Re: [Full-disclosure] firefox 2.0.0.2 crash
doesn't do that with a later version of gimp...: : 10:10 lois ~ ;gimp firefox-crash-save-session-before-clicking.gif GIF: too much input data, ignoring extra... GIF: bogus character 0x00, ignoring. GIF: too much input data, ignoring extra... GIF: bogus character 0x00, ignoring. GIF: bogus character 0x23, ignoring. GIF: bogus character 0xf9, ignoring. GIF: bogus character 0x04, ignoring. GIF: bogus character 0x05, ignoring. GIF: bogus character 0x0a, ignoring. GIF: bogus character 0x00, ignoring. GIF: bogus character 0x0e, ignoring. GIF: bogus character 0x00, ignoring. GIF: bogus character 0x04, ignoring. GIF: bogus character 0x37, ignoring. GIF: bogus character 0x10, ignoring. GIF: bogus character 0xc8, ignoring. GIF: bogus character 0x29, ignoring. GIF: bogus character 0xea, ignoring. GIF: bogus character 0xbc, ignoring. GIF: bogus character 0xb7, ignoring. GIF: bogus character 0x0e, ignoring. GIF: bogus character 0x63, ignoring. GIF: bogus character 0xaa, ignoring. GIF: bogus character 0xc0, ignoring. GIF: bogus character 0x40, ignoring. GIF: bogus character 0xc5, ignoring. GIF: bogus character 0x0d, ignoring. GIF: bogus character 0xc7, ignoring. GIF: bogus character 0x41, ignoring. GIF: bogus character 0x70, ignoring. GIF: bogus character 0x9f, ignoring. GIF: bogus character 0xf4, ignoring. GIF: bogus character 0x09, ignoring. GIF: bogus character 0xe4, ignoring. GIF: bogus character 0x61, ignoring. GIF: bogus character 0x0c, ignoring. GIF: bogus character 0x44, ignoring. GIF: bogus character 0x6b, ignoring. GIF: bogus character 0x01, ignoring. GIF: bogus character 0x84, ignoring. GIF: bogus character 0x36, ignoring. GIF: bogus character 0xb4, ignoring. GIF: bogus character 0xe3, ignoring. GIF: bogus character 0xd9, ignoring. GIF: bogus character 0x09, ignoring. GIF: bogus character 0xe8, ignoring. GIF: bogus character 0xed, ignoring. GIF: bogus character 0x97, ignoring. GIF: bogus character 0x9c, ignoring. GIF: bogus character 0x52, ignoring. GIF: bogus character 0xad, ignoring. GIF: bogus character 0xc4, ignoring. GIF: bogus character 0xf2, ignoring. GIF: bogus character 0xfd, ignoring. GIF: bogus character 0x4c, ignoring. GIF: bogus character 0x84, ignoring. GIF: bogus character 0x5a, ignoring. GIF: bogus character 0xb2, ignoring. GIF: bogus character 0x68, ignoring. GIF: bogus character 0xdc, ignoring. GIF: bogus character 0x24, ignoring. GIF: bogus character 0x97, ignoring. GIF: bogus character 0x1e, ignoring. GIF: bogus character 0xa6, ignoring. GIF: bogus character 0xcf, ignoring. GIF: bogus character 0xf0, ignoring. GIF: bogus character 0xac, ignoring. GIF: bogus character 0x45, ignoring. GIF: bogus character 0x00, ignoring. GIF: bogus character 0x00, ignoring. GIF: too much input data, ignoring extra... GIF: bogus character 0x00, ignoring. GIF: too much input data, ignoring extra... GIF: bogus character 0x00, ignoring. GIF: too much input data, ignoring extra... GIF: bogus character 0x61, ignoring. GIF: bogus character 0x1a, ignoring. GIF: bogus character 0xe1, ignoring. GIF: bogus character 0xe5, ignoring. GIF: bogus character 0x1c, ignoring. GIF: bogus character 0xc7, ignoring. GIF: bogus character 0x84, ignoring. GIF: bogus character 0x92, ignoring. GIF: bogus character 0xa5, ignoring. GIF: bogus character 0xe1, ignoring. GIF: bogus character 0x10, ignoring. GIF: bogus character 0xc4, ignoring. GIF: bogus character 0xda, ignoring. GIF: bogus character 0x92, ignoring. GIF: bogus character 0x03, ignoring. GIF: bogus character 0x6b, ignoring. GIF: bogus character 0xb2, ignoring. GIF: bogus character 0x97, ignoring. GIF: bogus character 0x30, ignoring. GIF: bogus character 0x0c, ignoring. GIF: bogus character 0xb6, ignoring. GIF: bogus character 0x5a, ignoring. GIF: bogus character 0xef, ignoring. GIF: bogus character 0xe7, ignoring. GIF: bogus character 0x30, ignoring. GIF: bogus character 0xd0, ignoring. GIF: bogus character 0x54, ignoring. GIF: bogus character 0x3e, ignoring. GIF: bogus character 0xa0, ignoring. GIF: bogus character 