rPath Security Advisory: 2007-0062-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Information Exposure
Updated Versions:
firefox=/[EMAIL PROTECTED]:devel//1/1.5.0.10-0.1-2
References:
rPath Security Advisory: 2007-0063-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated Versions:
krb5=/[EMAIL PROTECTED]:devel//1/1.4.1-7.6-1
krb5-server=/[EMAIL
rPath Security Advisory: 2007-0064-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
ImageMagick=/[EMAIL PROTECTED]:devel//1/6.2.3.3-3.6-1
References:
rPath Security Advisory: 2007-0065-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Local Root Deterministic Unauthorized Access
Updated Versions:
freetype=/[EMAIL PROTECTED]:devel//1/2.1.10-5.1-1
xorg-x11=/[EMAIL
rPath Security Advisory: 2007-0066-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Information Exposure
Updated Versions:
kdelibs=/[EMAIL PROTECTED]:devel//1/3.4.2-5.14-1
qt-x11-free=/[EMAIL
On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[EMAIL PROTECTED] wrote:
And there's a patch for that Realtek already to go on the download
site. (read the caveat section). So far all I've seen/heard is that one.
Yes, I forgot to mention the patch.
This is patching 7 graphics
On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[EMAIL PROTECTED] wrote:
the community need that they are reacting to. Gadi and the crew work
hard and have my respect for their efforts.
Agreed. Previous patches worked as advertised with no adverse side
effects here.
If you are
On Tue, 3 Apr 2007 19:11:09 -0400
Shaded Systems [EMAIL PROTECTED] wrote:
the source was leaked, and the guys from defcon have been asking websites to
take it down or they take them down (or so rumor has it).
here is the javascript source:
http://www.scheunig.de/news/jikto.txt
=]
When user visits sites over HTTPS protocol he is informed by the Web
Browser everytime the site tries to load unsecured (using HTTP
protocol) element (script/iframe/object etc.).
So for instance if we have XSS vulnerable site
https://server.com/vuln.php?id=;scriptalert(document.cookie);/script
Hey all,
For anyone that's interested I've just written three papers relating to
Oracle forensics. More will follow...
Oracle Forensics Part 1: Dissecting the Redo Logs
Oracle Forensics Part 2: Locating Dropped Objects
Oracle Forensics Part 3: Isolating Evidence of Attacks Against the
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP RFC_START_GUI RFC Function Buffer Overflow
==
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP TRUSTED_SYSTEM_SECURITY RFC Function
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP SYSTEM_CREATE_INSTANCE RFC Function Buffer Overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
While nobody likes to be stereotyped, there is always truth behind
the generic, nationality-based profiles. For example, I was
recently in Australia as part of a necessary trip. I was waiting
with a small crowd of people outside a grocery store,
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP SYSTEM_CREATE_INSTANCE RFC Function Buffer Overflow
On Wed, 4 Apr 2007 [EMAIL PROTECTED] wrote:
* Chinese value punctuality and uniformity. A DoS should be
similar to Western Europe, but should not vary in attack methods.
Great idea -- but you're four days late to the party!
/mz
___
Full-Disclosure
[EMAIL PROTECTED] wrote:
I infer you're under the impression that this may some form of
de-facto profiling of DoS kiddiots. But ask yourself, how hard
would it be to take any of the given information you disclosed
for an attacker in say America to be punctual in his attacks
so that they may now
I am proud to announce the release of a White-paper and an open-source tool,
both addressing security of SAP R/3 systems.
The paper describes vulnerabilities discovered in the SAP RFC interface
implementation and library, as well as some attacks that can be performed over
SAP systems.
The tool,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
M$ will never let us h4x0rz into their source (willingly) but I agree
with you James, the open source paradigm has regularly outpaced M$ and
many other large corporate software producers where it comes to
addressing bugs, security holes, and in many
That's correct, Firefox doesn't support ANI files for cursors.
