[CFP] FRHACK 01 Call For Papers
##
### # ###
# ###
## #
### ###
Administrator lives in Ring 3 while this crash happens in Ring 0.
Nobody, not even Admin shouldn't be able to corrupt kernel space. It's
not a security issue per se - it's just a bug.
[EMAIL PROTECTED] wrote:
So, let me try and understand this.
According to what you have written, and the MSD
= noXSS.org Security Advisory ==
Advisory: WordPress XSS vulnerability in RSS Feed Generator
Author: Jeremias Reith <[EMAIL PROTECTED]>
Published: 2008/11/25
Affected: WordPress < 2.6.5
Summary
===
WordPress prior to v2.6.3 fails to sanitize the Host header variable
correctly when
I Reference
Title: RSA EnVision Remote Password Disclosure
URL: http://www.secfault.org/?p=78
II. BACKGROUND
RSA EnVision, a product of RSA Security, is a platform allowing gathering and
analysis of security events and logs.
RSA Security is a subsdiary company of EMC Corporation.
So, let me try and understand this.
According to what you have written, and the MSDN documentation on this
CreateIpForwardEntry2 call, you need to be (at least) a member of the
Administrators group.
So how is this "security vulnerability" any different to me creating a program,
which will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01599836
Version: 1
HPSBTU02382 SSRT080132 rev.1 - HP Secure Web Server for Tru64 UNIX or Internet
Express for Tru64 UNIX running PHP, Remote Denial of Service (DoS) or Arbitrary
Code Executio
> Maybe this was always clear, but along with that reassurance I guess
> you would recommend we all take your stated remedial action :
>[place] the following directive in sshd_config and ssh_config:
>"Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc"
> at the very next
Hey all,
I've just posted a new tool and paper for Oracle forensics. The tool,
orablock, allows a forensic investigator to dump data from a "cold" Oracle
data file - i.e. there's no need to load up the data file in the database
which would cause the data file to be modified, so using orablock p
##
#MyBB 1.4.3 my_post_key Disclosure Vulnerability by NBBN
(http://nbbnsblog.co.cc)
#
###
"Nick Boyce" <[EMAIL PROTECTED]> wrote:
> [ahem] ... Sorry to be dumb, but ...
>
> On Fri, Nov 21, 2008 at 10:19 AM, Damien Miller <[EMAIL PROTECTED]>
> wrote:
>
> > Based on the description contained in the CPNI report and a slightly
> > more detailed description forwarded by CERT this issue ap
The report is for ffdshow, but the referred URL is to ffdshow-tryout. I wonder
if they are the same.
Cheers
Nam
On Mon, 24 Nov 2008 15:17:05 +0700
"svrt" <[EMAIL PROTECTED]> wrote:
> 1. General Information
>
> ffdshow is a DirectShow filter and VFW codec for many audio and video
> formats, su
Good day.
Mon, Nov 24, 2008 at 03:17:05PM +0700, svrt wrote:
> In Oct 2008, SVRT-Bkis has detected a serious buffer overflow vulnerability
> in ffdshow which affects all available internet browsers.
^^^
Really? And links, elinks, lynx, dillo
Call For Papers
The CanSecWest 2009 CFP is now open.
Deadline is December 8th, 2008.
CanSecWest CALL FOR PAPERS
VANCOUVER, Canada -- The tenth annual CanSecWest applied
technical security conference - where the eminent figures
in the international security industry will get
On Mon, 24 Nov 2008, Nick Boyce wrote:
> [ahem] ... Sorry to be dumb, but ...
>
> On Fri, Nov 21, 2008 at 10:19 AM, Damien Miller <[EMAIL PROTECTED]> wrote:
>
> > Based on the description contained in the CPNI report and a slightly
> > more detailed description forwarded by CERT this issue appea
On Mon, Nov 24, 2008 at 11:39 PM, Damien Miller <[EMAIL PROTECTED]> wrote:
> On Mon, 24 Nov 2008, Nick Boyce wrote:
>
>> Could someone please help the uncomprehending [i.e. me :-)] understand
>> why or whether this is anything to be worried about at all ?
>
> Yes, the attack is very unlikely to wo
What documents have you been reading?
Take a look at the actual vulnerability advisory.
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Or the original posting by OpenSSH
http://www.securityfocus.com/archive/1/498558/30/0/threaded
Where is there any condition related to National Securi
16 matches
Mail list logo