0x51, ignoring. GIF: bogus character 0x38, ignoring. GIF: bogus character 0x49, ignoring. GIF: bogus character 0x16, ignoring. GIF: bogus character 0x8f, ignoring. GIF: bogus character 0x2a, ignoring. GIF: bogus character 0xe2, ignoring. GIF: bogus character 0x12, ignoring. GIF: bogus character 0xf9, ignoring. GIF: bogus character 0x1b, ignoring. GIF: bogus character 0x4c, ignoring. GIF: bogus character 0x7b, ignoring. GIF: bogus character 0x8e, ignoring. GIF: bogus character 0xdf, ignoring. GIF: bogus character 0xb5, ignoring. GIF: bogus character 0xe9, ignoring. GIF: bogus character 0x62, ignoring. GIF: bogus character 0x72, ignoring. GIF: bogus character 0x25, ignoring. GIF: bogus character 0x2f, ignoring. GIF: bogus character 0x55, ignoring. GIF: bogus character 0x16, ignoring. GIF: bogus character 0x6d, ignoring. GIF: bogus character 0x98, ignoring. GIF: bogus character 0x38, ignoring. GIF: bogus character 0x02, ignoring. GIF: bogus character 0x00,
Re: [Full-disclosure] firefox 2.0.0.2 crash
On Fri, Mar 09, 2007, Tõnu Samuel wrote: http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif I do NOT know anything else than this url. Just seen it in random discussion and anyone else I asked knows nothing. Current tests indicate that Mozilla 2.0.0.2 gets killed within second, 1.5.0.10 survives. I came up with that file using zzuf (http://sam.zoy.org/zzuf/). Manpage has an example on how to fuzz Firefox. Cheers, -- Sam. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] A small phishing operation
http://www.wachmannin.com/ http://www.szukozavrov.net/ http://szukozavrov.net/ http://www.trustguuny.com/ http://www.mennaepolisar.com/ http://www.rasdertan.com/ http://www.billibonce.org/ http://www.nesteasyrve.com/ http://www.raseedibones.com/ http://www.ahuevshayaaffza.com/ http://www.raspizdyaev.net/ All sites have a list1.txt filled with emails for spam and browseable directory, this was found just searching with google. Im going to bed. -phpninja ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] R: A small phishing operation
divAll sites have a list1.txt filled with emails for spamnbsp;and browseable directory, this was found just searchingnbsp;with google. Here the google dork: http://www.google.it/search?q=%2Bparent+%2B%22index+of+% 2F%22+%2B%22list1.txt%22+mailer Interesting... Bye, Andrea bunker Purificato ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] a heeeee he announcement
Dear gmail we use following email to harvest the fruits of our phising attempts [1]. Please ban our asses! [EMAIL PROTECTED] [EMAIL PROTECTED] thanks for reading he he [1] http://wireless-mania.com/xcart/templates_c/www.BankOfAmerica.zip ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] a heeeee he announcement
dear gmail and web2mail.com we use following emails to collect the phishing victims' credentials [1]. Please ban our asses! [EMAIL PROTECTED] [EMAIL PROTECTED] thanks for reading he he [1] http://www.contestadofm.com.br/curso/Mais%20Arquivos/.UMporfolio/hfax.online-servive-update.zip ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] a heeee he announcement
Dear Gmail and Inbox.com we use the following email addresses to harvest the fruits of our phishing attempts [1][2]. Please ban our asses! [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] thanks for reading he he [1] http://www.wassmail.co.uk/archive/16/113/attachments/wach.zip [2] http://www.wassmail.co.uk/archive/16/113/attachments/new.zip ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