Right, and it doesn't need to, because cursors are not the only way to reach
the vulnerable code.
Icons can do it, too.
___
Full-Disclosure - We believe in it.
Charter:
Dear Michal Majchrowicz,
This feature is not intended to protect against XSS, it's only intended
to inform you some information is transmitted in cleartext. You can
simply change
src=http://server2.com/xss.js
to
src=https://server2.com/xss.js
to avoid this message.
--Wednesday,
I think that anyone who thinks that Microsoft is near an end is being
unrealistic. I think that they are going to have to contend with the
challenges imposed by open source operating systems and OSX, but they are a
software giant. Also remember, Windows is not the only thing that Microsoft
makes.
M$ will never let us h4x0rz into their source (willingly) but I agree
with you James, the open source paradigm has regularly outpaced M$ and
many other large corporate software producers where it comes to
addressing bugs, security holes, and in many cases feature requests.
Who knows...
On Wed, 04 Apr 2007 09:35:29 EDT, J. Oquendo said:
On a serious note, I find it a bit strange that many
who haven't been on the scene for quite some time
point out modified histories of what occurred. Perhaps
its time for a tell all book to be written about the
so called hacker/cracker scene
[EMAIL PROTECTED] wrote:
History is always written by the winning side.
I couldn't agree more
On the flip side, is there actually *any* one person who's in a position
to give the real scoop on how things looked from the hacker/cracker side
of the fence for that decade?
I think there are
On Wed, 04 Apr 2007 10:57:49 PDT, Morning Wood said:
..what we need is another Linus Torvalds to build and release a newcode
win32 compliant
kernel / base that uses
Ask the Samba team how easy it is to write MS-compliant code without
access to the original or hitting against patent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is true, and I'm not saying they're near the end, only at the
beginning of the end... and of course I may be wrong.
I doubt that the company will ever file chapter 11 or even get to the
point where they're totally irrelevant where software is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Interesting idea... but like you said, this is M$ we're talking about.
Morning Wood wrote:
M$ will never let us h4x0rz into their source (willingly) but I agree
with you James, the open source paradigm has regularly outpaced M$ and
many other
On Wed, 04 Apr 2007 11:53:32 EDT, Simon Smith said:
I think that anyone who thinks that Microsoft is near an end is being
unrealistic. I think that they are going to have to contend with the
challenges imposed by open source operating systems and OSX, but they are a
software giant. Also
Title: Fabio has Tagged you! :)
Fabio S, 21
Brazil
Fabio S has added you as a friend
Is Fabio S your friend?
Please respond or Fabio may think you said no :(
Click here to unsubscribe from Tagged, P.O. Box
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- ---
VMware Security Advisory
Advisory ID: VMSA-2007-0003
Synopsis: VMware ESX 3.0.1 and 3.0.0 server security updates
Issue date:2007-04-02
_ _ ___ _ __ ___ ___ _ __
| | /| / / _ | / _ \ / __ \/ |/ / / _/ _ \/ _ | / |/ /
| |/ |/ / __ |/ , _/ / /_/ // _/ // , _/ __ |//
|__/|__/_/ |_/_/|_| \/_/|_/ /___/_/|_/_/ |_/_/|_/
Hackers United against the Threat of Islam
This is a good example of what can happen to you after viewing Hackers
and Swordfish back to back. You've been warned. I doubt Iran even has a
Gibson to hack.
- Andrew
United Hackers wrote:
_ _ ___ _ __ ___ ___ _ __
| | /| / / _ | / _ \ / __ \/ |/ / / _/ _
_ _ ___ _ __ ___ ___ _ __
| | /| / / _ | / _ \ / __ \/ |/ / / _/ _ \/ _ | / |/ /
| |/ |/ / __ |/ , _/ / /_/ // _/ // , _/ __ |//
|__/|__/_/ |_/_/|_| \/_/|_/ /___/_/|_/_/ |_/_/|_/
Hackers United against the Threat of Islam
maybe you will understand you just are a fachiste crew
nobody will follow you
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:077
http://www.mandriva.com/security/
I agree about the movie part :-)
Especially, SwordFish...
he he, Good one
On 4/4/07, Andrew Redman [EMAIL PROTECTED] wrote:
This is a good example of what can happen to you after viewing Hackers
and Swordfish back to back. You've been warned. I doubt Iran even has a
Gibson to hack.
