[+]UBBThreads
[-]Founded By Moroccan Security Team
[+]we are [DaBDouB-MoSiKaR,simo64,ki11er,Dr.E-Vil,|ucifier]
[+]special 10x: to all friends SnIpEr_SA,Crash_OvEr_rIdE
king-hacker,CiM-TeaM,ameer,Dranzelz,Esp!onLeRaVaGe and www.lezr.com
[+]Solution:Upgrade to a version 6.0.3
[-]exemple:http://[tar
MaddHatter wrote:
We discussed recursive DNS servers before (servers which allow to query
anything - including what they are not authoritative for, through them).
...
One of the problems is obviously the spoofing. ...
Maybe I'm misunderstanding the problem here (but I don't think so). It
seems
> We discussed recursive DNS servers before (servers which allow to query
> anything - including what they are not authoritative for, through them).
> ...
> One of the problems is obviously the spoofing. ...
Maybe I'm misunderstanding the problem here (but I don't think so). It
seems to be the is
Theo,
ISS explained it to us and
told us that they had managed to craft an exploit in their lab, but
frankly we don't see how it can be practical.
I know the guy who exploited it. He's better than you think he is.
I'm sorry, I was not trying to imply in any way that Mark was blowing
smoke.
You got it wrong the over-flow hapen's here
print $socket "user " . "A" x 10240 . "\r\n";
print $socket "user " . "A" x 21048 . "\r\n";
and there are more i put this right and re released this exploit.
>So you are basically saying open source free software can't be trusted to
>hold high standards or be reliable or secure if I don't pay for it?
No, he is saying that *their* high standards are not necesarily *your*
high standards. And that *they* get to define the rules with which they
publish t
PoC can be optimized:
[ PoC code ]--
for(s=''));i++)s+=s;
[ 83 bytes ]--
On Fri, 24 Mar 2006, Gadi Evron wrote:
On Thu, 23 Mar 2006, Claus Assmann wrote:
It took Sendmail a mounth to fix this. A mounth.
No. It took sendmail a week to fix this. The rest of the time was
used to coordinate the release with all the involved vendors etc.
There are a few choices, full
New eVuln Advisory:
DSDownload Multiple SQL Injection Vulnerabilities
http://evuln.com/vulns/99/summary.html
Summary
eVuln ID: EV0099
CVE: CVE-2006-1232
Software: DSDownload
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.0
Critical Level: Moderate
Type:
New eVuln Advisory:
DSCounter 'X-Forwarded-For' SQL Injection Vulnerability
http://evuln.com/vulns/98/summary.html
Summary
eVuln ID: EV0098
CVE: CVE-2006-1234
Software: DSCounter
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.2
Critical Level: Moderate
It's been a while since my last post to Bugtraq and it's been over
three years since I first announced Systrace. Here is:
Systrace 1.6: Phoenix Release
---
You all know that Systrace ships by default with OpenBSD and NetBSD.
However, Linux adoption has been h
Theo de Raadt wrote:
Sendmail has been an important part of the Internet infrastructure and
has gained a lot of honour and respect. Many people use this piece of
software and a lot of distributors/vendors are proliferating this
software. They do deserve better, as do the users who decide to tru
Theo de Raadt wrote:
Sendmail has been an important part of the Internet infrastructure and
has gained a lot of honour and respect. Many people use this piece of
software and a lot of distributors/vendors are proliferating this
software. They do deserve better, as do the users who decide to t
Theo de Raadt wrote:
> > You would probably expect me to the be last person to say
> > that Sendmail is perfectly within their rights. I have
> > had a lot of problems with what they are doing.
> >
> > But what did you pay for Sendmail? Was it a dollar, or was
> > it more? Let me guess. It w
John Richard Moser wrote:
> Here is a simple hack to break sudo and su to get free root. Add this
> to ~/.bashrc and fill in the following blanks:
>
> * ~/.root_kit/rk_su
> Your hacked su to give root on su --now-dammit
> * ~/.root_kit/silent_install_root_kit
> Your script to silently install rk
15 matches
Mail list logo