[Full-disclosure] strange domain name in phishing email
hi, I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htm If you click it, it goes to a fake ebay server. The DNS result shows: 1406379699 Server: Address: Name: ip-166-179.sn2.eutelia.it Address: 83.211.166.179 I do not understand why 1406379699 equal to ip-166-179.sn2.eutelia.it? Thanks for your help. yours, jqxin2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 google is cool http://www.alexcarlock.com/ip.asp Jianqiang Xin wrote: hi, I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htm If you click it, it goes to a fake ebay server. The DNS result shows: 1406379699 Server: Address: Name:ip-166-179.sn2.eutelia.it http://ip-166-179.sn2.eutelia.it Address: 83.211.166.179 http://83.211.166.179 I do not understand why 1406379699 equal to ip-166-179.sn2.eutelia.it http://ip-166-179.sn2.eutelia.it? Thanks for your help. yours, jqxin2006 -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __ NOD32 1.1438 (20060310) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEEqCWFJS99fNfR+YRAtKmAKCnpts+WgH6xXo/6FY1Ic3KjkDa+gCfaYaa HBpMyL+whXgLoHo/tg//MD0= =mlVo -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
Jianqiang Xin wrote: I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htm This is a very old technique. Most people think that dotted-quad decimal is the only way to express an IP address but they can in fact be written in a variety of formats - octal, hexadecimal, and/or combined as a single 32 bit word. Read http://www.pc-help.org/obscure.htm for more. Brian ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
Could it be a 301 permanent redirect? Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 04:57 AM 3/11/2006, Jianqiang Xin wrote: hi, I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htmhttp://1406379699/dbweb/ws/ebay/index.htm If you click it, it goes to a fake ebay server. The DNS result shows: 1406379699 Server: Address: Name:http://ip-166-179.sn2.eutelia.itip-166-179.sn2.eutelia.it Address: http://83.211.166.17983.211.166.179 I do not understand why 1406379699 equal to http://ip-166-179.sn2.eutelia.itip-166-179.sn2.eutelia.it? Thanks for your help. yours, jqxin2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] INFIGO-2006-03-01 exploit
http://prdelka.blackart.org.uk/exploitz/prdelka-vs-GNU-peercast.c ___ NEW Yahoo! Cars - sell your car and browse thousands of new and used cars online! http://uk.cars.yahoo.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] AntiVir PersonalEdition Classic: Local Privilige Escalation
Application: AntiVir PersonalEdition Classic Site:http://www.free-av.de/ Version: 7 and maybe lower OS: Windows XP, Windows 2000 Bugs:Local Privilige Escalation Product: = AntiVir PersonalEdition Classic Windows from Avira GmbH protects your computer from viruses, malware, unwanted programs and other dangers. About: = A few days ago I discovered a little 'Local Privilege Escalation' Bug in the current version of AntiVir PersonalEdition Classic. Description: = Part of AntiVir PersonalEdition Classic is a service called 'AntiVir PersonalEdition Classic Planer' which runs with SYSTEM rights. If you start the update process using the GUI, AntiVir will show you a status window. After finishing the process AntiVir offers you a report. Open the report using the button 'Report' and AntiVir will open the report in the well known application 'notepad.exe'. Well, since the update was initiated by the service 'AntiVir PersonalEdition Classic Planer', which runs with SYSTEM rights, notepad.exe inherits these rights now. Use 'notepad.exe' to *run* 'compmgmt.msc' for example and... Well, you know what might happen now. History: = 2006-03-04: Found the Bug and mailed Vendor 2006-03-05: Response from vendor, checking the problem 2006-03-09: Response from vendor, fix is on the way. ports -- SYS 64767 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] reduction of brute force log
Gary E. Miller wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Bob! On Tue, 28 Feb 2006, Bob Radvanovsky wrote: I am going to test these rules out -- this looks REALLy good! But...I'v e got just ONE question: why on Earth would you permit ICMP??? No ICMP means no P-MTU. No P-MTU mean non-working tunnels. You want to shoot yourself in the foot, tben go ahead and block ICMP. All icmp messages related to pmtud are just that, RELATED. So they are allowed by a previous rule. M4 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Skype emoticons problems and vulnerabilities
Affected versions : 1.x ( not tested on 2.x ) Skype is vulnerable to dos using the emoticons when u do a bigger enough list of them like this : :D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D -- Best Regards, Aleksander Hristov root at securitydot.net http://securitydot.net ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability
INetCop Security Advisory #2006-0x82-029 * Title: zeroboard IP session bypass XSS vulnerability 0x01. Description Zeroboard is a popular web notice board used in Korea. INetCop Security found XSS vulnerability in the latest zeroboard version 4.1 pl 7 (2005. 4. 4). Basically, zeroboard uses the following algorithm so that session may not be abused by the attack related with cookie. (e.g: cookie spoofing, sniffing) After login, is part that handle session: -- bbs/login_check.php: ... 24 // 회원로그인이 성공하였을 경우 세션을 생성하고 페이지를 이동함 25 if($member_data[no]) { 26 27 if($auto_login) { 28 makeZBSessionID($member_data[no]); 29 } 30 31 // 4.0x 용 세션 처리 32 $zb_logged_no = $member_data[no]; 33 $zb_logged_time = time(); 34 $zb_logged_ip = $REMOTE_ADDR; --- Recording IP address 35 $zb_last_connect_check = '0'; 36 37 session_register(zb_logged_no); 38 session_register(zb_logged_time); 39 session_register(zb_logged_ip); 40 session_register(zb_last_connect_check); 41 -- If IP address is different from present session user's, connection terminates: -- bbs/lib.php: 94 // 세션 값을 체크하여 로그인을 처리 95 } elseif($HTTP_SESSION_VARS[zb_logged_no]) { 96 97 // 로그인 시간이 지정된 시간을 넘었거나 로그인 아이피가 현재 사용자의 아이피와 다를 경우 로그아웃 시킴 98 if(time()-$HTTP_SESSION_VARS[zb_logged_time] $_zbDefaultSetup[login_time]||$HTTP_SESSION_VARS[zb_logged_ip]!