Dear list, Whoever deals with these poeple and thinks they are a benign Adware company (and thus spreads their bundles. Check this : Ignoring the fact that they basicaly install a Rootkit, I attached a few files I reversed, they install a DLL that does not directly KEYLOG your banking data, but INJECTS HTML CODE into the _genuine_ (SSLed) Banking page asking you to enter more details (like PIN, Magic Password etc), then capture that data and transmit it (I did no further investigation) http://secdev.zoller.lu/system32.zip Pass: 123 I am disgusted. They even created their own XML parser for this ... An extract of HTML code they inject : - inject url=wellsfargo before=name=userid autocomplete='off'/DIV what= DIVLABEL for=useridATM PIN/LABEL:BRSPAN class='mozcloak'INPUT id=pin tabIndex=2 maxLength=4 type=password size=4 name=pin autocomplete='off'/SPAN/DIV block=alt=Go check=pin quan=4 content=d /inject Attached the main files (pass 123), feel free to add this as HIPS or whatever signatures, those interested in a complete reversal can contact me to receive the EXE in question. I have no more time feel free to dig deeper. I especialy liked this : inject url=citibank.com TRTD colspan=3 class=smallArial noWrapSPAN STYLE='color:red'To prevent fraud enter your credit card information please:/SPAN/TD/TR Puke.. -- http://secdev.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] RIM BlackBerry Pearl 8100 Browser DoS
RIM BlackBerry Pearl 8100 Browser DoS -- 12 March 2007 Summary: A vulnerability has been discovered that could impact upon the availability of the BlackBerry 8100 Wireless handheld (v4.2.0.51). It is possible for a remote attacker to construct a WML page that contains an overly long string value within a link (e.g.: a href = aaa etc.). Should the page or link be accessed by BlackBerry devices, this leads to a temporary Denial of Service within the 4thPass browser component on the device, and temporary device inoperability. Normal functionality will be returned to the browser / device after an amount of time relative to the size of the link supplied, or by physically removing and reinserting the battery thereby creating a reset. Business Impact: Exploitation of this issue can lead to a loss of device functionality. Affected Product(s): The BlackBerry 8100 (Pearl) handheld device (v4.2.0.51) Remediation: Upgrade to vendor patch 4.2.1 Additional details of this vulnerability are available from the vendor at www.blackberry.com/security/news.jsp Credit: Michael Kemp (www.clappymonkey.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] firefox 2.0.0.2 crash
Firefox even crashes if you have it open and visit the site from lynx... $ lynx http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif Looking up people.zoy.org Making HTTP connection to people.zoy.org Sending HTTP request. HTTP request sent; waiting for response. HTTP/1.1 200 OK Data transfer complete /usr/bin/firefox '/tmp/ggdfOe/L23367-1095TMP.gif' lynx: Start file could not be found or is not text/html or text/plain Exiting... -- Kristian Hermansen ___ Date: Fri, 09 Mar 2007 20:31:40 +0200 From: T?nu Samuel [EMAIL PROTECTED] Subject: [Full-disclosure] firefox 2.0.0.2 crash To: full-disclosure@lists.grok.org.uk Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=UTF-8 Can be dupe but in fast browsing over topics I did not discovered this exploit: http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif I do NOT know anything else than this url. Just seen it in random discussion and anyone else I asked knows nothing. Current tests indicate that Mozilla 2.0.0.2 gets killed within second, 1.5.0.10 survives. T?nu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007
DeepSec In-Depth Security Conference 2007 Europe - Nov 20-23 2007 - Vienna, Austria http://deepsec.net/ Call for Papers In light of Austria's active security scene we are pleased to announce the first annual European DeepSec In-Depth Security Conference[1], to be held from November 20th to 23rd 2007 in Vienna. We have found a really nice venue, a hotel in the old imperial riding school in the heart of the City, and will provide a comprehensive social program around the event. We're inviting you to submit papers and proposals for trainings for the conference. All proposals received before June 10th 2007, 23:59 CET will be considered by the Program Committee. Also we would like to announce and invite you to the first informal monthly Security by Candlelight[2] Security-Enthusiast Meeting to be held in the Viennese non-profit Hackspace/Innovation Center Metalab[3] on Monday, the 19th of March 2007, 19:30. [1] http://deepsec.net/ [2] http://metalab.at/wiki/Security_bei_Kerzenschein [3] http://metalab.at/wiki/English == About DeepSec == DeepSec IDSC is an annual European two-day in-depth Conference on Computer-, Network-, and Application-Security. The first DeepSec Conference will be held from November 22nd to 23rd 2007 in Vienna, and aims to bring together the leading security experts from all over the world in Europe. In addition to the conference with thirty-two sessions, four two-day intense security training courses will be held before the main conference. The conference program will be augmented with a live hacking competition and a team capture the flag contest. DeepSec is a non-product, non-vendor-biased conference. Our aim is to present the best research and experience from the fields' leading experts. Target Audience: Security Officers, Security Professionals and Product Vendors, IT Decision Makers, Policy Makers, Security-, Network-, and Firewall-Admins, and Software Developers. == Speakers/Trainers == Until June 10th, 23:59 CET, we'll be accepting papers and lightning talk submissions. Please note we are non-product, non-vendor biased security conference, and do not accept vendor pitches. Speaker privileges include * One economy class return-ticket to Vienna. * 3 nights of accomodation in the Conference Hotel. * Breakfast, Lunch, and two coffee breaks * Speaker activities during, before, and after the conference. * Speaker After-Party in the Metalab Hackerspace on November, 24th. Trainer privileges include * 50% of the net profit of the class. * 2 nights of accomodation in the Conference Hotel during the trainings. * Breakfast, Lunch, and two coffee breaks. * Free Speaker Ticket for the Conference. * Speaker activities during, before, and after the conference. * Speaker After-Party in the Metalab Hackerspace on the 24th November == Topics == We are interested in bleeding edge security research, directly from leading researchers, professionals in academics, industry, and government, and the underground security community. Topics of special interest include * Vista, Linux, OSX Security * E/I-Voting Case-Studies, Attacks, Weaknesses * Mobile Security * Network Protocol Analysis * AJAX/Web2.0/Javascript Security * Secure Software Development * VoIP * Perimeter Defense / Firewall Technology * Digital Forensics * WLAN/WiFi, GPRS, IPv6 and 3G Security * IPv6 * Smart Card Security * Cryptography * Intrusion Detection * Incident Response * Rootkit Detection, Techniques, and Defense * Security Properties of Web-Frameworks * Malicious Code Analysis * Secure Framework Design * .Net and Java Security == Submission == Proposals for presentations and trainings at the first annual DeepSec In-Depth Security Conference will be accepted until June 10th 2007, 23:59 CET. All proposals should be submitted over the web at http://www.deepsec.net/cfp/. If you have questions, want to send us additional material, or have problems with the webform, feel free to contact us at [EMAIL PROTECTED] Regards paul ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS on eplus.de, german mobile telephony provider
Here we go: http://www.eplus.de/meta/shopsuche/suche_ausgabe.asp?suchwort=;scriptalert(1)/script http://www.eplus-unternehmen.de/frame.asp?go=http://www.eplus.de/');alert(1);document.write(' http://www.eplus-unternehmen.de/frame.asp?go=');alert(' Already fixed ones: http://www.eplus-unternehmen.de/frame.asp?go=http://www.google.de/ http://www.eplus-unternehmen.de/frame.asp?go=http://[EMAIL PROTECTED] http://www.eplus-unternehmen.de/frame.asp?go=http://www.eplus.dedomain.com http://www.eplus-unternehmen.de/frame.asp?go=http://www.eplus.de.mydomain.com With lot's of work done by alexander brachmann, www.bitsploit.de. All have been reported to E-Plus before. Blog-entry english: http://www.hboeck.de/item/458 Blog-entry german (more detailed): http://www.hboeck.de/item/457 -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber: [EMAIL PROTECTED] pgpkVjTgg35kM.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is OWASP vulnerable ??
Not to reduce the high signal-to-noise ratio on this thread, but I suspect there are lots of eval injection vulnerabilities in Javascript-heavy applications, but they don't seem to be reported to the usual places, or maybe people just call them XSS. Perl, PHP, and other interpreted languages have eval injection too, but at least they're reported occasionally. - Steve ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
Stefano Di Paola said: 1. I search on google for import_request_variables advisories (nothing found) 2. I search on php.net in changeLog for fixes (nothing found). I can see why you weren't able to find anything. However, there have been a number of disclosures that are probably related - but these were grep-and-gripe affairs in third party applications, where the researcher didn't necessarily investigate *why* certain attacks worked. Grepping for superglobal names through CVE suggests the following PHP application issues might be related to this behavior, although in some cases it could just be some extract() or dynamic variable evaluation or other method for overwriting critical variables: CVE-2007-1024 - _SERVER[DOCUMENT_ROOT] CVE-2006-4673 - _SERVER[REMOTE_ADDR] (might be extract) CVE-2006-4545 - _SERVER[DOCUMENT_ROOT] CVE-2006-3798 - _SERVER, _ENV, _COOKIE (extract) CVE-2006-1914 - GLOBALS, _SERVER CVE-2005-4318 - _SERVER[REMOTE_ADDR] CVE-2005-4317 - _SERVER[REMOTE_ADDR] CVE-2005-3926 - _SERVER[REMOTE_ADDR] CVE-2005-2574 - _SERVER[REMOTE_ADDR] (extract) CVE-2005-1996 - _SERVER[DOCUMENT_ROOT] CVE-2005-3300 - _FILES CVE-2007-0599 - SERVER CVE-2006-5796 - _SESSION[docroot_path] CVE-2006-5078 - _SESSION[dirMain] CVE-2006-2828 - import_request_variables(), but not for superglobals etc. - Steve ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-435-1] Xine vulnerability
=== Ubuntu Security Notice USN-435-1 March 12, 2007 xine-lib vulnerability CVE-2007-1387 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libxine1c2 1.0.1-1ubuntu10.9 Ubuntu 6.06 LTS: libxine-main11.1.1+ubuntu2-7.7 Ubuntu 6.10: libxine1 1.1.2+repacked1-0ubuntu3.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.9.diff.gz Size/MD5:12233 675e1e62de2463b908fd32aeb9bfe60a http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.9.dsc Size/MD5: 1187 f9cdbdaba61da69e0b938dce158b0f3d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_amd64.deb Size/MD5: 109360 2fdbe1a14a39938370da76ba8bab0536 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_amd64.deb Size/MD5: 3611982 be994d0cc19f633ec74871cbd8a8d354 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_i386.deb Size/MD5: 109366 7b4eca37fe190aa0efbab7cfe66d6dcb http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_i386.deb Size/MD5: 4005084 2826411084dff3fe99d72478646bc9ed powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_powerpc.deb Size/MD5: 109354 8748b83cbdca49037a48236bf0a29192 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_powerpc.deb Size/MD5: 3850630 4fe2ded6b53b4f814cecef7929e94643 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_sparc.deb Size/MD5: 109372 01d4c3f30fea1f692476f92560c18e2b http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_sparc.deb Size/MD5: 3695886 c272d0b130739cbb690c2916ef246880 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.7.diff.gz Size/MD5:19938 47e5b5f3b185adb45ad836e183a95c46 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.7.dsc Size/MD5: 1113 143dcfd0208da129a9f6b553be5774be http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_amd64.deb Size/MD5: 115898 14542eec0dab285f5cc34b9704bf http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_amd64.deb Size/MD5: 2615330 5cf4471e1563637f4d9f6b084b6b365a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_i386.deb Size/MD5: 115910 05ac35f926ba3f47d0d2eba8875bd3f8 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_i386.deb Size/MD5: 2934426 3206757c9cf743813477ff214be1e769 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_powerpc.deb Size/MD5: 115900 2f093ac6c4b3a0709a054ea9daca3a27 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_powerpc.deb Size/MD5: 2725058 a0cc602a29cc664c32d0cf5694112683 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_sparc.deb Size/MD5: 115904 8011e1182c9ae79001083f4215cc208d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_sparc.deb
