On Sat, 22 Jul 2006 16:09:34 +0200, Peter Bieringer said:
Linux / Fedora Core 5 (glibc-2.4-8):
Known deficiency in glibc. Code to do RFC3484 precedence tables landed
in Fedora Rawhide the first half of May and is in FC6-test. I don't know
the status of that glibc code landing in RHEL
===
Ubuntu Security Notice USN-296-2 July 25, 2006
firefox, mozilla-firefox vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778,
CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783,
CVE-2006-2784,
Thanks for the input. But the problem is, that the private key of the
certificate cannot be exported (not allowed by the certificate store of
windows) - so this doesn't work...
Don't tell me a simple greyed out checkbox can stop you ...
Hi all,Does anyone has a questionnaire for a security architecture review ?Best regards--
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Nicolas RUFF wrote:
Thanks for the input. But the problem is, that the private key of the
certificate cannot be exported (not allowed by the certificate store of
windows) - so this doesn't work...
Don't tell me a simple greyed out checkbox can stop you ...
^--- foudstone's
On 7/25/06, Aaron Gray [EMAIL PROTECTED] wrote:
schnnip
Yes I do, but I think a spcialized list is in order for web vulnabilities.
XSS are based on bad code practices .. some day the programmers will
learn to not make such mistakes if we point them. if we ignore them
well security is not
--
Message: 16
Date: Mon, 24 Jul 2006
From: Aaron Gray
Subject: Crap capitalistic artical etc...
Take alooky at this :-
http://www.pcworld.com/news/article/0,aid,126438,tk,nl_wbxnws,00.asp
Is that the best they can muster ?
Aaron
---
On Tue, 25 Jul 2006, [EMAIL PROTECTED] wrote:
http://www.pcworld.com/news/article/0,aid,126438,tk,nl_wbxnws,00.asp
Is that the best they can muster ?
No, they have many other equally fine articles ;-)
/mz
___
Full-Disclosure - We believe in it.
Summary
---
A cookie-stealing Cross-site scripting vulnerability was found on MSN's
website (msn.com). Using this vulnerability, an attacker could potentially
gain access to a victim's Inbox.
This vulnerability was discovered by: tontonq and Nir Goldshlager.
Disclosure timeline
[vuln.sg] Vulnerability Research Advisory
DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities
by Tan Chew Keong
Release Date: 2006-07-25
Summary
---
Some vulnerabilities have been found in DynaZip DZIP32.DLL/DZIPS32.DLL.
When exploited, the vulnerabilities allow execution of
[vuln.sg] Vulnerability Research Advisory
TurboZIP ZIP Repair Buffer Overflow Vulnerability
by Tan Chew Keong
Release Date: 2006-07-25
Summary
---
A vulnerability has been found in TurboZIP. When exploited, the
vulnerability allows execution of arbitrary code when the user opens and
[vuln.sg] Vulnerability Research Advisory
AGEphone sipd.dll SIP Packet Handling Buffer Overflow
by Tan Chew Keong
Release Date: 2006-07-25
Summary
---
A vulnerability has been found in AGEphone. When exploited, the
vulnerability allows execution of arbitrary code with privileges of the
[vuln.sg] Vulnerability Research Advisory
PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability
by Tan Chew Keong
Release Date: 2006-07-25
Summary
---
A vulnerability has been found in PowerArchiver. When exploited, the
vulnerability allows execution of arbitrary code when the user adds
[EMAIL PROTECTED] wrote:
Hi there
Thanx for information... Will try my best :)
Have a nice day,
GreetZ from IndianZ
Don't tell me a simple greyed out checkbox can stop you ...
^--- foudstone's showwin.exe usually does the trick
Actually, it's a bit harder.
At
I think you're confusing the PRACTICE with the LIST.
They're not talking about us.
Yes I know but it is a bit half and half,
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Dear J. Oquendo,
It's most likely your flood attack impacts switch or router between
source and target. Try to make a test with a direct link on crossed
wire, without any network equipment.
--Monday, July 24, 2006, 11:01:04 PM, you wrote to
full-disclosure@lists.grok.org.uk:
JO
==
Secunia Research 25/07/2006
- FileCOPA Directory Argument Handling Buffer Overflow -
==
Table of Contents
Affected
Sorry didn't mean to offend with the Bikini comments any reasonable way
huh? How about sending a picture of yourself holding a small sign that says
Full-Disclosure is Awesome! and that very long number that was sent to
you previously on the bottom of the sign :-)
ok, seriously
Still looking for spam? This might be not be completely current, but it
might help you out: http://www.toastedspam.com/freespamlist
Mace
Exibar wrote:
Sorry didn't mean to offend with the Bikini comments any reasonable
way huh? How about sending a picture of yourself holding a small
===
Ubuntu Security Notice USN-323-1 July 25, 2006
mozilla vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778,
CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782,
CVE-2006-2783, CVE-2006-2784,
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
True.
Mace
Dude VanWinkle wrote:
On 7/25/06, Matthew Phillips [EMAIL PROTECTED] wrote:
Still looking for spam? This might be not be completely current, but it
might help you out: http://www.toastedspam.com/freespamlist
It should be noted that if you sign up for it, its not spam.
-JP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: Professional Home Page Tools Login Script Cross Site
Scripting Vulnerabilities
Release Date: 2006/07/25
Last Modified: 2006/07/25
Author: Tamriel [tamriel at gmx dot net]
Application: Professional Home Page Tools Login
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200607-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: TP-Book = 1.00 Cross Site Scripting Vulnerabilities
Release Date: 2006/07/25
Last Modified: 2006/07/25
Author: Tamriel [tamriel at gmx dot net]
Application: TP-Book = 1.00
Risk: Low
Vendor Status: not
The easier way is to go to http://www.paulgraham.com/spamarchives.html
and try some of the links on there.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:131
http://www.mandriva.com/security/
ZDI-06-024: eIQnetworks Enterprise Security Analyzer License Manager
Buffer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-024.html
July 25, 2006
-- CVE ID:
CVE-2006-3838
-- Affected Vendor:
eIQnetworks
-- Affected Products:
eIQnetworks Enterprise Security Analyzer
ZDI-06-023: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-023.html
July 25, 2006
-- CVE ID:
CVE-2006-3838
-- Affected Vendor:
eIQnetworks
-- Affected Products:
eIQnetworks Enterprise Security Analyzer
TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server
Buffer Overflow Vulnerabilities
http://www.zerodayinitiative.com/advisories/TSRT-06-03.html
July 25, 2006
-- CVE ID:
CVE-2006-3838
-- Affected Vendor:
eIQnetworks
-- Affected Products:
eIQnetworks Enterprise
Hi all.
After early getting the details of MS06-034 I thought
it will be cool to build the exploits since there has
been long time without any IIS exploit and our
customers (see *1) will like it, so I asked the guys
to build the exploits and that I will take care of the
part of elevating
Thank you, duke~~
2006/7/26, Duke [EMAIL PROTECTED]:
i`ve send your mail to my spam friends,
and post it to spam forums.
wait for a half billion mail gift )
- Original Message -
From: [EMAIL PROTECTED]
To: Cardoso [EMAIL PROTECTED]
Cc: Full Disclosure
On Tue, 25 Jul 2006 19:39:23 -0500 Cesar [EMAIL PROTECTED] wrote:
Hi all.
After early getting the details of MS06-034 I thought
it will be cool to build the exploits since there has
been long time without any IIS exploit and our
customers (see *1) will like it, so I asked the guys
to build the
33 matches
Mail list logo