=$REMOTE_ADDR) { 99 100 $zb_logged_no=; // session initialization 101 $zb_logged_time=; 102 $zb_logged_ip=; 103 session_register(zb_logged_no); 104 session_register(zb_logged_ip); 105 session_register(zb_logged_time); 106 session_destroy(); 107 108 // 유효할 경우 로그인 시간을 다시 설정 109 } else { -- This seems to be intercepting cookie hacking. But, if we take advantage of IP session disablement technique, session bypassing may be possible. Detailed explanation about the way to exploit this vulnerability is found at the following reference. URL: http://x82.inetcop.org/h0me/papers/iframe_tag_exploit.txt (Korean) As a result, hacker through administrator's web browser exploit code workably become. -- 0x02. Vulnerable Packages Vendor site: http://www.nzeo.com/ Low versions including Zeroboard 4.1 pl 7 (2005. 4. 4) version. -zb41pl7.tar.Z Disclosure Timeline: 2003-04.??: Vulnerabilities found. 2006-02.17: 1st vendor contact. (didn't respond) 2006-02.22: 2nd vendor contact. (didn't respond) 2006-02.25: Vendor responded, patch released. 2006-03.12: Public disclosure. 0x03. Exploit We have 2 `Proof-of-Concept' exploit about this vulnerability. This XSS vulnerability happens in memo box title and user email, homepage information input. When administrator logins and checks a user information page, attack code can be achieved, and there is another way, which injects an attack code in memo title. After exploit, an attacker can inject PHP code through an administrator web page function. Through this PHP code injection, the attacker(normal user) can change the password of administrator, and take administrator's privilege To prevent the abuse of this vulnerabilty, INetCop Security will not publish POC code. 0x04. Patch INetCop Security released temporary patch: INetCop Security Patch URL: http://inetcop.net/upfiles/Zeroboard-4.1_pl7_patch.tgz And vendor's patch after INetCop Security advisory: Vendor Patch URL: http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2no=5406 -- Thank you. P.S: I give thanks to Securityproof that suffer translation. Korean Advisory URL: http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf -- By dong-houn yoU (Xpl017Elz), in INetCop(c) Security. MSN E-mail: szoahc(at)hotmail(dot)com, xploit(at)hackermail(dot)com INetCop Security Home: http://www.inetcop.org My World: http://x82.inetcop.org GPG public key: http://x82.inetcop.org/h0me/pr0file/x82.k3y -- -- ___ Get your free email from http://www.hackermail.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] (no subject)
Advisory 2006-03-11 Buffer Overflow in Microsoft Windows XP I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Microsoft Windows XP crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Windows XP has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006- to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *Dave King [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11Off-by-one in Microsoft Word
Advisory 2006-03-11 Off-by-one in Microsoft Word I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Microsoft Word crash by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Word has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-407802 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *iDEFENSE Labs [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11DoS Vulnerability in Microsoft Windows 2003
Advisory 2006-03-11 DoS Vulnerability in Microsoft Windows 2003 I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Windows 2003 has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-227302 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *iDEFENSE Labs [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11DoS Vulnerability in Microsoft Windows 2000
Advisory 2006-03-11 DoS Vulnerability in Microsoft Windows 2000 I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Windows 2000 has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-902351 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *iDEFENSE Labs [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11DoS Vulnerability in Microsoft Windows XP
Advisory 2006-03-11 DoS Vulnerability in Microsoft Windows XP I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Windows XP has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-686948 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *iDEFENSE Labs [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11Local Privilege Escalation Vulnerability in AOL Client Software
Advisory 2006-03-11 Local Privilege Escalation Vulnerability in AOL Client Software I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION AOL Client Software incorrectly validates user input III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE AOL Client Software has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-636555 to this issue. APPENDIX A. - Vendor Information http://www.aol.com APPENDIX B. - References NONE CONTACT: *ZATAZ Audits [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Directory Transversal in
Tripwire Message-ID: [EMAIL PROTECTED] X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=iso-8859-1 Advisory 2006-03-11 Directory Transversal in Tripwire I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Remote exploitation of a directory traversal vulnerability in Tripwire could allow attackers to overwrite or view arbitrary files with user-supplied contents. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Tripwire has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-891531 to this issue. APPENDIX A. - Vendor Information http://www.tripwire.com/ APPENDIX B. - References NONE CONTACT: * Suresec Advisories [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Off-by-one in
