This site http://packetstormsecurity.org/
is up and running now.
Juha-Matti
Frank Stefan Sundberg Solli [frankste...@gmail.com] kirjoitti:
> The site is down due to ddos amongst others, OTW, milw0rm, THC and HITB,
> check out the mirror list of packetstorm, packetstorm is mirrored in
> almost
On Wed, 23 Jun 2010 20:12:24 +
"Thor (Hammer of God)" wrote:
> I know better than to bring up the "Australia" vs "New Zealand"
> bit. Speaking of which, was there an "Old Zealand?" ;)
Yes, it's a province in Holland.
--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:124
http://www.mandriva.com/security/
Redspin Security Notice -- RSN-2010-01
Multiple vulnerabilities in OpenEMR Electronic Medical Record Software
Overview
Quote from http://www.oemr.org/
OpenEMR is a free medical practice management, electronic medical records,
prescription writing, and medical billing application.
I guess that explains the sheep.
From: Meadow
Sent: Wednesday, June 23, 2010 1:39 PM
To: Thor (Hammer of God)
Cc: Paul Craig; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Microsoft Help Files (.CHM): 'Locked File'
Feature Bypass
Thor - Zealand is where your wife was born.
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Novell iManager Multiple Vulnerabilities
1. *Advisory Information*
Title: Novell iManager Multiple Vulnerabilities
Advisory Id: CORE-2010-0
Glad to hear it - my "preface settings" aren't working right so pardon the top
post.
I'm glad you replied with that info - that's good info... I can leverage the
same thing in RDP sessions then (or it seems like). I didn't get the full
implications from the post as you noted.
RE the MSFT bit
P.P.S. - There actually was a code bug where I didn't update the base when A-Z
+ was being used. The algorithm works and is unaffected though the results for
"this" password were not accurate with A-Z. This has been fixed and noted on
the site. Thanks John.
t
From: full-disclosure-boun...@li
ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-113
June 23, 2010
-- CVE ID:
CVE-2010-1199
-- Affected Vendors:
Mozilla Firefox
-- Affected Products:
Mozilla Firefox 3.6.x
-- TippingPoint(TM) IPS Customer Protection:
T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:123
http://www.mandriva.com/security/
FYI, after taking it offline, there was confusion about what was being done and
when. The below comments are not an issue as I understand it.
If anyone would like to offer opinions after reading the markup, they are
welcome.
t
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disc
Am 22.06.2010 17:16, schrieb Paul Schmehl:
> Yes, you should use antivirus software if you're running windows
Nope. For regular users clicking every link and using firefox and office
and nothing else, maybe. But for somewhat experienced people with a
large toolset on the machine: NO! Approximately
On 6/23/10 12:38 PM, Gary Baribault wrote:
> In this attack, there's no need to throttle, the attacking computers hit
> it once every 15 seconds or so from many different sources. My denyhosts
> is not blocking 99.999% of the attempts.
>
> Gary Baribault
> Courriel: g...@baribault.net
> GPG Key: 0
In this attack, there's no need to throttle, the attacking computers hit
it once every 15 seconds or so from many different sources. My denyhosts
is not blocking 99.999% of the attempts.
Gary Baribault
Courriel: g...@baribault.net
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C
On 6/23/10 4:22 AM, yersinia wrote:
> On Thu, Jun 17, 2010 at 4:21 PM, Samuel Martín Moro wrote:
>
>>
>> I also don't want to change my ssh port, nor restrict incoming IPs, ... and
>> I use keys only to log in without entering password.
>> So you're not alone.
>> I had my IP changed several times,
Cor ,
Sometimes you need anarchy to spread awareness! Which is primary
priority... Rest are secondary issues.
What next? Government should keep an updated statistic of antivrus
software that can survive the "wild" (well most of the time) and those
softwares that fail to do so at largest occasions
Took me a second to know what you were saying - I was already replying that I
*did* go through the required space. But I think you are right - in the
algorithm I'm using, I "stop" at the character in each column since I know what
it is. If I read you correctly, your saying that it would only m
Hey man - hope all is well.
FYI- I tried your example file and by default nothing worked on Windows 7. The
"loading and embedded file" says "this file is blocked", The file spawn
requires a script prompt with a "automation error" after that, the windows
control panel didn't launch at all, an
This looks great, but I have a question about your "how long would it take
to crack *this* password" analysis on your web site. In your example, you
choose aaNotGood, a 13 character mixed case password, and said it could
be cracked in 44 days. But to crack a 13 digit mixed case password (know
Advisory Name: Arbitrary File Download in InterScan Web Security Virtual
Appliance 5.0
Internal Cybsec Advisory Id: 2010-0606
Vulnerability Class: Arbitrary File Download
Release Date: To be confirmed
Affected Applications: Confirmed in InterScan Web Security Virtual Appliance
5.0.
Advisory Name: Arbitrary File Upload in InterScan Web Security Virtual
Appliance 5.0.
Internal Cybsec Advisory Id: 2010-0605
Vulnerability Class: Arbitrary File Upload
Release Date: 22-06-2010
Affected Applications: Confirmed in InterScan Web Security Virtual Appliance
5.0. Other v
Advisory Name: Local Privilege Escalation in InterScan Web Security Virtual
Apliance 5.0
Internal Cybsec Advisory Id: 2010-0604
Vulnerability Class: Local Privilege Escalation
Release Date: 22-06-2010
Affected Applications: InterScan Web Security Virtual Aplliance 5.0. Other
versio
Hi to all,
I just posted a brief analysis about subject at
http://extraexploit.blogspot.com/2010/06/spyeye-spreading-with-spynet-black-hat.html
Feedback are welcome.
Thank you for your attention.
--
http://extraexploit.blogspot.com
___
Full-Disclosu
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ ___ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( <_> \ Y Y \
/__ /\___|__ / \>_ __/|__|_| /
\/ \/.-.\/ \/:wq
On Thu, Jun 17, 2010 at 4:21 PM, Samuel Martín Moro wrote:
>
> I also don't want to change my ssh port, nor restrict incoming IPs, ... and
> I use keys only to log in without entering password.
> So you're not alone.
> I had my IP changed several times, my servers are only hosting personal
> data.
Security Advisory
IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting
Advisory Information
Published (dd/mm/yy):
23/06/2010
Updated (dd/mm/yy):
23/06/2010
Manufacturer: Linksys
Model: WAP54G
Hardware version: v3.x
Firmware version: ver.3.05.03 (Europe)
26 matches
Mail list logo