CSIS Security Group has discovered a remote exploitable arbitrary
overwrite, in the Blue Coat
K9 Web Protection local Web configuration manager on 127.0.0.1 and port
2372.
This allows an attacker to perform at least a Denial of Service
condition, on the
usage of internet.
Since the overflow can r
Hi all
Due to some previous complexitites , there is bit
delay in work. the mlabs have been shifted to SecNiche
fully.
http://mlabs.secniche.org
You can see the things directly on this sub domain
Regards
Aditya K Sood aka Zeroknock
http://secniche.org
rPath Security Advisory: 2007-0117-1
Published: 2007-06-07
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Denial of Service
Updated Versions:
gd=/[EMAIL PROTECTED]:devel//1/2.0.33-4.4-1
php=/[EMAIL PROTECTED]:devel//1/4.3.11-15.11-1
>
> Exploit #2:
working now..
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
> Corrected and working:
>
> I am very sorry! Please check again
>
> Exploit #1
>
new versions:
9D39223E-AE8E-11D4-8FD3-00D0B7730277
success yahoo version 8.1.0.249
> Exploit #2:
no success ( black box in IE )
1 for 2 come on danny!!!
__
DeepSec In-Depth Security Conference 2007 Europe - Nov 20-23 2007 -
Vienna, Austria
http://deepsec.net/
Second Call for Papers
We're inviting you to submit papers and proposals for trainings for
the first annual DeepSec security conference.
We've been able to get some really good submissions, fa
What's the point of a disclosure you can't reproduce?
aaargh, pest!
On 07/06/07, Morning Wood <[EMAIL PROTECTED]> wrote:
> cannot reproduce..
>
> yahoo IM versions
> 6.0.0.1922
> 8.1.0.249
>
> > DCE2F8B1-A520-11D4-8FD0-00D0B7730277
> ywcupl.dll
> versions 2.0.1.2 and 2.0.1.4
>
>
> >9D39223E-AE8E-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1300-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
June 7th, 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
what's more stupid? a bunch of l33+ defcon security conference
attendees too stupid to read a distribution list before sending
sentive information or stupid rantings about big bad capitalistic
corporations?
- ---
“You don't have to be a man to fight f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
Debian Security Advisory DSA 1299-1[EMAIL PROTECTED]
http://www.debian.org/security/ dann frazier
June 7th, 2007
cannot reproduce..
yahoo IM versions
6.0.0.1922
8.1.0.249
> DCE2F8B1-A520-11D4-8FD0-00D0B7730277
ywcupl.dll
versions 2.0.1.2 and 2.0.1.4
>9D39223E-AE8E-11D4-8FD3-00D0B7730277
ywcvwr.dll
versions 2.0.1.3 and 2.0.1.4
___
Full-Disclosure - We believe in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer
Overflow Vulnerabilities
CA Vuln ID (CAID): 35395, 35396
CA Advisory Date: 2007-06-05
Reported By: ZDI
Impact: Remote attackers can cause a denial of service or
potentially execute
Hi Tavis,
Reply inline.
On 6/7/07, Tavis Ormandy <[EMAIL PROTECTED]> wrote:
> These aren't exactly "0-day", I discussed several of these attacks last
> year, such as CVE-2006-6301, and informed the authors that there were
> undoubtedly more attacks against these tools. This topic is a favourite
Ayup, true enough re jury confusion.
Once a machine has had a malware infection though, the point a layman needs to
understand is simply: it is not possible in under (a large number, maybe 1000)
man
years) to determine that the machine has not been remotely controllable if
connected
to an outsid
Any company email adress is primarily intended for company related issues.
Even the company in question allows you to use it for personal issues,
it's still mainly intented for company use.
An email adressed to, up until recently employed, security researcher,
HR drone or sales assistant, Elmer F
[EMAIL PROTECTED] wrote:
So I take it that law enforcement computer examiners and prosecutors *do* have
the years of experience in software engineering and exploit construction and
use, to qualify them to translate a bit of data into forensic evidence of guilt?
Catch 22. This is why prosec
On Wednesday 06 June 2007 11:06, Tim wrote:
> Sorry H.D., it most likely isn't illegal.
I agree. But still sleazy.
cheers,
--dr
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
The key is *personal* e-mail. It's not unreasonable for any
company to assume their e-mail systems are used primarily for
business purposes. The e-mail doesn't indicate it's personal. It
doesn't say, "Your Ghonorrhea test results have come back! Click
here for the results." The e-mail has no
[
[--
[
[Message: 2
[Date: Wed, 6 Jun 2007 20:23:25 -0400
[From: "Larry Seltzer" <[EMAIL PROTECTED]>
[Subject: Re: [Full-disclosure] You shady bastards.
[To:
[Message-ID:
[ <[EMAIL PROTECTED]>
[Content-Type: text/plain; charset="us-ascii"
[
[>>A more ethical com
Application: Space4k
Web Site: http://www.space4k.[pl|fr|com|de|it]
Bug: XSS (Cross site Scripting)
Discoverer: Florian Stinglmayr
Date: 2007-06-07
--
Description:
Space4K is a massive multiplayer online game game whi
Dear all,
for your information.
RUS-CERT Security Announcement 2007-06:01 (1380)
The built-in Mini Switch in Alcatel-Lucent's IP-Touch Telephones under
OmniPCX Enterpris
On Wed, Jun 06, 2007 at 05:13:54PM -0300, Daniel Cid wrote:
> DenyHosts, Fail2ban and BlockHosts are vulnerable to remote log injection
> that can lead to arbitrarily injection of IP addresses in /etc/hosts.deny. To
> make it more "interesting", not only IP addresses can be added, but
> also the wi
22 matches
Mail list logo