Hello,
Peter Kosinar wrote:
> Providing the factorization of a particular number (whose factorization is
> considered to be not known by anyone) is definitely a proof that you know
> the factorization of that number and that you had a method for finding it.
of course agreed.
> Of course, it d
On Sun, 29 Apr 2007, Line Noise wrote:
> As a friend of mine said elsewhere, John Young must have said something bad.
Yeah - speaking Truth in the Fascist United States.
> Verio caved. It's really too bad, for us all.
Yes it is. And who's next, huh? Bush's machine can just do whatever the
he
I think all in all That it should be considered!
On 5/1/07, Steven Adair <[EMAIL PROTECTED]> wrote:
I think a good share of the time when someone states that the DoS may
"possibly" lead to remote code execution are making such a statement for a
couple different reasons:
1) They found a DoS and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:095
http://www.mandriva.com/security/
___
ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory
Overwrite Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-023.html
May 1, 2007
-- CVE ID:
CVE-2007-2175
-- Affected Vendor:
Apple
-- Affected Products:
Quicktime
-- TippingPoint(TM) IPS Customer Prote
Nothing exciting to report on OS X 10.4 / fully patched / PPC. Kind of
broke the properties dialog for the link, and used some cpu, but
definitely caused no crashing.
On WinXP Norton real time protection detected the file in cache as a
'hack tool.' I disabled that, but Firefox refused to return
On FF 2.0.0.3 on WinXP SP2+hotfixes clicking the link loads up the
server not found page then CPU shoots up to 100% for ~1 minute and
then everything goes back to normal... not too exciting...
-sb
On 5/1/07, carl hardwick <[EMAIL PROTECTED]> wrote:
> Product: Firefox 2.0.0.3
> Description: Out-of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1285-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
May 01, 2007
- --
Yate 1.1.0 Denial of Service Vulnerability
Risk: Medium
Background:
Yate (Yet Another Telephony Engine) is a production-ready next-generation
telephony engine.
More information about this application could be obtained from the following
site:
http://yate.null.ro/
Description:
The SIP
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200705-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200705-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200705-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
I think a good share of the time when someone states that the DoS may
"possibly" lead to remote code execution are making such a statement for a
couple different reasons:
1) They found a DoS and truly have no idea whether or not it can cause
remote code execution due to not having the knowledge/sk
Ok 'most' is probably bad wording on my part how does 'often enough' sound :).
"Buffer overflow in the png_decompress_chunk function in pngrutil.c in
libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code"
http://www.securityspace.
> >>http://moaxb.blogspot.com/=20
> =20
> Wow, a DoS in a 3rd-party Poiwerpoint viewer. This ought to bring the
> Internet to its knees. I wonder if he'll have any actual ActiveX bugs=
> or
> if they'll just be DoS's in controls.
Consider that most often a bug filed as DOS can actually
be exploit
>>"just a segfault"
Remember back when there were crash bugs? Now all we have are DoS's.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
_
On Tue, 01 May 2007 12:24:47 EDT, Larry Seltzer said:
> >>Consider that most often a bug filed as DOS can actually be
> exploitable, but the person who discovered it can't get the POC working
> or is even aware it is. While command execution is the ideal goal it
> doesn't mean other types of issues
>>Consider that most often a bug filed as DOS can actually be
exploitable, but the person who discovered it can't get the POC working
or is even aware it is. While command execution is the ideal goal it
doesn't mean other types of issues are *completely* worthless.
Most often? How do you know t
On 4/30/07, scott <[EMAIL PROTECTED]> wrote:
> I just came across this:
> > http://www.abovetopsecret.com/pages/echelon.html
>
>
> Want to know what everyone makes of it.
>
> True or crap?
You're kidding, right? You must have been hiding under a rock for the
past decade or so. Please note that the
Same here on Gentoo with 2.6.19-beyond4
On Tue, 1 May 2007 16:29:35 +0300
Mihai Donțu <[EMAIL PROTECTED]> wrote:
> On Tuesday 01 May 2007 10:26, carl hardwick wrote:
> > Product: Firefox 2.0.0.3
> > Description: Out-of-bounds memory access via specialy crafted html file
> > Type: Remote
> >
> >
I saw this on television a few weeks ago. A lot of it is a bit
far-fetched IMO. But your point to IT security and how important of a
role it will play is definitely right. Not many people understand
whats at risk. Maybe the Discovery channel will make a show about
computer security that doesn't inv
Cerulean Studios Trillian Multiple IRC Vulnerabilities
iDefense Security Advisory 04.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 30, 2007
I. BACKGROUND
Cerulean Studios Trillian is a multi-protocol chat application that
supports IRC, ICQ, AIM and MSN protocols. More informat
I stumbled across this documentary about cities of the future. For
those who hasn't seen it yet, it is highly recommend. It will take
only 43:29 minutes of your time. Believe me, it is worth looking at.
It is quite exciting to look into stuff that may happen in the future.
This documentary, in par
Hello,
We would like to inform you about a vulnerability in ZoneAlarm 6.
Description:
ZoneAlarm insufficiently protects its driver \Device\vsdatant against a
manipulation by malicious applications and it
fails to validate its input buffer. It is possible to open the driver's device
and send
On Tuesday 01 May 2007 10:26, carl hardwick wrote:
> Product: Firefox 2.0.0.3
> Description: Out-of-bounds memory access via specialy crafted html file
> Type: Remote
>
> Vulnerability can be exploited by using a large value in a href tag to
> create an out-of-bounds memory access.
>
> Proof Of C
On Tuesday 01 May 2007 10:26:21 carl hardwick wrote:
> Product: Firefox 2.0.0.3
> Description: Out-of-bounds memory access via specialy crafted html file
> Type: Remote
>
> Vulnerability can be exploited by using a large value in a href tag to
> create an out-of-bounds memory access.
>
> Proof Of C
On 5/1/07, carl hardwick <[EMAIL PROTECTED]> wrote:
> Product: Firefox 2.0.0.3
> Description: Out-of-bounds memory access via specialy crafted html file
> Type: Remote
>
> Vulnerability can be exploited by using a large value in a href tag to
> create an out-of-bounds memory access.
>
> Proof Of Co
Exploit works like a charm on FF 2.0.3 on win2k sp4.
Regards,
-Nikolay Kichukov
- Original Message -
From: "carl hardwick" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 01, 2007 10:26 AM
Subject: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access
viaspecialy crafted html file
>>http://moaxb.blogspot.com/
Wow, a DoS in a 3rd-party Poiwerpoint viewer. This ought to bring the
Internet to its knees. I wonder if he'll have any actual ActiveX bugs or
if they'll just be DoS's in controls.
___
Full-Disclosure - We believe in it.
Ch
Surfing on the net, I've found this initiative:
http://moaxb.blogspot.com/
It seem quite interesting, maybe some of you would like to take a look :)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Ho
yeah spam is fun, the proof : http://pornmaster.ath.cx/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1284-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
May 1st, 2007
I've been seeing this trend for > 8 months on my domains. Spam are
increasingly worded to correlate on the topics the recipient has
participated in, and MW said, security. I remember recently, one had subject
header "Buffer Overflow" and appeared to be from the [Full-Disclosure] list
-
Product: Firefox 2.0.0.3
Description: Out-of-bounds memory access via specialy crafted html file
Type: Remote
Vulnerability can be exploited by using a large value in a href tag to
create an out-of-bounds memory access.
Proof Of Concept exploit:
http://www.critical.lt/research/opera_die_happy.htm
34 matches
Mail list logo