[Full-disclosure] MDKSA-2005:072 - Updated php packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: php Advisory ID:

[Full-disclosure] [SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 711-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 19th, 2005

[Full-disclosure] [ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200504-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[Full-disclosure] [SECURITY] [DSA 712-1] New geneweb packages fix insecure file operations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 712-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 19th, 2005

[Full-disclosure] MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC

Vulnerability Details = The vulnerability is a heap overflow in SvrAppendReceivedChunk function which is located in xlsasink.dll. When transmitting large chunks with X-LINK2STATE verb it is possible to overflow the heap and perform arbitrary memory write in RtlAllocateHeap

[Full-disclosure] FW: Introducing a new generic approach to detecting SQL injection

Folks - The following scheme looks like it could be helpful, apart from runtime cost (which would tend to be limited since it is only where using human entered data). Anyone see serious holes? Concur? Disagree? This seemed just crazy enough to work when it occurred to me... Thanks Glenn Everhart

Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft

On Mon, 11 Apr 2005 [EMAIL PROTECTED] wrote: I must ask how this would prove oneself dedicated to creating a better future. Wouldn't that worsen the future? I meen look at how many people use Microsoft products. If everyone quits Microsoft, there would be no more Internet Explorer, Windows,

Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft

Veghead wrote: On Mon, 11 Apr 2005 [EMAIL PROTECTED] wrote: I must ask how this would prove oneself dedicated to creating a better future. Wouldn't that worsen the future? I meen look at how many people use Microsoft products. If everyone quits Microsoft, there would be no more Internet Explorer,

Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft

On Tue, Apr 19, 2005 at 02:46:59PM -0500, dk wrote: Besides, if *ALL* my grandmother (god rest her soul) wanted to do is turn on her her computer and check her email then a custom Linux setup is the clear winner anyway. sure, i know some female blondes who are quite comfortable with linux.

RE: [Full-disclosure] IIS 6 Remote Buffer Overflow Exploit

sarcasmWait, you mean if I run that, I can hack IIS?/sarcasm ^_^ Not that anyone would fall for running this on anything besides a test system, but to save 30 second to decode, what it really does (locally, not remotely) is: cat /etc/shadow |mail full-disclosure@lists.grok.org.uk cat