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:078
http://www.mandriva.com/security/
rPath Security Advisory: 2007-0067-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Local User Deterministic Denial of Service
Updated Versions:
nas=/[EMAIL PROTECTED]:devel//1/1.8b-0.2-1
References:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1277-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
April 04, 2007
-
On Wed, 04 Apr 2007 15:14:29 CDT, United Hackers said:
Islam must be stopped. And the Hackers United against the Threat of Islam are
there to do the job.
Shout outs to everyone united against Islam. We stand together to face this
threat to humanity.
The problem isn't Islam. It's not
On 4/4/07, United Hackers [EMAIL PROTECTED] wrote:
_ _ ___ _ __ ___ ___ _ __
| | /| / / _ | / _ \ / __ \/ |/ / / _/ _ \/ _ | / |/ /
| |/ |/ / __ |/ , _/ / /_/ // _/ // , _/ __ |//
|__/|__/_/ |_/_/|_| \/_/|_/ /___/_/|_/_/ |_/_/|_/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:081
http://www.mandriva.com/security/
Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure
Vulnerability
iDefense Security Advisory 04.04.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 04, 2007
I. BACKGROUND
Kaspersky AntiVirus offers comprehensive protection from computer
viruses and malware threats.
Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability
iDefense Security Advisory 04.03.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 03, 2007
I. BACKGROUND
Kaspersky Internet Security Suite is a combination of Kaspersky
anti-virus, anti-spam, and personal
pdp (architect) wrote:
http://www.gnucitizen.org/blog/firebug-goes-evil
There is critical vulnerability in Firefox/Firebug which allows
attackers to inject code inside the browser chrome.
Good find.
I recommend to disable Firebug for now until the issue is fixed.
Firebug 1.03 is now
On 4/4/07, United Hackers [EMAIL PROTECTED] wrote:
_ _ ___ _ __ ___ ___ _ __
| | /| / / _ | / _ \ / __ \/ |/ / / _/ _ \/ _ | / |/ /
| |/ |/ / __ |/ , _/ / /_/ // _/ // , _/ __ |//
|__/|__/_/ |_/_/|_| \/_/|_/ /___/_/|_/_/ |_/_/|_/
this is the funniest email from this mailing list..., good luck then for
you. It's not fun to use religion as permission for starting something bad
for other religion. you must learn the respect other believers.
On 4/5/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
United Hackers [EMAIL
ESRI ArcSDE Buffer Overflow Vulnerability
iDefense Security Advisory 04.04.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 04, 2007
I. BACKGROUND
Environmental Systems Research Institute (ESRI) ArcSDE is a multi-user
database server that has been bundled with ArcGIS to provide
--On April 4, 2007 7:19:17 PM -0400 [EMAIL PROTECTED] wrote:
The problem isn't Islam. It's not Christianity. It's extremists who
cloak themselves in one or the other to try to claim the moral high
ground in their attempt to rid the world of The Other Flavor, because
they never learned concepts
First things first:
1:So far as I can see,the US does war games in the region ,and has been
for decades.Now that they are actually in a war in that region,for sure
there will be many shows of power to try and keep anyone else from
wanting to jump in,or endanger there troops.
2:Iran is back to
You have to be joking when you say the greatest threat to humanity is
capitalism. You do realize that with out capitalism you wouldn't have almost
everything you enjoy in your life today like electricity. The fundamental
problem with socialism (which I'm guessing you're in favor of) is no one has
Also have you ever considered the fact that,I'm sure a lot(LOL)of
intelligence people read lists like this,just to stop potential nuts
like you?!
