[Full-disclosure] Snort's BO pre-processor exploit

2005-10-25 Thread rd
Hi, Just wanna point out a small exploit release for a remotely vulnerability in Snort's Back Orifice pre-processor found by ISS recently. http://www.thc.org/download.php?t=ef=THCsnortbo.c Have fun, --rd/thc ___ Full-Disclosure - We believe in it.

Re: [Full-disclosure] Revised draft on ICMP attacks

2005-10-25 Thread Joxean Koret
Fuck you too and close the fucking list! no disclosure for life!On 10/24/05, John Cartwright [EMAIL PROTECTED] wrote: On Mon, Oct 24, 2005 at 06:23:15PM +0200, Joxean Koret wrote: On 10/24/05, Fernando Gont [EMAIL PROTECTED] wrote: Feedback is welcome, noise should go to /dev/null. Then move

Re: [Full-disclosure] vhost enumeration

2005-10-25 Thread Zanzibar
[EMAIL PROTECTED] wrote : I think a zone transfer would be the only authoritative resource. This would only work for a given domain name. What if the server have several domains? -- Christophe Garault ___ Full-Disclosure - We believe in it.

[Full-disclosure] Network Appliance iSCSI Authentication Bypass

2005-10-25 Thread advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 # Security Advisory: Network Appliance iSCSI Authentication Bypass ## Origin Date: Wed Aug 3 2005 ## Publication Date: Mon Oct 24 2005 ## Synopsis Unauthenticated iSCSI Initiators can bypass iSCSI authentication on NetApp Filers by manipulating

[Full-disclosure] [ GLSA 200510-20 ] Zope: File inclusion through RestructuredText

2005-10-25 Thread Thierry Carrez
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200510-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[Full-disclosure] [ GLSA 200510-21 ] phpMyAdmin: Local file inclusion and XSS vulnerabilities

2005-10-25 Thread Thierry Carrez
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200510-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Re: [Full-disclosure] vhost enumeration

2005-10-25 Thread Valdis . Kletnieks
On Tue, 25 Oct 2005 12:18:54 +0200, Zanzibar said: [EMAIL PROTECTED] wrote : I think a zone transfer would be the only authoritative resource. This would only work for a given domain name. What if the server have several domains? Even worse, there may be multiple DNS and webservers

Re: [Full-disclosure] Revised draft on ICMP attacks

2005-10-25 Thread John Cartwright
On Tue, Oct 25, 2005 at 11:48:26AM +0200, Joxean Koret wrote: Fuck you too and close the fucking list! no disclosure for life! Consider yourself moderated. Folks here are posting constructive information that others find useful. If you believe the information to be incorrect, you are entitled

Re: [Full-disclosure] Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte

2005-10-25 Thread trains
Quoting Andrey Bayora [EMAIL PROTECTED]: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte. AUTHOR: Andrey Bayora (www.securityelf.org) Some file types like .bat, .html and .eml can be properly executed even if they have some unrelated beginning. For

[Full-disclosure] [SECURITY] [DSA 871-1] New libgda2 packages fix arbitrary code execution

2005-10-25 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 871-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 25th, 2005

[Full-disclosure] Continued threat continues

2005-10-25 Thread n3td3v
It has been reported via the n3td3v group news wire that the group has surpassed its 600th member, adding to speculation that the group, hosted on the Google Groups network is only going to grow larger. The founder n3td3v since 1999 has been responsible for a number of vendor-side reported

[Full-disclosure] Skype security advisory

2005-10-25 Thread . EADS CCR DCR/STI/C
Synopsis The EADS/CRC security team discovered a flaw in Skype client. Skype is a P2P VoIP software that can bypass firewalls and NAT to connect to the Skype network. Skype is very popular because of its sound quality and ease of use. Skype client is available for Windows,

Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.

2005-10-25 Thread Tatercrispies
I can confirm that this vulnerability in IE can be used in the following applications: . Invision Gallery . Vbulletin . Hotmail.com . Most photo gallery scripts Then I gave up looking. Surprised this doesn't have more coverage. On 10/23/05, Tatercrispies [EMAIL PROTECTED] wrote: This is a

[Full-disclosure] [SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution

2005-10-25 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 871-2 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 25th, 2005

[Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability

2005-10-25 Thread Bernhard Mueller
SEC-CONSULT Security Advisory 20051025-0 == title: Snoopy Remote Code Execution Vulnerability program: Snoopy PHP Webclient vulnerable version: 1.2 and earlier homepage: http

Re: [Full-disclosure] SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS

2005-10-25 Thread H D Moore
I believe 5.2 and 5.3 are vulnerable as well, there are other fun bugs hiding in there too :) Filemon rocks. -HD On Tuesday 25 October 2005 15:26, Bernhard Mueller wrote: This flaw was discovered in version 5.1 of RSA Agent for Web. No other versions were available for testing. Web Agents 5.1

[Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.

2005-10-25 Thread Paul Laudanski
On Sat, 22 Oct 2005, K-Gen Gen wrote: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. I sent the report to phpBB and they said that a patch will be available withing a few days and It will be integrated into 2.0.18 . Note: This works like XSS, and requires the

Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.

2005-10-25 Thread Tatercrispies
On 10/25/05, Paul Laudanski [EMAIL PROTECTED] wrote: Anyone have other ideas on this?I've already implemented some code tovalidate file input and its working.But is this the right approach? Since it is an IE issue, you may as well be using HttpOnly cookies. It isn't a perfect fix, but maybe good

RE: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte

2005-10-25 Thread Debasis Mohanty
Hello Andrey, Few comments on this - Correct me if I am wrong, forged magic byte might not always be able to fool the AV in real scenario (especially EXEs) unless you are talking about Static Virus scanners. In past few years the AV scanning technology has improved a lot and has gone even beyond

Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte

2005-10-25 Thread Andrey Bayora
Hello Debasis, Please see my inline comments below. Thanks. Regards, Andrey - Original Message - From: Debasis Mohanty [EMAIL PROTECTED] To: 'Andrey Bayora' [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Cc: bugtraq@securityfocus.com Sent: Tuesday, October 25, 2005 7:17 PM

Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well).

2005-10-25 Thread Morning Wood
By prepending image headers you can often fool php/IE. This technique has been used successfully to bypass php checking and renders the php upon access. --- ÿØÿà JFIF ?php some phpcode ? --- or