With all the discussions surrounding the PHP-Nuke CMS wrapping phpBB2 as
its forums, I've released an application called Analyzer (version 2.0)
available from Download.com.
It checks the following versions and reports if newer versions exist:
mysql
php
apache
phpnuke
phpbb
It also checks certa
Youo know I was thinking about how ironic it is that one should mention
"Full Disclosure" and "responsibility" in the same paragraph. How many
more redundant threads will one have to parse through regarding the
irresponsibilities of vendors who won't release a fix in a timely manner.
Then read mor
On Fri, 16 Sep 2005, 'FoR ReaLz' E. Balansay wrote:
> On Fri, 16 Sep 2005, Madison, Marc wrote:
>
> > What Trojan does McAfee report?
>
> Exploit-URLSpoof.gen
See the %00? That is probably wat mcafee calls a Exploit-URLSpoof.gen. I
would hardly call it a trojan ... still, it is interesting to
This is an accurate detection. Google returns results that contain a
hyperlink that contains the exploit.
I've verified both the detection and exploit.
Craig
==
Using XP SP2s Internet Explorer, in Google, i used the following search
query:
mcafee "driver packet received from the i/o
Hello!
I noticed the same message as well =), we're not using the ebay toolbar.
I have just verified these results from a Win2k3 fully patched machine
with no additional applications installed, except for McAfee 7.1.
Would someone else like to search google for those terms and verify as
well
Title: Re: Search Results w/ Trojan?
I Noticed the following on the McAffee site
-- Update July 16, 2004 --
An Incorrect Identification of Exploit-URLSpoof.gen has been found when scanning files associated with the eBay Toolbar. The file being detected as Exploit-URLSpoof.gen is wsasc.xm
Firefox navigation bug fixed (sorry about
that)
Paul
Greyhats Security
http://greyhatsecurity.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia
On Fri, 16 Sep 2005, Madison, Marc wrote:
What Trojan does McAfee report?
Exploit-URLSpoof.gen
McAfee link:
http://vil.nai.com/vil/content/v_100927.htm
Goodbye!
Edgardo
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-
What Trojan does McAfee report?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 'FoR
ReaLz' E. Balansay
Sent: Friday, September 16, 2005 2:40 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Search Results w/Trojan?
Hello all!
My syst
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Aditya!
On Fri, 16 Sep 2005, Aditya Deshmukh wrote:
> > > What alternatives are there to pgpnet ?
> >
> > Have a look at OpenVPN.
>
> Thanks Martijn, but isn`t that a SSL vpn ? And from what I
> have read about PGPnet I need a IPSEC VPN that uses
It's been a while, but I have decided that because
a lot of valuable information is hosted on greyhatsecurity.org, that it is
within everyone's best interest to share the material.
Some things that have changed:
- The layout. The navigation system looks a lot
cooler now (IMHO) and is easier
Get in line:
http://www.eeye.com/html/research/upcoming/20050915.html
More:
http://www.eeye.com/html/research/upcoming/index.html
- ferg
-- "'FoR ReaLz' E. Balansay" <[EMAIL PROTECTED]> wrote:
Hello all!
My systems relevant info:
Windows XP SP2 fully patched
Mcafee VirusScan 7.1 Engine 4.
Hello all!
My systems relevant info:
Windows XP SP2 fully patched
Mcafee VirusScan 7.1 Engine 4.4 Definition 4581
Using XP SP2s Internet Explorer, in Google, i used the following search
query:
mcafee "driver packet received from the i/o subsystem" "patch 11"
When the results return from goo
This problem also effects Thunderbird (tested) and im guessing
Netscape's Mail client (untested) which it really can't do much except
cause Thunderbird/Netscape to crash without javascript.
Include the linked source in an email for your testing.
http://www.milw0rm.com/down.php?id=1204
/str0ke
TAC Vista is based on open technologies, TAC VistaR is one of the most
advanced software solutions for building automation.
