On 8/19/2015 6:12 AM, paul.sz...@sydney.edu.au wrote:
What is happening: did they stuff up their spam filter,
is the moderator losing focus?
http://media.giphy.com/media/l41lUJ1YoZB1lHVPG/giphy.gif
SUMMARY
Websense Content Gateway proxy explicitly trusts compromised certificate
authorities
Affected versions: Content Gateway 7.8.x
Not affected: Content Gateway 7.7.x, 8.0
DESCRIPTION
Websense Content Gateway is a filtering web proxy and content inspection
application based on a modified
On 6/6/2012 7:20 PM, ZDI Disclosures wrote:
- -- Disclosure Timeline:
2011-06-01 - Vulnerability reported to vendor
2012-06-06 - Coordinated public release of advisory
What happened to the ZDI 180 day disclosure policy?
On 8/11/2010 12:12 PM, ZDI Disclosures wrote:
The specific flaw exists within the ebus-3-3-2-6.dll module responsible for
parsing GIOP requests for multiple processes.
Does this affect only version 3.3.2.6?
-- Vendor Response:
SAP has issued an update to correct this vulnerability. More
On 3/4/2010 11:11 AM, no...@nothing.com wrote:
Its not a sudo local root exploit, its an exploit in a misconfigured sudo file.
If it's a misconfiguration, then why'd they release a patch?
From http://www.sudo.ws/sudo/stable.html:
Major changes between version 1.7.2p3 and 1.7.2p4:
* Fix
On 1/8/2010 3:15 PM, nore...@telus.com wrote:
A remotely exploitable vulnerability
2008-11-24 Vendor responds, fix is no longer in upcoming release
2010-01-08 Public disclosure
Why over a year delay?
On 9/26/2009 5:54 AM, Pavel Machek wrote:
Well... mujmail.org email client also does not validate ssl
cerificates -- optionaly. Reasoning is that SSL with unverified
certificate is still better than sending plaintext passwords.
Does that count as a vulnerability?
Yes; it's not that difficult
On 5/15/2009 9:03 AM, security-al...@hp.com wrote:
HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage (SMH) for Linux
and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS),
Unauthorized Access
HP System Management Homepage for Windows v3.0.1.73 can be downloaded
On 4/28/2009 4:39 PM, ZDI Disclosures wrote:
an attacker can overflow that buffer leading
to arbitrary code execution in the context of the SYSTEM user.
-- Disclosure Timeline:
2007-09-14 - Vulnerability reported to vendor
2009-04-28 - Coordinated public release of advisory
WTF? What ever
On 1/9/2009 11:52 AM, Simon Richter wrote:
SNMP communities are a safety, not a security measure. I know of very few
SNMP implementations that have protections against brute force or
dictionary attacks.
srsly? Passwords don't have much in the way of brute-force or
dictionary attack
On 12/3/2008 12:24 AM, VMware Security team wrote:
A memory corruption condition may occur in the virtual machine
hardware. A malicious request sent from the guest operating
system to the virtual hardware may cause the virtual hardware to
write to uncontrolled physical
Memisyazici, Aras wrote:
whereby they take a hash of the password, with a non-std. hashing
mechanism. The idea being that in today's world where there are so
many scr1pt-kiddi3 toolz out there allowing the avg. Joe Schmoe the
capability of analyzing one's memory processes i.e. Tsearch, memhack
[EMAIL PROTECTED] wrote:
For ways to fix this, go here:
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
Summary:
Option 1: Lower security
Option 2: Lower security
[EMAIL PROTECTED] wrote:
Office XP Remote SQL Injection
Vendor: vso-xp.com
VIRTUAL SUPPORT Office-XP. That's not quite Office XP.
Luigi Auriemma wrote:
Application: Double-Take
Double Take responded:
You may be aware of a recent posting of “vulnerabilities” in Double-Take
5.0 by an Italian gentleman, Luigi Auriemma. Essentially he found that
sending packets of malformed data to our service will crash the service.