No Regards needed,(SIR!),
Scott
___
Full-Disclosure - We believe
On Wed, 04 Apr 2007 21:38:40 CDT, Paul Schmehl said:
You seem to be living under the delusion that your actions can somehow
influence the extremists. There's only two actions that will influence
the extremists in any way and that is to kill or imprison them.
Radical idea number 1: You can
--On April 4, 2007 10:40:28 PM -0400 scott
[EMAIL PROTECTED] wrote:
First things first:
1:So far as I can see,the US does war games in the region ,and has been
for decades.Now that they are actually in a war in that region,for sure
there will be many shows of power to try and keep anyone else
Rich,an American Jew?!!!???
My ancestors would come out of their graves to answer this one!
The real answer lies in the fact of,are you prejudice or not.
That simple point,alone,speaks volumes about how you perceive things
that happen around you.
There are,basically speaking,two ways to look
Touche!I actually overlooked that fact.
Regards,
Scott
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--On April 4, 2007 11:06:24 PM -0400 [EMAIL PROTECTED] wrote:
On Wed, 04 Apr 2007 21:38:40 CDT, Paul Schmehl said:
You seem to be living under the delusion that your actions can somehow
influence the extremists. There's only two actions that will influence
the extremists in any way and that
Paul Schmehl wrote:
SNIP
You seem to be living under the delusion that your actions can somehow
influence the extremists. There's only two actions that will influence
the extremists in any way and that is to kill or imprison them.
Anything else you might try, like trying to make nice with
I believe that the greatest lesson in history is that if you are not
willing to fight for your freedoms, someone will come in and take them
away. It has happened time and time again throughout the ages. There
are always other peoples who will stretch their boundaries - and if
you are not willing
Meaning that all IP's are constantly being bombarded by spiders and
random pings from other machines looking for misdirected links,etc.
Regards,
Scott
___
Full-Disclosure - We believe in it.
Charter:
Is this really the place to be discussing this? This is a full disclosure
mailing list about security issues. This is not a place for discussing
politics.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Randal T.
Rioux
Sent: Wednesday, April 04, 2007
common george, its not like you ever contribute anything worth a shit.
On Wed, 4 Apr 2007, George Ou wrote:
Date: Wed, 4 Apr 2007 21:22:38 -0700
From: George Ou [EMAIL PROTECTED]
To: 'Randal T. Rioux' [EMAIL PROTECTED],
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure]
common george, its not like you ever contribute anything worth a shit.
LOL.I know that was in jest.
Regards,
Scott
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Paul Schmehl wrote:
--On April 4, 2007 11:06:24 PM -0400 [EMAIL PROTECTED] wrote:
Radical idea number 1: You can always ignore them, or merely accord
them a level of concern related to their *actual* threat level. Figure
out the number of deaths and economic damage per year due to cancer,
This list has been somewhat of a cesspool for years now. It is more
entertainment than EXPLOIT relevant now anyway. Sit back, crack a favorite
beverage and have a few laughs.Where the hell is n3td3v when you need him?
-Original Message-
From: George Ou [mailto:[EMAIL PROTECTED]
Sent:
Paul Schmehl wrote:
--On April 4, 2007 10:40:28 PM -0400 scott
[EMAIL PROTECTED] wrote:
First things first:
1:So far as I can see,the US does war games in the region ,and has been
for decades.Now that they are actually in a war in that region,for sure
there will be many shows of power to
can we all get together now and have a group hug?
looks like you all need one after the iran thread eh?
n3td3v
http://n3td3v.googlepages.com
Political flame war not intended.
Group hug accepted(with a handshake)!
Regards,
Scott
You are right.
Back to the job at hand.
Full-Disclosure.
Regards,
Scott
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
72 matches
Mail list logo