Re: [Full-disclosure] MS OWA 2003 Redirection Vulnerability - [MSRC 7368br]

I found and reported this back in 2005/2006. Microsoft told me that it had been reported previously and that it would be fixed in the next release, which I'm guessing they meant 2007. I do not know if they have fixed it in Exchange 2007. On Sat, Nov 15, 2008 at 5:33 AM, Piergiorgio Venuti [EMAIL

[ GLSA 200811-05 ] PHP: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

ANNOUNCE: RFIDIOt release RFIDIOt-0.1u

Herewith a new release of RFIDIOt, which is very much a work in progress, but has some goodies that make it worth releasing now... From CHANGES: v0.u - November 2008 add testlahf.sh script for testing LAHF units fix -R reader type override in RFIDIOtconfig.py add RFIDIOtconfig.py checking for

Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br]

Hi all, also I've found this vulnerability 1 year ago during a pt and work fine with url obfuscation. I've read that with owa 2007 this vulnerability is patched but I don't have tried yet. Best regards, Piergiorgio Giuseppe Gottardi ha scritto: Davide, let me comfort you... I found this

Microsoft Windows Server Service (MS08-067) Exploit

Having not found one (except msf) that reliably works against my own setup thought of writing my own MS08-067 exploit piece. Plugged the shellcode for win2k and win2k3[sp2]. No plans for updating the xp shellcode. Grab the python here: http://www.hackingspirits.com/vuln-rnd/vuln-rnd.html -d

[waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1

[waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1 === Author: Janek Vind waraxe Date: 17. November 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-68.html Description of vulnerable software:

rPSA-2008-0321-1 enscript

rPath Security Advisory: 2008-0321-1 Published: 2008-11-17 Products: rPath Linux 1 rPath Linux 2 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/1.6.1-8.4-1 [EMAIL PROTECTED]:2/1.6.4-4-0.1

RE: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br]

I verified that OWA 2007 is not vulnerable to the redirection attacks described below. Angelo Castigliola III EISRM - Application Security Architecture Unum Telephone: 207-575-3820 Mobile: 207-590-3630 [EMAIL PROTECTED] -Original Message- From: Piergiorgio Venuti [mailto:[EMAIL

Opera 9.6x file:// overflow

Hello all - I don't have time for a fancy advisory format, but I did want to disclose an issue. Sometime in early October (late September?), around the time Opera 9.6 was released, I noticed that you could get it to crash after supplying the file:// handler with ~16,500 characters. I played

Exodus v0.10 uri handler arbitrary parameter injection

Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug

[waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4

[waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4 === Author: Janek Vind waraxe Date: 17. November 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-69.html Description of vulnerable

[USN-671-1] MySQL vulnerabilities

=== Ubuntu Security Notice USN-671-1 November 17, 2008 mysql-dfsg-5.0 vulnerabilities CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098 === A security issue affects