Re: [Full-disclosure] IE XML exploit poc - i offer $100 for help to swap shellcode

2008-12-19 Thread taneja . security
O Fuck!! Sorry that was not related to thatanyway download "ie0dayfree" from http://www.jxfhack.com On Fri, Dec 19, 2008 at 11:20 AM, wrote: > Download malicious pdf from http://korienado.com/cache6000/pdf.php and > analyzegot it !!! > > On Thu, Dec 18, 2008 at 8:48 PM, qua...@gmai

[Full-disclosure] [ GLSA 200812-19 ] PowerDNS: Multiple vulnerabilities

2008-12-19 Thread Pierre-Yves Rofes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread n3td3v
On Fri, Dec 19, 2008 at 7:00 PM, Bipin Gautam wrote: > I've been hearing about, FD is getting boring with similar postings > but so less "disclosures". That is just the way the current climate is, as nothing has been post on Bugtraq either. I think next week will be a busy week as people throw aw

Re: [Full-disclosure] Microsoft issues out-of-band patch

2008-12-19 Thread n3td3v
On Fri, Dec 19, 2008 at 3:36 PM, Bipin Gautam wrote: > stop putting so much of attention to 0-day and possible use of it by > government to get into a terrorist pc. > > if breaking into someones pc was a matter of national security > importance 0-day may provide a easy leverage but you really dont

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread Arturo 'Buanzo' Busleiman
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Bipin Gautam wrote: > Anyone want to participate to make this thread exciting? :) No, but I found some problems with the 'order food over internet' site for a very well known company that makes burgers. I should contact them. And get some free food

[Full-disclosure] PHP APC vulnerable to local attacks

2008-12-19 Thread Moritz Naumann
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." http://pecl.php.net/package/APC While at least some of its developers do not consider this

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread Arturo 'Buanzo' Busleiman
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Randal L. Schwartz wrote: > Perfect time for this: > > > http://letmegooglethatforyou.com/?q=contact+info+google%27s+security+department&l=1 Actually, someone else provided almost that exact same link YESTERDAY. :P - -- Arturo "Buanzo" Busleima

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread Bipin Gautam
ok... looks like you have some good credibility. so we listen you and close this thread then :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread Bipin Gautam
I've been hearing about, FD is getting boring with similar postings but so less "disclosures". Anyone want to participate to make this thread exciting? :) dropped in FD asking for security contact of google without making some disclosures on the info-sec issue for what he wanted to contact googl

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread Randal L. Schwartz
> "xyberpix" == xyberpix writes: xyberpix> Hi all, xyberpix> Does anyone have contact details for anyone at Google's security xyberpix> department at all? Perfect time for this: http://letmegooglethatforyou.com/?q=contact+info+google%27s+security+department&l=1 :-) -- Randal L. Sch

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread M . B . Jr .
Can't you google it? On 12/18/08, xyberpix wrote: > Hi all, > > Does anyone have contact details for anyone at Google's security > department at all? > > TIA > xyberpix > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/f

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread anonymous pimp
On Fri, Dec 19, 2008 at 7:28 PM, Andy McKnight wrote: > This had less of the "couldn't find" and more of the "we really want > everyone to know that we've a reason to find". > > 2008/12/19 anonymous pimp >> >> A wannabe security firm (xyberpix.com) not able to find out google's >> security team c

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread Andy McKnight
This had less of the "couldn't find" and more of the "we really want everyone to know that we've a reason to find". 2008/12/19 anonymous pimp > A wannabe security firm (xyberpix.com) not able to find out google's > security team contact? > -- key id: 0x6A8BAF97 fingerprint: 0AF9 F0A4 52D2 977

Re: [Full-disclosure] Urgent Google Contact

2008-12-19 Thread anonymous pimp
On Fri, Dec 19, 2008 at 2:51 AM, xyberpix wrote: > Thanks to all who responded on this one, I've managed to contact someone. > xyberpix Maybe next time you could "manage to" google it your-fucking-self, and not use your work email while you're at it. A wannabe security firm (xyberpix.com) not ab

