Platforms affected: All
Distribution: low (lol)
It has come to my attention that Macroslut Vista contains at least
three spelling errors. These include the Welcome Center, the
Security Center and some other center that my poor, addled brain
can't recall right now.
The Vista in question was
So... You're going to fight alleged terrorism, with more terrorism...
the logic is impecable. And since when does iran have anything to do with
terrorism?
On Tue, Apr 10, 2007 at 03:45:51AM -0500, United Hackers wrote:
_ _ ___ _ __ ___ ___ _ __
| | /| / / _ | /
Iran has a LOT to do with terrorism. They are the biggest state
sponsor of terrorism, followed by Syria.
---
Tremaine Lea
Network Security Consultant
Be in pursuit of equality, but not at the expense of excellence.
On 15-Apr-07, at 3:26 AM, [EMAIL PROTECTED] wrote:
So... You're going to
On Sun, 15 Apr 2007 05:40:24 -0600
Tremaine Lea [EMAIL PROTECTED] wrote:
Iran has a LOT to do with terrorism. They are the biggest state
sponsor of terrorism, followed by Syria.
No, biggest state sponsor of terrorism is the USA.
---
Tremaine Lea
Network Security Consultant
Be in
Q: What kind of douchebag/douchebagette falls prey to trolls on a
security mailing list meant for public disclosures of vulnerabilities?
A: More than you would expect, especially considering semi-recent postings
-JPan idiot says what?
What
-Lots of ppl on FD
Hello,
We would like to inform you about a vulnerability in ZoneAlarm 6.
Description:
ZoneAlarm hooks many functions in SSDT and in at least two cases it fails to
validate arguments that come from the user
mode. User calls to NtCreateKey and NtDeleteFile with invalid argument values
can
-- Forwarded message --
Date: Sat, 14 Apr 2007 18:40:53 +0200
From: Jerome Athias [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [exploits] RPC vuln in DNS Server
Quote from HD Moore:
This module has been added to the development version of Metasploit 3, it
will be
Looks like the front line have made their first strike.
http://www.mod.ir/user.asp?T1=%3Cscript%3Edocument.all%5B5%5D.innerHTML='%3Cp%20align=center%3E%3Cimg%20src=/images/arm.jpg%3E%3Cbr%3Eowned.';%3C/script%3E
lol.
___
Full-Disclosure - We believe
Hi all
The penetration of web leads to origin of some new artifacts.This in turn
helps in understanding the weaknesses and flaws persist in the web
applications that lead to origin of exceptions.
Asp.net issue have been analyzed.
Links:
http://zeroknock.metaeye.org/analysis
/*
* Copyright (c) 2007 devcode
*
*
* ^^ D E V C O D E ^^
*
* Windows DNS DnssrvQuery() Stack Overflow
* [CVE-2007-1748]
*
*
* Description:
*A vulnerability has been reported in Microsoft Windows, which can
*be exploited by malicious people to compromise a vulnerable
On Sun, 15 Apr 2007 05:40:24 MDT, Tremaine Lea said:
Iran has a LOT to do with terrorism. They are the biggest state
sponsor of terrorism, followed by Syria.
I thought that was Iraq. Or was it Afghanistan?
pgpG0ugNtwY2X.pgp
Description: PGP signature
Due to security reasons many Web Browsers doesn't allow cross
domain XMLHttpRequests. In fact this is only troublesome for web
developers and not for virus coders/crackers/etc. Some time ago there
was presetened a technic which used cssText property to perform some
cross domain requests. After
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
lsi wrote:
In any case if you folks have forgotten, you are speaking English,
and in England, centre is spelled C-E-N-T-R-E... OK???
Normally, yes. But actually the OED lists center as legitimate
English. It's a secondary usage but not actually
Michal Majchrowicz wrote:
Due to security reasons many Web Browsers doesn't allow cross
domain XMLHttpRequests.
[..]
hi Michal, personally i don't get your point (to me it seems just
an hybrid implementation using both server side and client side
scripting) but i'm sure you can better explain
Hi.
Thanks for showing this vulnerability :) In fact it was not supposed
to be safe, but now it shoud be :) You are right this is not a
vulnerability by itself but it gives an attacker a very usefull tool
for attackers/trojans to perform Real Time Attacks on users browser.
Regards Michal.
On
Hello,
Thanks for showing this vulnerability :) In fact it was not supposed
to be safe, but now it shoud be :) You are right this is not a
adding
if(strstr($_GET['url'],file:))
die;
is not safe at all...
Regard,
Stefan
___
Hi,
Thanks for suggestion. Please try it now :)
But as I said before this script WASN'T INTENDED to be safe at all :)
I wanted to show that it is posssible to perform some kind of Cross
Domain Requests. Thats all :)
Regards Michal.
On 4/15/07, Stefan Esser [EMAIL PROTECTED] wrote:
Hello,
On Sun, 15 Apr 2007, Michal Majchrowicz wrote:
I wanted to show that it is posssible to perform some kind of Cross
Domain Requests.
As much as I loathe the origin-based security model of modern web
browsers, there are semi-valid reasons why XMLHttpRequest is restricted
the way it is.
A remote
Hi.
I think it is security matter. I don't think that whole
XMLHttpRequests should be cross domain. Just a small part of it...
Using my script you can create an evil javascript code that will
interact with user in real time. You can create (I already did it) a
script that will contact some kind of
Iraq and Afghanistan participated, but Iran and Syria have long been
the source of financing and planning. They are the CC of the
terrorist islamist botnet ;)
---
Tremaine Lea
Network Security Consultant
Be in pursuit of equality, but not at the expense of excellence.
On 15-Apr-07, at
Hi,
im sending you the headers of the new exploit code for microsoft DNS
servers. You can download the full source code exploit and analysis at:
- http://www.514.es/Microsoft_Dns_Server_Exploit.zip
or
- http://www.48bits.com/exploits/dnsxpl.rar
Microsoft DNS Server Remote Code execution
21 matches
Mail list logo