VMware Message-ID: [EMAIL PROTECTED] X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=iso-8859-1 Advisory 2006-03-11 Off-by-one in VMware I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make VMware crash by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE VMware has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-861530 to this issue. APPENDIX A. - Vendor Information http://www.vmware.com/ APPENDIX B. - References NONE CONTACT: *mike king [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Integer Overflow in
ISC BIND Message-ID: [EMAIL PROTECTED] X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=iso-8859-1 Advisory 2006-03-11 Integer Overflow in ISC BIND I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION ISC BIND incorrectly parses integer data III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE ISC BIND has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-205043 to this issue. APPENDIX A. - Vendor Information http://www.isc.org/index.pl?/sw/bind/ APPENDIX B. - References NONE CONTACT: *Geo. [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 DoS Vulnerability in
Microsoft Windows 2000 Message-ID: [EMAIL PROTECTED] X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=iso-8859-1 Advisory 2006-03-11 DoS Vulnerability in Microsoft Windows 2000 I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Windows 2000 has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-541517 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *Johannes Schneider [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Directory Transversal in
Microsoft Access Message-ID: [EMAIL PROTECTED] X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=iso-8859-1 Advisory 2006-03-11 Directory Transversal in Microsoft Access I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Remote exploitation of a directory traversal vulnerability in Microsoft Access could allow attackers to overwrite or view arbitrary files with user-supplied contents. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Access has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-668264 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *Nic Werner [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 DoS Vulnerability in ISC OpenReg
Advisory 2006-03-11 DoS Vulnerability in ISC OpenReg I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE ISC OpenReg has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-662274 to this issue. APPENDIX A. - Vendor Information http://www.isc.org/index.pl?/sw/openreg/ APPENDIX B. - References NONE CONTACT: *KaiJern Lau [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Local Privilege Escalation Vulnerability in
Advisory 2006-03-11 Local Privilege Escalation Vulnerability in I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION incorrectly validates user input III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-511492 to this issue. APPENDIX A. - Vendor Information APPENDIX B. - References NONE CONTACT: *Tim Saunders [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Buffer Overflow in VMware
Advisory 2006-03-11 Buffer Overflow in VMware I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make VMware crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE VMware has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-374780 to this issue. APPENDIX A. - Vendor Information http://www.vmware.com/ APPENDIX B. - References NONE CONTACT: *Randal [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Local Privilege Escalation Vulnerability in Apple MacOSX
Advisory 2006-03-11 Local Privilege Escalation Vulnerability in Apple MacOSX I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Apple MacOSX incorrectly validates user input III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Apple MacOSX has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-285537 to this issue. APPENDIX A. - Vendor Information http://www.apple.com/macosx/ APPENDIX B. - References NONE CONTACT: *Evgeny Legerov [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Off-by-one in ISC INN
Advisory 2006-03-11 Off-by-one in ISC INN I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make ISC INN crash by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE ISC INN has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-116142 to this issue. APPENDIX A. - Vendor Information http://www.isc.org/index.pl?/sw/inn/ APPENDIX B. - References NONE CONTACT: *A. Ramos [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Directory Transversal in Apple iTunes
Advisory 2006-03-11 Directory Transversal in Apple iTunes I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Remote exploitation of a directory traversal vulnerability in Apple iTunes could allow attackers to overwrite or view arbitrary files with user-supplied contents. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Apple iTunes has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-148231 to this issue. APPENDIX A. - Vendor Information http://www.apple.com/itunes/ APPENDIX B. - References NONE CONTACT: *Francisco Amato [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 DoS Vulnerability in Apple iTunes
Advisory 2006-03-11 DoS Vulnerability in Apple iTunes I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Apple iTunes has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-596484 to this issue. APPENDIX A. - Vendor Information http://www.apple.com/itunes/ APPENDIX B. - References NONE CONTACT: *Peter Besenbruch [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Off-by-one in Microsoft PowerPoint
Advisory 2006-03-11 Off-by-one in Microsoft PowerPoint I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Microsoft PowerPoint crash by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft PowerPoint has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-167912 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *Fortinet Research [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Off-by-one in Ethereal
