Re: [Full-disclosure] Hash

2009-10-27 Thread Fionnbharr
Bonjour! Is this going to be another grossly misdiagnosed bug? Also I'm glad you put that /usr/bin at the start, it would have been confusing otherwise. 2009/10/27 laurent gaffie : > For the record : > /usr/bin/shasum advisory.txt > 9fefeeb9d3ebf7c6822961e59ae94cfb655bcd53  advisory.txt > > Rega

[Full-disclosure] [G-SEC 49-2009] McAfee generic PDF detection bypass

2009-10-27 Thread Thierry Zoller
McAfee multiple products - Generic PDF detection bypass *** Cheap plug :

[Full-disclosure] [G-SEC 48-2009] F-SECURE - Generic PDF detection bypass

2009-10-27 Thread Thierry Zoller
F-SECURE multiple products - Generic PDF detection bypass *** Cheap plug

[Full-disclosure] [G-SEC 47-2009] Symantec generic PDF detection bypass

2009-10-27 Thread Thierry Zoller
Symantec multiple products - Generic PDF bypass *** Cheap plug : Speak

[Full-disclosure] VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues

2009-10-27 Thread VMware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2009-0015 Synopsis: VMware hosted products and ESX patches resolve two security

[Full-disclosure] Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation

2009-10-27 Thread Tavis Ormandy
Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation - In protected mode, cpl is usually equal to the two least significant bits of the cs register. However, there is an exception: in Virtual-8086

[Full-disclosure] Strange repeating probes to port 80

2009-10-27 Thread boris mutina
Dear list readers, for unknown reason I decided to create very lame honeypot. I took WXP, enabled IIS and forwarded ports 80 and 135 (both TCP and UDP). Then I started IIS logging and started Wireshark to capture everything on the wire. I was not expecting any special result but what I got is somet

[Full-disclosure] Cherokee Web Server 0.5.4 Denial Of Service

2009-10-27 Thread usman
Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] [*] Download Page : http://www.cherokee-project.com/download/windows/ [*] Attack type : Remote [*] Patch Status : Unpatched [*] Exploitation : #!/usr/bin/perl # Cherokee Web Server 0.5

[Full-disclosure] [SECURITY] [DSA-1920-1] New nginx packages fix denial of service

2009-10-27 Thread Stefan Fritsch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1920-1 secur...@debian.org http://www.debian.org/security/ Stefan Fritsch October 26, 2009

[Full-disclosure] [SECURITY] [DSA 1919-1] New smarty packages fix several vulnerabilities

2009-10-27 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1919-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 25, 2009

[Full-disclosure] [SECURITY] [DSA 1918-1] New phpmyadmin packages fix several vulnerabilities

2009-10-27 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1918-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 25, 2009

[Full-disclosure] iAWACS PWN2RM Challenge Results

2009-10-27 Thread Anthony . DESNOS
How to disable McAfee/NOD32/GDATA/Norton/AVG/Kaspersky/DrWeb ?! http://www.esiea-recherche.eu/data/pwn2rm.pdf ! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia