Re: [Full-disclosure] Pwnie Awards 2008

Hey Alexandr, I see I'm invited to award Brett his pwnie for his SQL flaw if he wins. I'd be more than happy to - after all one bug over 3 years means someone did a really good job ;) Cheers, David -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is

Re: [Full-disclosure] Oracle Database Local Untrusted Library Path Vulnerability

It is reported to Oracle since 2004 by open3s and affects others libs. The workaround is very simple but it is under investigation / being fixed in main codeline. Scheduled for future cpu regards juan manuel pascual On Sat, 19 Jul 2008, Joxean Koret wrote: Oracle Database Local Untrusted

[Full-disclosure] FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 NULL-Pointer reference Denial of Service Vulnerability

FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 NULL-Pointer reference Denial of Service Vulnerability http://www.fortiguardcenter.com/advisory/FGA-2008-16.html July 20, 2008 -- Affected Vendors: EMC -- Affected Products: EMC Dantz Retrospect 7 backup Client 7.5.116 -- Vulnerability

[Full-disclosure] FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability

FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability http://www.fortiguardcenter.com/advisory/FGA-2008-16.html July 20, 2008 -- Affected Vendors: EMC -- Affected Products: EMC Dantz Retrospect Backup Server 7.5.508 -- Vulnerability

[Full-disclosure] FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 Remote Memory corruption Vulnerability

FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 Remote Memory corruption Vulnerability http://www.fortiguardcenter.com/advisory/FGA-2008-16.html July 20, 2008 -- Affected Vendors: EMC -- Affected Products: EMC Dantz Retrospect 7 backup Client 7.5.116 -- Vulnerability Details: The

[Full-disclosure] EMC Dantz Retrospect 7 backup Client PlainText Password Hash Disclosure Vulnerability

FGA-2008-16: EMC Dantz Retrospect 7 backup Client PlainText Password Hash Disclosure Vulnerability http://www.fortiguardcenter.com/advisory/FGA-2008-16.html July 20, 2008 -- Affected Vendors: EMC -- Affected Products: EMC Dantz Retrospect 7 backup Client 7.5.116 -- Vulnerability Details: The

[Full-disclosure] [SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1612-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff July 21, 2008

Re: [Full-disclosure] Pwnie Awards 2008

OOPS!: By question I landed on the Server Side Bug Nomination List Again. Thanks for riding this Ceremony. kcope / eliteb0y / Nikos OOPS I did it again (fool(disclosure)) 2008/7/21 David Litchfield [EMAIL PROTECTED]: Hey Alexandr, I see I'm invited to award Brett his pwnie for his SQL flaw

[Full-disclosure] [ GLSA 200807-10 ] Bacula: Information disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] [ GLSA 200807-11 ] PeerCast: Buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] [ GLSA 200807-12 ] BitchX: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] NULL pointer in ZDaemon 1.08.07

### Luigi Auriemma Application: ZDaemon http://www.zdaemon.org Versions: = 1.08.07 Platforms:Windows and Linux Bug: NULL pointer Exploitation: remote, versus server

[Full-disclosure] Kaminsky's DNS Issue Leaked?

It appears matasano posted an explanation of Dan Kaminsky's DNS issue to their blog today, but looks like it may have been yanked back down. My google reader account nabbed it via the RSS feed while it was up. It looks like maybe they had this typed up, ready to hit post as soon as someone else

[Full-disclosure] help: I need to crack my box

Believe it or not, I have a linux box (mine, yes it's mine) I need to own... the problem is that it phisically resides a few 100km from here and someone else has changed the root password... I can still log in as luser and I wonder if I have a chance to become root again. It's a more or less

Re: [Full-disclosure] help: I need to crack my box

--On Monday, July 21, 2008 22:47:26 +0200 Lucio Crusca [EMAIL PROTECTED] wrote: Believe it or not, I have a linux box (mine, yes it's mine) I need to own... the problem is that it phisically resides a few 100km from here and someone else has changed the root password... I can still log in as

[Full-disclosure] [ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:151 http://www.mandriva.com/security/

Re: [Full-disclosure] help: I need to crack my box

2008/7/21 Lucio Crusca [EMAIL PROTECTED]: Believe it or not, I have a linux box (mine, yes it's mine) I need to own... the problem is that it phisically resides a few 100km from here and someone else has changed the root password... I can still log in as luser and I wonder if I have a chance