Advisory 2006-03-11 Off-by-one in Ethereal I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Ethereal crash by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Ethereal has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-200917 to this issue. APPENDIX A. - Vendor Information http://www.ethereal.com/ APPENDIX B. - References NONE CONTACT: *Tom Ferris [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Off-by-one in VMware
Advisory 2006-03-11 Off-by-one in VMware I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make VMware crash by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE VMware has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-617555 to this issue. APPENDIX A. - Vendor Information http://www.vmware.com/ APPENDIX B. - References NONE CONTACT: *3APA3A [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-139995 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-121950 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 DoS Vulnerability in Microsoft Windows 2000
Advisory 2006-03-11 DoS Vulnerability in Microsoft Windows 2000 I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Sending a specially crafted malformed packet to the services communication socket can create a loss of service. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Windows 2000 has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-505138 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *Aaron Horst [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-851795 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-618665 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-320353 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-987172 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-610618 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-802529 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Buffer Overflow in Microsoft Windows 2000
Advisory 2006-03-11 Buffer Overflow in Microsoft Windows 2000 I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Microsoft Windows 2000 crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Windows 2000 has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-658052 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *Paul Melson [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-915821 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-958918 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Heap Overflow in ISC INN
Advisory 2006-03-11 Heap Overflow in ISC INN I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make ISC INN crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE ISC INN has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-660971 to this issue. APPENDIX A. - Vendor Information http://www.isc.org/index.pl?/sw/inn/ APPENDIX B. - References NONE CONTACT: *Paul Kurczaba [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-866874 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-240993 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-912124 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-640866 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-483972 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-853279 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-508281 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-451029 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-391877 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-975090 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-522732 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-605933 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-871664 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 filthy nigger in Snort
Advisory 2006-03-11 filthy nigger in Snort I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make Snort crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Snort has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-192403 to this issue. APPENDIX A. - Vendor Information http://lol.poo.poo.bbq.dave.aitel.sucks.cocks.org/ APPENDIX B. - References NONE CONTACT: *Gadi Evron [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Heap Overflow in AOL Client Software
Advisory 2006-03-11 Heap Overflow in AOL Client Software I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION It is possible to make AOL Client Software crash or run arbitrary code by the use of malformed input. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE AOL Client Software has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-251293 to this issue. APPENDIX A. - Vendor Information http://www.aol.com APPENDIX B. - References NONE CONTACT: *gat0r [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Directory Transversal in Microsoft Windows 2000
Advisory 2006-03-11 Directory Transversal in Microsoft Windows 2000 I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Remote exploitation of a directory traversal vulnerability in Microsoft Windows 2000 could allow attackers to overwrite or view arbitrary files with user-supplied contents. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Microsoft Windows 2000 has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-310292 to this issue. APPENDIX A. - Vendor Information http://www.microsoft.com APPENDIX B. - References NONE CONTACT: *Robert Perriero [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Directory Transversal in Apple MacOSX
Advisory 2006-03-11 Directory Transversal in Apple MacOSX I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION Remote exploitation of a directory traversal vulnerability in Apple MacOSX could allow attackers to overwrite or view arbitrary files with user-supplied contents. III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE Apple MacOSX has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-442315 to this issue. APPENDIX A. - Vendor Information http://www.apple.com/macosx/ APPENDIX B. - References NONE CONTACT: *Josh perrymon [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/