[Full-disclosure] new AttackAPI
for those who are interested in Web 2.0 security, there is a new version of AttackAPI that you can download from here: http://www.gnucitizen.org/projects/attackapi/ There is still no documentation which is a bit of a drawback, but that will be generated soon. If there is anyone interested in documenting some of the features, please contact us. There is a also a simple bookmarklet that you can use to load AttackAPI on any page. You can install it from here: http://www.gnucitizen.org/projects/load-attackapi-bookmarklet -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-436-1] KTorrent vulnerabilities
=== Ubuntu Security Notice USN-436-1 March 12, 2007 ktorrent vulnerabilities CVE-2007-1384, CVE-2007-1385 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: ktorrent 1.2-0ubuntu5.1 Ubuntu 6.10: ktorrent 2.0.3+dfsg1-0ubuntu1.1 After a standard system upgrade you need to restart KTorrent to effect the necessary changes. Details follow: Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1.diff.gz Size/MD5:43785 79df81a2daf88ed095153f8b664f7da4 http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1.dsc Size/MD5: 785 b33cc9609741465d1acfed4c3e86c87e http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2.orig.tar.gz Size/MD5: 1447380 55c6c4ae679aea0ba0370058856ddb92 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_amd64.deb Size/MD5: 799590 1e15c2c9901fe1bd815d3ebebc33c841 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_i386.deb Size/MD5: 756604 9d33c77836ca569ac77e5cb1e43727e5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_powerpc.deb Size/MD5: 790462 59620e287be8fa5f39725c579516d580 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_sparc.deb Size/MD5: 759414 53bcc7c1baf8bf5a6d2f21fd4677ab34 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1.diff.gz Size/MD5: 336981 510bbd0ce41892c3f73580c6912e8cca http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1.dsc Size/MD5: 754 fba0cabd58450420a144ce4aceec77e1 http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz Size/MD5: 2183661 891f2cc509331a4283f958b068bbcf7d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_amd64.deb Size/MD5: 1220846 74e7cbb176c3167fd3ebc1262a83fb69 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_i386.deb Size/MD5: 1182658 0d40b9c135c6f835da909aee5a7320a5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_powerpc.deb Size/MD5: 1205360 1748f978c4bd43e805bd64615e5cebee sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_sparc.deb Size/MD5: 1159794 8c7988c495afa48bae90fc1d21f49d71 signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS on eplus.de, german mobile telephony provider
Hi Hanno Böck, We have mirrored the affected websites on XSSed.com. You are welcome to post to XSSed.com any more XSS vulnerabilities that you discover. To the rest of the subscribers and readers of Full-disclosure - if you find a XSS vulnerable website, you can post it on www.XSSed.com. The affected websites are saved automatically in the on-hold archive until review by our staff. We classify the published websites into high-profiled - gov, mil, famous - and not. If you want to know more about the goals of XSSed.com, please read this news: http://www.xssed.com/news/22/XSSed.com_What_Who_Why/ We allow submission of vulnerabilities that can be exploited against users, such as http response splitting, frame injection, CSRF/XSRF. Dim -- XSSed.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/