-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1240-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
December 21, 2006
-
New Windows tool - PWDumpX v1.1 (with CacheDump functionality)
Tool location: http://reedarvin.thearvins.com/tools/PWDumpX11.zip
=
Description:
PWDumpX version 1.1 allows a user with administrative privileges to
retrieve the domain password cache, password hashes and LSA secrets
from a
Hello,
People, programmers, computers, software, design patterns, systems, and
infrastructure are constantly changing, often being reinvented. As such,
will never be stable.
Concrete of a type is always the same and therefore predictable. One can
state with certainly that a concrete slab will
Windows is very very holy.
Microsoft may draw castles guarded by lions round PC's in adverts but we
know better.
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by
n.runs AG
http://www.nruns.com/ security at nruns.com
n.runs-SA-2006.005 21-Dec-2006
Vendor:
This vulnerability has been patched successfully by the vendor as tests by
various parties have demonstrated, more details here:
http://cytrap.eu/blog/?p=133
Happy Holidays
Urs E. Gattiker
CyTRAP Labs and www.CASEScontact.org
At 21:23 2006-10-04, you wrote:
--
Dear full-disclosure@lists.grok.org.uk,
Since it's already wide spread on the public forums and exploit is
published on multiple sites and there is no way to stop it, I think
it's time to alert lists about this.
On the one of Russian forums:
Hello,
SinFP is a new approach to OS fingerprinting, which bypasses
limitations that nmap has. More info:
http://www.gomor.org/sinfp .
SinFP has now 140 signatures.
You can download it via CPAN, or via SourceForge:
https://sourceforge.net/projects/sinfp
Also, two benchmarks versus Nmap have
Dear full-disclosure@lists.grok.org.uk,
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may become sensitive is some 3rd party software is
used for automated event log analysis.
[introduction]
n3td3v is deeply sad at the new trend of morally accepted blackmail by
the security community, known better as a month of bugs.
sincere researchers are coming forward more frequently to threaten
companies with a month of vendor bugs.
because they are known to be sincere they are
n3td3v wrote:
[introduction]
n3td3v is deeply sad at the new trend of morally accepted blackmail by
the security community, known better as a month of bugs.
sincere researchers are coming forward more frequently to threaten
companies with a month of vendor bugs.
because they are known to
Heya lists 3APA3A,
3APA3A a écrit :
Dear full-disclosure@lists.grok.org.uk,
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may become sensitive is some 3rd party software
Dear lists,
in another Russian forum, Killer{R} made analysis on this issue using
Windows 2000 sources:
http://bugtraq.ru/cgi-bin/forum.mcgi?type=sbb=21m=140672
The problem is in win32k.sys' function GetHardErrorText, which tries to
prepare EXCEPTION data for event log, and seems to be
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may become sensitive is some 3rd party software is
used for automated event log analysis.
I doubt this. The event logs don't
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may become sensitive is some 3rd party software is
used for automated event log analysis.
Log tampering is a big
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may become sensitive is some 3rd party software is
used for automated event log analysis.
I doubt this. The event logs don't
SQL injection digger is a command line program that looks for SQL
injections and common errors in websites.Current version looks for SQL
injections and common errors in website urls found by performing a
google search.
Sqiud can be downloaded from http://sqid.rubyforge.org.
--
MSG //
Dear Tim,
--Thursday, December 21, 2006, 6:41:11 PM, you wrote to [EMAIL PROTECTED]:
T 3APA3A, have you tried to see if elements like %n!FORMAT! used
T recursively will invoke the wsprintf()-like behavior??
Yes, I did. It doesn't work.
--
~/ZARAZA
Но ведь кому угодно могут прийти в голову
Dear Michele Cicciotti,
--Thursday, December 21, 2006, 6:20:54 PM, you wrote to
full-disclosure@lists.grok.org.uk:
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Netragard, L.L.C Advisory* ***
Strategic Reconnaissance Team
http://www.netragard.com
Gadi Evron a écrit :
On Tue, 12 Dec 2006, Joxean Koret wrote:
Wow! That's fun! The so called Word 0 day flaw also affects
OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
with the file:
This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
Yes, probably this bug only affects event viewer itself. I don't
understand how and why Microsoft achieved this effect in event viewer,
which is, by the way, security tool, and if it's hard for different
vendor to make same mistake.
For what it's worth, the updated viewer
3APA3A wrote:
Killer{R} assumes the problem is in strcpy(), because it should not be
used for overlapping buffers, but at least ANSI implementation of strcpy
from Visual C should be safe in this very situation (copying to lower
addresses). May be code is different for Windows XP or
Jason Muskat, GCFA, GCUX, de VE3TSJ wrote:
People, programmers, computers, software, design patterns, systems, and
infrastructure are constantly changing, often being reinvented. As such,
will never be stable.
Concrete of a type is always the same and therefore predictable. One can
state
Holy mackerel! Instances of this bug date back to 1999!
http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff
--Pukhraj
On 12/21/06, Alexander Sotirov [EMAIL PROTECTED] wrote:
3APA3A wrote:
Killer{R} assumes the
On Thu, 21 Dec 2006 23:15:41 GMT, Aaron Gray said:
Sorry a dog not lions !
Of course, even the most bad-ass canine can be taken down by sufficient
strength:
Herakles asked Pouton [Haides] for Kerberos, and was told to take the hound if
he could overpower it without using any of the weapons he
Holy mackerel! Instances of this bug date back to 1999!
Different bug. That appears to be a trivial exhaustion of CSRSS worker threads
through indiscriminate calls to MessageBox+MB_SERVICE_NOTIFICATION, which
causes a DoS as no threads are available to serve kernel-mode requests from
win32k,
On Thu, 2006-12-21 at 02:28 +, Aaron Gray wrote:
Windows is very very holy.
Don't you mean hole'y? ;-)
-Jim P.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
On Thu, 2006-12-21 at 20:37 -0500, Jim Popovitch wrote:
On Thu, 2006-12-21 at 02:28 +, Aaron Gray wrote:
Windows is very very holy.
Don't you mean hole'y? ;-)
OK, why do I get bounce messages from
[EMAIL PROTECTED] (sub: Posting error: Secure Computing)
[EMAIL PROTECTED] (sub:
List,
I'm glad to release a beta version of untidy; untidy is general
purpose XML Fuzzer. It takes a string representation of a XML as input
and generates a set of modified, potentially invalid, XMLs based on
the input. It's released under GPL v2 and written in python.
Windows is very very holy.
Don't you mean hole'y? ;-)
Time for a gratuitous Sluggy Freelance reference!
http://sluggy.com/daily.php?date=040208
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
31 matches
Mail list logo