Re: [Full-disclosure] Microsoft issues out-of-band patch

2008-12-19 Thread Ureleet
just plain stupid. i dont know where to start, so i wont. fuck. On Fri, Dec 19, 2008 at 9:50 AM, n3td3v wrote: > "The software giant rushed out a fix for the security issue in eight > days, following its discovery that online criminals were using the > flaw to attack Internet users." > > http:/

Re: [Full-disclosure] Microsoft issues out-of-band patch

2008-12-19 Thread Some Guy Posting To Full Disclosure
Here's an article explaining why Microsoft delays their patching: Specifically this bit: "In order to reduce the costs related to the deployment of patches, Microsoft introduced the concept of Patch Tuesday. The idea is that security patches are accumul

[Full-disclosure] HTC Touch vCard over IP Denial of Service

2008-12-19 Thread Mobile Security Lab
Security Advisory MSL-2008-002 - HTC Touch vCard over IP Denial of Service Advisory Information Title: HTC Touch vCard over IP Denial of Service Advisory ID: MSL-2008-002 Advisory URL: http://www.mseclab.com/index.php?page_id=110 Published:

Re: [Full-disclosure] Microsoft issues out-of-band patch

2008-12-19 Thread Bipin Gautam
stop putting so much of attention to 0-day and possible use of it by government to get into a terrorist pc. if breaking into someones pc was a matter of national security importance 0-day may provide a easy leverage but you really dont need a 0-day to get into someones pc, neither you'd need a alr

Re: [Full-disclosure] Microsoft issues out-of-band patch

2008-12-19 Thread n3td3v
On Fri, Dec 19, 2008 at 2:55 PM, James Rankin wrote: > "MI5 have their systems patched against > flaws that are not known about by other entities" > > Yeah, of course they do. because writing your own patches will definitely > make sure that your enterprise is properly supported and secured, and a

Re: [Full-disclosure] Microsoft issues out-of-band patch

2008-12-19 Thread James Rankin
"MI5 have their systems patched against flaws that are not known about by other entities" Yeah, of course they do. because writing your own patches will definitely make sure that your enterprise is properly supported and secured, and all your mission-critical apps will continue to function. I reme

[Full-disclosure] Microsoft issues out-of-band patch

2008-12-19 Thread n3td3v
"The software giant rushed out a fix for the security issue in eight days, following its discovery that online criminals were using the flaw to attack Internet users." http://www.securityfocus.com/brief/873 This is because they usually hold back disclosure and patch release so the intelligence se

[Full-disclosure] SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactions remote command injection vulnerability

2008-12-19 Thread Bernhard Mueller
SEC-CONSULT Security Advisory < 20081219-0 > === title: Fujitsu-Siemens WebTransactions Remote Command Injection Vulnerability program: WebTransactions vulnerable version:

Re: [Full-disclosure] Realtek Sound Manager (rtlrack.exe1.15.0.0) Bufferoverflow exploit

2008-12-19 Thread j-f sentier
Also you forgot to give the credit to shinnai who originaly found this bug : http://milw0rm.com/exploits/7492 2008/12/19 j-f sentier > "any jobs offers are ALWAYS welcome!" > Kmart is hiring, you'll may find a job there. > btw your code is horrible. > > > 2008/12/19 > >> /* >> >> Realtek Sound

Re: [Full-disclosure] Realtek Sound Manager (rtlrack.exe1.15.0.0) Bufferoverflow exploit

2008-12-19 Thread j-f sentier
"any jobs offers are ALWAYS welcome!" Kmart is hiring, you'll may find a job there. btw your code is horrible. 2008/12/19 > /* > > Realtek Sound Manager (rtlrack.exe1.15.0.0) Bufferoverflow exploit > copyrights Bartosz Wójcik (Bartosz Wojcik) / bart^xt > all rights reserved! > > any jobs offers

[Full-disclosure] Realtek Sound Manager (rtlrack.exe1.15.0.0) Bufferoverflow exploit

2008-12-19 Thread bartoszwojcik
/* Realtek Sound Manager (rtlrack.exe1.15.0.0) Bufferoverflow exploit copyrights Bartosz Wójcik (Bartosz Wojcik) / bart^xt all rights reserved! any jobs offers are ALWAYS welcome! more on my websites: http://www.goldenline.pl/bartosz-wojcik5 http://wojcikbartosz.blogspot.com/ http://www.pelock.co