so proudly posted this:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.htmlmikewww.michaelevanchik.com
Obviously you are just tickled to see that the kiddies were able to so quickly turn your point/click sploit code into
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
War-Dialer - Complete Source Code available:
http://home.comcast.net/~nodialtone/
-b
signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 26 Dec 2004 06:34:24 -0800 James Tucker
[EMAIL PROTECTED] wrote:
The only charge appropriate for this case would be
what is informally known as a 'gag order' and will
require that you disprove under a court of law all
statements made by Mr
Dave Aitel wrote:
Of course, this sort of thing is basically impossible to disprove -
especially without source.
If I were looking for a well-hidden backdoor, I wouldn't bother with
source. There's no guarantee that a particular binary was produced by a
particular group of source unless you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: glibc
Advisory ID:
J.A. Terranson wrote:
When you feed trolls, they grow :-)
Hey - I'm preplanning for Thanksgiving!
Seriously, we seem to be getting more crap like this. Are people just
bored?
I'm bored :-)
mx1# touch killme
mx1# chmod 0 killme
mx1# ls -al killme
--
lots has passed since releasing a phpbb worm by some stupid people, i will
list my oppinion about it.
- why release a worm? not sure about newer ones, but first one did not do
anything, so, whats the point?. Worm will warn whole world about
vulnerability and most of servers will patch it,
--On Sunday, January 02, 2005 08:27:09 PM -0800 Blue Boar
[EMAIL PROTECTED] wrote:
As for proof in this particular case, I find the claim rather
extraordinary, so I would place the burden of proof on the claimer. Let's
see an exploit.
You're never going to see one. It's too sooper sekrit to
Have a guid new year! ;)
Kind regards,
Des Ward
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
CSIS Security Advisory: [CSIS2005-1)
Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser
Date Published: 3rd of January 2005
Product description:
GFI MailEssentials for Exchange/SMTP offers spam protection and email
management at server level. GFI MailEssentials offers a fast
---
Multiple Firewall Products Bypass Vulnerability
---
Online URL : http://ferruh.mavituna.com/article/?769
Download POC:
Just throwing an idea out here
On many systems, with more advanced users but less memory, I set the
Help and Support service to 'manual' start. This prevents the service
from being loaded on boot (about 30mb of memory saved, IIRC).
Does this affect these exploits?
N.B. There is a side
Daniel H. Renner wrote:
I recall an interview with a highly placed security executive back in
the later '90s. In this interview he lamented being in the security
business in the United States with a line similar to:
If you create and announce a security product in the United States, you
will very
On Wed, 29 Dec 2004, Exibar wrote:
Yes I am aware that the laws differe from state to state. This would be a
federal case, a US Federal case, if it ever got that far, it won't.
You wanna explain how you came to this brilliant conclusion? How is an
estate issue federal?
No
IANAL, but
It's too 1337.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul
Schmehl
Sent: Monday, January 03, 2005 11:17 AM
To: Blue Boar; Dave Aitel
Cc: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Multiple Backdoors found in eEye
- Original Message -
From: J. Oquendo [EMAIL PROTECTED]
To: full-disclosure@lists.netsys.com
Sent: Thursday, December 30, 2004 9:56 AM
Subject: [Full-Disclosure] Trivial Bug in Symantec Security Products
Somehow, Symantec engineers have not implemented a mechanism to disallow a
I forget who initially mentioned this but I recall in one off-the-record
conversation that virus authoring groups rarely have a QA department. For
this, white hats and security professionals can be thankful.
Regards,
Patrick Nolan
Virus Researcher - Fortinet Inc.
http://www.fortinet.com
To
On Mon, Dec 27, 2004 at 08:49:38PM -0500, [EMAIL PROTECTED] ([EMAIL PROTECTED])
wrote:
On Sun, 26 Dec 2004 14:34:24 GMT, James Tucker said:
not possible. This is not to say that communications don't get
monitored, it is just to say that the report of 'everything you say is
being watched'
22 matches
Mail list logo