TAC Vista efficiently and economically controls, checks and analyzes all
building operations, allowing system operators to control and monitor entire
systems on site or from
PASTOR ADRIAN wrote:
> Title:FileZilla (client) public credentials vulnerability
> Risk:Medium
> Versions affected: <=2.2.15
> Credits: pagvac (Adrian Pastor)
> Date found: 10th September, 2005
> Homepage: www.ikwt.com www.adrianpv.com
> E-mail: m123303 [ - a t - ] richmond.ac.uk
>
On 9/12/05, Nick FitzGerald <[EMAIL PROTECTED]> wrote:
> Anyway, much as I am an _only very occasional_ user of Ghost, I don't
> think I've ever used it NOT to make a sector-level, or raw disk image,
> style drive copy. However, as I last used it so long ago, I decided to
> check I was not mis-rem
> > What alternatives are there to pgpnet ?
>
> Have a look at OpenVPN.
Thanks Martijn, but isn`t that a SSL vpn ? And from what I
have read about PGPnet I need a IPSEC VPN that uses
PGP keys to do the auth.
I know for ipsec VPNs I could use the winxp's builtin
But that would require moving a
This problem also effects Thunderbird (tested) and im guessing
Netscape's Mail client (untested) which it really can't do much except
cause Thunderbird/Netscape to crash without javascript.
Include the linked source in an email for your testing.
http://www.milw0rm.com/down.php?id=1204
/str0ke
O
> List: full-disclosure
> Subject:Re: [Full-disclosure] NUL Character Evasion
> From: fd () ew ! nsci ! us
> Date: 2005-09-15 19:57:30
>
> > > On Thu, 15 Sep 2005, Williams, James K wrote:
> > > List: full-disclosure
> > > Subject:[Full-disclosure] NUL Character Eva
If it's on your site, then it's released.. security sites publish
advisories as soon as they are online.
put an index or just put your advisories there when you wanna release
them if you don't want to annoy us and to be annoyed by leechers
i didn't find any reference about the D1g1t4lLeech mentione
Aditya Deshmukh zei:
> What alternatives are there to pgpnet ?
Have a look at OpenVPN.
M4
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
> This is a bug in lsadump2 - there's a type mismatch in one of the
> functions, although I forget which one. Something is a pointer which
> shouldn't be, or vice versa. Once you fix that, it'll be good to go.
Are you sure about that ?
After investigating deeper, I found several problems in LSADUM
Hello Mister D1g1t4lLeech,
You are not able to find by yourself security holes ;)
So you leech other people research.
Go back to you kazaa leech.
Secunia you continu to don't respect vendor release date ;)
Bye
___
Full-Disclosure - We believe in it.
#
arc insecure temporary file creation
Vendor: http://arc.sourceforge.net/
Advisory: http://www.zataz.net/adviso/arc-09052005.txt
Vendor informed: yes
Exploit available: yes
Impact : low
Exploitation : low
#
ncompress insecure temporary file creation
Vendor: ftp://ftp.leo.org/pub/comp/os/unix/linux/sunsite/utils/compress/
Advisory: http://www.zataz.net/adviso/ncompress-09052005.txt
Vendor informed: yes
Exploit available: yes
Impact : low
Expl
#
gwcc insecure temporary file creation
Vendor: http://gwcc.sourceforge.net/
Advisory: http://www.zataz.net/adviso/gwcc-09052005.txt
Vendor informed: yes
Exploit available: yes
Impact : low
Exploitation : low
##
Hi,
For those who are interrested, new version (0.1c) of TAPiON (polymorphic
decryptor generator) is now available. The package can be downloaded at:
http://pb.specialised.info/all/tapion/
- the list of changes in 0.1c version is also stored at this url.
best regards,
Piotr Bania
--
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 815-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 16th, 2005
Dear Steffen Kluge,
This is old news reported long time ago by ben moeckel (ben.moeckel at
online.de), see http://www.security.nnov.ru/advisories/content.asp
9. Bypassing filters with special characters
There are some characters client application may ignore silently. For
Example, for HTML
Title:
FileZilla (client) public credentials vulnerabilityRisk:
MediumVersions
affected: <=2.2.15Credits: pagvac (Adrian Pastor)Date
found: 10th September, 2005Homepage: www.ikwt.com www.adrianpv.comE-mail: m123303
[ - a t - ] richmond.ac.uk
Background--FileZilla client is
31 matches
Mail list logo