ANNOUNCING THE OWASP TESTING GUIDE
The OWASP Testing Guide includes a best practice penetration testing
framework which users can implement in their own organizations and a
low level penetration testing guide that describes techniques for
testing most common web application and web service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200702-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Hello lists,
SehaTo (sehato at yandex ru) reported few vulnerabilities in different
Windows applications. Original messages (in Russian) may be found at
http://securityvulns.com/source16446.html
1. Microsoft Windows Explorer corrupted WMF vulnerability
Does anyone have any info on the security of Microsoft
Groove in Office 2007? I was considering using it for
file sharing between two locations where security is
an absolute must. I like using Hamachi for my
personal use but I like the ability to search with
Groove and the amount of data to be
Michal Zalewski wrote:
A quick test case that crashes while trying to follow partly
user-dependent corrupted pointers near valid memory regions (can be forced
to write, too):
http://lcamtuf.coredump.cx/ietrap/testme.html
Firefox problem is being tracked here:
On 2/25/07, Daniel Veditz [EMAIL PROTECTED] wrote:
Michal Zalewski wrote:
A quick test case that crashes while trying to follow partly
user-dependent corrupted pointers near valid memory regions (can be forced
to write, too):
http://lcamtuf.coredump.cx/ietrap/testme.html
Firefox
On Sunday 25 February 2007 18:57:47 Stan Bubrouski wrote:
On 2/25/07, Daniel Veditz [EMAIL PROTECTED] wrote:
Michal Zalewski wrote:
A quick test case that crashes while trying to follow partly
user-dependent corrupted pointers near valid memory regions (can be
forced to write, too):
The test on that page still puts my 2.0.0.2 in a completely unusable
state, try it yourself and let me know what happens.
-sb
On 2/25/07, Ismail Dönmez [EMAIL PROTECTED] wrote:
On Sunday 25 February 2007 18:57:47 Stan Bubrouski wrote:
On 2/25/07, Daniel Veditz [EMAIL PROTECTED] wrote:
On Sunday 25 February 2007 20:27:19 Stan Bubrouski wrote:
The test on that page still puts my 2.0.0.2 in a completely unusable
state, try it yourself and let me know what happens.
Doesn't crash here on Linux, I just see http://slashdot.org in URL bar and
empty page below, so I can confirm
On Sunday 25 February 2007 20:47:22 Stan Bubrouski wrote:
I can't say the same it shoots my CPU up to 100% and is completely
unresponsive on win2k sp4.
If it doesn't crash the original vulnerability no longer exists, there are
many sites on the web that will freeze your Firefox and chew up all
I can't say the same it shoots my CPU up to 100% and is completely
unresponsive on win2k sp4.
On 2/25/07, Ismail Dönmez [EMAIL PROTECTED] wrote:
On Sunday 25 February 2007 20:27:19 Stan Bubrouski wrote:
The test on that page still puts my 2.0.0.2 in a completely unusable
state, try it
--On February 25, 2007 8:44:45 PM +0200 Ismail Dönmez
[EMAIL PROTECTED] wrote:
On Sunday 25 February 2007 20:27:19 Stan Bubrouski wrote:
The test on that page still puts my 2.0.0.2 in a completely unusable
state, try it yourself and let me know what happens.
Doesn't crash here on Linux, I
Jamie Riden, Ryan McGeehan, Brian Engert and Michael Mueter just released
an Honeynet paper on Web security called: Know your Enemy: Web
Application Threats
You can find their paper here:
http://honeynet.org/papers/webapp/
The paper is very good, and deals with all kinds of web threats such as
On Sun, 25 Feb 2007, Stan Bubrouski wrote:
http://lcamtuf.coredump.cx/ietrap/testme.html
This bug was fixed in 2.0.0.2, released Friday Feb 23.
No it most certainly wasn't, do your homework next time.
Actually, the story is kinda funny, but yeah, it seems that it's fixed
now.
The story: I
flickr say you can mark your photos private. when you look at the web
interface maybe. just give the direct address of a picture to one with no
access he grabs it no problem.
google images tips left as an exercise.
for the brute forcers it looks like feasible, maybe difficult.
targetting someone
Hey all,
I've just put up a paper detailing a new method of exploiting PL/SQL
injection flaws in Oracle and potential ways to protect against it. The
method entirely removes the requirement for an attacker to create functions
to be able to execute arbitrary sql. This should finally put to bed
16 matches
Mail list logo