- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1003-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 16th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1004-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
March 16th, 2006
Hi,
On Tue, Mar 14, 2006 at 07:32:16PM +0100, Hans Wolters wrote:
Once you visit a site where Invision Board is used the first click on
the Log In link points the visitor to a link with the session id in it:
index.php?s=session_idact=LoginCODE=00
If you copy this session id, login and
This report is ridiculous and quite frankly shows that the author does not
understand how IPB works.
Yes, the author is correct in finding that if you: copy the user's IP address,
copy the user's user-agent and copy the user's session ID then they can
hijack your session.
That's because, to
Dear XFOCUS Team,
Is this the same vuln as discovered by class101 ?
http://www.zerodayinitiative.com/advisories/ZDI-06-004.html
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt
AuthorFrancesco aScii Ongaro (ascii at katamail . com)
Date 20060316
I. BACKGROUND
Milkeyway is a software for the management and administration of
internet access within public structures and frameworks, where
no
Dear XFOCUS Team,
Is this the same vuln as discovered by class101 ?
http://www.zerodayinitiative.com/advisories/ZDI-06-004.html
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
no, but our discoveries are all patched with the same patch, look at
the MS advisory closely:
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
Microsoft thanks http://go.microsoft.com/fwlink/?LinkId=21127 the
following for working
Alle 10:33, martedì 14 marzo 2006, Marco Ivaldi ha scritto:
I've recently stumbled upon an interesting behaviour of some Linux kernels
that may be exploited by a remote attacker to abuse the ID field of IP
packets, effectively bypassing the zero IP ID in DF packets countermeasure
implemented
Matt,
On 16-mrt-2006, at 15:55, [EMAIL PROTECTED] wrote:
This report is ridiculous and quite frankly shows that the author
does not understand how IPB works.
Yes, the author is correct in finding that if you: copy the user's
IP address, copy the user's user-agent and copy the user's
Good morning,
This might not come as a surprise, but there appears to be a *very*
interesting and apparently very much exploitable overflow in Microsoft
Internet Explorer (mshtml.dll).
This vulnerability can be triggered by specifying more than a couple
thousand script action handlers (such as
On Thu, 16 Mar 2006, Daniel Bonekeeper wrote:
BTW, tested the POC on MSIE (File Version = 6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)) with mshtml.dll (6.00.2900.2802
(xpsp_sp2_gdr.051123-1230)) and it didn't worked.
Daniel followed up with me in private and confirmed that the PoC *did*
work
BTW, tested the POC on MSIE (File Version = 6.00.2900.2180
(xpsp_sp2_rtm.040803-2158))
with mshtml.dll (6.00.2900.2802 (xpsp_sp2_gdr.051123-1230)) and it
didn't worked.
--
What this world needs is a good five-dollar plasma weapon.
14 matches
Mail list logo