He
Luigi Auriemma wrote:
WS_FTP Server Manager (aka WS_FTP WebService) is the web administration
interface of the IpSwitch WS_FTP server and runs by default on port 80.
This also affects the Ipswitch What's Up Gold 11.03 web server.
[EMAIL PROTECTED] wrote:
Note that if they had been served with an NSL (National Security Letter),
they may be legally *required* to lie about it while cooperating. Actually
truthfully saying Yeah, an NSL showed up and we complied could land them
in jail
Requred to lie, or just required
[EMAIL PROTECTED] wrote:
An attacker who can convince an user to extract a specially crafted
archive can overwrite arbitrary files with the permissions of the user
running gtar. If that user is root, the attacker can overwrite any
file on the system.
Apparently, somebody at FreeBSD thinks can
pdp (architect) wrote:
The attack is rather simple. All the bad guys have to do is to compose
a malicious RDP (for Windows Terminal Services) or ICA (for CITRIX)
file and send it to the victim. The victim is persuaded to open the
file by double clicking on it. When the connection is established,
Thor (Hammer of God) wrote:
For the record, the original term O-Day was coined by a dyslexic
security engineer who listened to too much Harry Belafonte while working
all night on a drink of rum. It's true. Really.
That's not true at all; after leaving the Little Rascals TV show,
William
[EMAIL PROTECTED] wrote:
The command file is vulnerable to heap overflow.
Solution:
Patch the kernel source with:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/common/009_file.patch
By AchedDamiman
This is CVE-2007-1536, discovered by Jean-Sebastien Guay-Leroux.
Patches are also available
[EMAIL PROTECTED] wrote:
### Google-D0rk: Hosting Design by Emcon.be
So this affects one web site?
Dan Harkless wrote:
Windows 2000 users who need the ability to play QuickTime movies will have
I haven't tested this, but it's likely that editing the MSI file with
Orca or a similar utility to remove the version check will work just fine.
eugeny gladkih wrote:
MS == Michael Scheidell [EMAIL PROTECTED] writes:
1. kill shstart.exe process
MS Wouldn't you have to be administrator to kill shstart.exe?
LocalSystem account has more privilegies then administrator's one.
If you've already got Administrator, you can just run
Gruzicki Wlodek wrote:
( By default banner hasn't got set suid bit )
Why in the world would someone add a suid bit to banner? Maybe it's a
bug, but you had to work hard to turn it into a vulnerability.
[EMAIL PROTECTED] wrote:
I tried under FireFox 1.0.7 and seems that when you check the sources, it's
crashing.
I tried also under FireFox 1.5.0.1, it's also crashing when i check the
sources... but that one depend, another friend tried it under the same version
and it's also crashing ... is
Renaud Lifchitz wrote:
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
The css part of this exploit is actively used by Intellicontact (or
whatever they call themselves this week), the host of the factcheck.org
mailing list. For example:
LINK
Paul Schmehl wrote:
http://www.f-secure.com/weblog/#0723
Here's an interesting one. Peripherals manufacturer I-O Data has shipped
a series of nice-looking portable hard drives in the 40GB to 120GB range
- carrying the Backdoor.Win32.Tompai trojan on them.
You would think Sony's mistake
[EMAIL PROTECTED] wrote:
### Vendor Response
Network Appliance Data ONTAP 7.0.2 is a General Availability release:
http://now.netapp.com/NOW/cgi-bin/software
Release of this advisory was coordinated with Network
Appliance. Network Appliance has confirmed this vulnerability. For
further
Quoting Steve Shockley [EMAIL PROTECTED]:
That's it. NOT ONE WORD ABOUT A VULNERABILITY OR A FIX.
In NetApp's defense, they did send out an advisory to customers five
hours after
the initial notice of the availability of the fix. I understand only
customers
who have licensed the iSCSI
30 matches
Mail list logo
