Re: [Full-disclosure] Web Application Security Awareness Day

On Tue, Apr 15, 2008 at 7:24 PM, Jeff Stebelton <[EMAIL PROTECTED]> wrote: > On Tue, Apr 15, 2008 at 12:32 PM, n3td3v <[EMAIL PROTECTED] > > > wrote: > > > > > > > > Why May 1st 2008? Because web applications are closely related to > > e-commerce > > and

[Full-disclosure] VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - --- ~ VMware Security Advisory Advisory ID: VMSA-2008-0007 Synopsis: Moderate Updated Service Console packages pcre ~ net-snmp, and

[Full-disclosure] HARD CHAT

ARE YOU HARD? ARE YOU A CHATTER? ARE YOU A HARD CHATTER? THEN MAYBE U CHAT HARD ENUFF 2 ROLL WITH THE CHAT KREW. WANT TO JOIN? Step 1: Obtain a copy of the low budget chink comedy "Gwok chaan Ling Ling Chat" and watch it. You will be tested on ur knowledge of this film. http://www.imdb.com/title

[Full-disclosure] [ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:086 http://www.mandriva.com/security/ ___

Re: [Full-disclosure] gallarific backdoored , vulnerable to xss

On 15 Apr 08, at 09:07, Thomas Pollet wrote: > I was looking at the free version of gallarific, and I found some > suspicious > code in the scopbin directory. > Attached is a file I found in the zip i downloaded, in case someone > wants to > decode it. Looks like a component of the ScopBin PHP

[Full-disclosure] iDefense Security Advisory 04.09.08: IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability

iDefense Security Advisory 04.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 09, 2008 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high-end databases. For more information, visit the product website at the followin

[Full-disclosure] iDefense Security Advisory 04.09.08: IBM DB2 Universal Database Administration Server File Creation Vulnerability

iDefense Security Advisory 04.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 09, 2008 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high-end databases. The DB2 Administration Server (DAS) implements the server compo

[Full-disclosure] [ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:086 http://www.mandriva.com/security/ ___

[Full-disclosure] iDefense Security Advisory 04.14.08: ClamAV libclamav PE WWPack Heap Overflow Vulnerability

iDefense Security Advisory 04.14.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 14, 2008 I. BACKGROUND Clam AntiVirus is a multi-platform GPL anti-virus toolkit. ClamAV is often integrated into e-mail gateways and used to scan e-mail traffic for viruses. It supports virus scanning

[Full-disclosure] iDefense Security Advisory 04.14.08: ClamAV libclamav PeSpin Heap Overflow Vulnerability

iDefense Security Advisory 04.14.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 14, 2008 I. BACKGROUND Clam AntiVirus is a multi-platform GPL anti-virus toolkit. ClamAV is often integrated into e-mail gateways and used to scan e-mail traffic for viruses. It supports virus scanning

[Full-disclosure] [SECURITY] [DSA 1540-2] New lighttpd packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1540-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp April 15, 2008

Re: [Full-disclosure] Web Application Security Awareness Day

On Tue, Apr 15, 2008 at 12:32 PM, n3td3v <[EMAIL PROTECTED] > wrote: > > > > Why May 1st 2008? Because web applications are closely related to > e-commerce > and May Day is a common day for peaceful anti-capitalism protests, so > it makes sense > to be

Re: [Full-disclosure] Web Application Security Awareness Day

god, seriously. can we set up a list for all these contests? everyday i get another contest email on fd! its almost as bad as these conferences! r u serious!? On Tue, Apr 15, 2008 at 12:32 PM, n3td3v <[EMAIL PROTECTED]> wrote: > > Web Application Security Awareness Day will be host on May 1s

Re: [Full-disclosure] Fwd: n3td3v has a fan

in my opinion a few of the "facts" in this posting may actually be true (the ones with a possible harmless interpretation), but most are colored by a deeply distorted view of reality. also, a seeming inability to closely read, critically think, or analyze risk rationally. participating in p

[Full-disclosure] gallarific backdoored , vulnerable to xss

Hello, I was looking at the free version of gallarific, and I found some suspicious code in the scopbin directory. Attached is a file I found in the zip i downloaded, in case someone wants to decode it. the package can be downloaded from http://www.gallarific.com/download.php Also, the software

[Full-disclosure] Web Application Security Awareness Day

Web Application Security Awareness Day will be host on May 1st 2008. A winner will be declared for the best web application bug. To be in the running, your submission must be publically disclosed to a mailing list on May the 1st 2008. This will be the first time Web Application Security Awareness

Re: [Full-disclosure] Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows

Its not always easy to know what libs all of your apps are using. Unless of course you're managing a small set of systems, have a lot of time, or are particularly godlike at what you do. I think it's great that they identify the software using it. Frankly, if I'm in an enterprise environment runnin

Re: [Full-disclosure] Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows

> Autonomy Keyview Folio Flat File Parsing Buffer Overflows > Autonomy Keyview Applix Graphics Parsing Vulnerabilities > Autonomy Keyview EML Reader Buffer Overflows > activePDF DocConverter Folio Flat File Parsing Buffer Overflows > activePDF DocConverter Applix Graphics Parsing Vulnerabilities >

Re: [Full-disclosure] How should Full-Disclosure be funded?

i dont need to research a thing. thats what you obviously dont understand about this list, its open, its free, its full disclosure. oh, and we dont believe you. On Mon, Apr 14, 2008 at 10:28 PM, n3td3v <[EMAIL PROTECTED]> wrote: > On Tue, Apr 15, 2008 at 2:43 AM, Ureleet <[EMAIL PROTECTED]> wrot

Re: [Full-disclosure] DEF CON 16 Retro Announcement! Back to Bang!

i just criticized the link. and quit yelling at people for cropping your emails if you are going to crop everyone elses, even in the middle of a sentence. oh and you still cant reference yourself as a reference. On Mon, Apr 14, 2008 at 10:23 PM, n3td3v <[EMAIL PROTECTED]> wrote: > > On Tue, Apr

[Full-disclosure] [ MDVSA-2008:085 ] - Updated python packages fix arbitrary code execution vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:085 http://www.mandriva.com/security/ ___

[Full-disclosure] clamav: Endless loop / hang with crafter arj, CVE-2008-1387

Advisory published at: http://int21.de/cve/CVE-2008-1387-clamav.html clamav: Endless loop / hang with crafter arj, CVE-2008-1387 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387 http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog http://www.cert.fi/haavoittuvuudet/joint-