Re: [Full-disclosure] Re: Defeating Microsoft WGA Validation Check

this isnt the first time news.com reported such information. some times back the .net passport vulnerability was also reported by news.com and was credited to faisal danka instead of pakistan cert who actually found the vulnerability and reported to microsoft.   news.com story on .net passport vuln

RE: [Full-disclosure] Defeating Microsoft WGA Validation Check

Justin, I have been working on WGA since past 2 months and this particular issue was found by me in the first week of April, 2005. It seems that you too discovered this issue and posted it before me. I am absolutely not surprised that it has been posted by you 2 weeks before I posted for which I

RE: [Full-disclosure] Re: Defeating Microsoft WGA Validation Check

>> [EMAIL PROTECTED] wrote: >> In the article the representative analyze this hack and explain why (by >> microsoft's opinion...) it is not a threat for Microsoft. Also the >> article speaks about the rapidly expiration which is a point that Debasis >> Mohanty mistaken. I am absolutely not mis

Re: [Full-disclosure] DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities'

Esri has posted a version 8.3 patch to their web site: http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1020 This patch should address the problems that I outlined in version 9.x -KF KF (lists) wrote:

[Full-disclosure] Not even the NSA can get it right

http://www.nsa.gov/notices/notic3.cfm?Address=%22%3E%3Cscript% 3Ealert(%22We%20love%20our%20XSS%22)%3C/script%3E -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96

Re: [Full-disclosure] XSS in Sambar Server version 6.2

"A user can input a specially crafted script that when rendered by the application..." Hopefully you can explain: - Is the user required to be logged in first, or can this be done unauthenticated - Are you able to steal any aspect of the session management logic using this method - Are you able t

Re: [Full-disclosure] Not even the NSA can get it right

On Tue, 24 May 2005, Barrie Dempster wrote: > http://www.nsa.gov/notices/notic3.cfm?Address=%22%3E%3Cscript%3Ealert(%22We%20love%20our%20XSS%22)%3C/script%3E Too funny! -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "Never belong to any party, always oppose privileged classes and

[Full-disclosure] http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html

http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html   Id: 20050524-00433   Ref: 16/2005  Date:  24 May 2005 Time:  13:31 Title: NISCC Vulnerability Advisory DNS - 589088   Abstract: The vulnerability concerns the recursion process used by some DNS

[Full-disclosure] Endless loop in Halo 1.06

### Luigi Auriemma Application: Halo: Combat Evolved http://www.microsoft.com/games/pc/halo.aspx Versions: <= 1.06 and Custom Edition 1.00 Platforms:Windows Bug: endle

Re: [Full-disclosure] Not even the NSA can get it right

Please, define right. Theirs is a world of deception, therefore any judgement you make based upon any information may be comprised of as much disinformation as information. In effect, you can't define such things for them. On 5/24/05, Barrie Dempster <[EMAIL PROTECTED]> wrote: > http://www.nsa.go

[Full-disclosure] Re: Endless loop in Halo 1.06

I heard you can create a loop by using "BASEIC" code by going into the menu running 10 Click on "Settings" 20 Click on "Main Menu" 30 Click on "Settings" 40 Click on "Main Menu" 50 GOTO 10 On 5/24/05, Luigi Auriemma <[EMAIL PROTECTED]> wrote: > >

[Full-disclosure] Re: Endless loop in Halo 1.06

(I suppose that may have been a little funnier, had I spelled "BASIC" correctly. Jeez... On 5/24/05, Joel Esler <[EMAIL PROTECTED]> wrote: > I heard you can create a loop by using "BASEIC" code by going into the > menu running > > 10 Click on "Settings" > 20 Click on "Main Menu" > 30 Click on "S

[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability

Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=244&type=vulnerabilities May 24, 2005 I. BACKGROUND Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for

[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LSUB DoS Vulnerability

Ipswitch IMail IMAP LSUB DoS Vulnerability iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=245&type=vulnerabilities May 24, 2005 I. BACKGROUND Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows wit

[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities

Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=243&type=vulnerabilities May 24, 2005 I. BACKGROUND Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for

[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability

Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=242&type=vulnerabilities May 24, 2005 I. BACKGROUND Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for

[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP SELECT Command DoS Vulnerability

Ipswitch IMail IMAP SELECT Command DoS Vulnerability iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=241&type=vulnerabilities May 24, 2005 I. BACKGROUND Ipswitch IMail server is a Windows based messaging solution with a customer base of over 53 million users. More

Re: [Full-disclosure] XSS in Sambar Server version 6.2

"A user can input a specially crafted script that when rendered by theapplication..."Hopefully you can explain: "Multiple XSS found in the administrative interface." >>  This kind of pre-supposes the idea that a user has access to the administrative interface.  The tests I ran were purely looking

[Full-disclosure] KIBUV.B or variant?

I found a FTP server on port 42260 with this banner: 220 fuckFtpd 0wns j0 It looks slightly different from KIBUV.B (it says "StnyFtpd 0wns j0" and is not on the right port) http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FKIBUV%2EB&VSect=T Is the description incomplete or thi

[Full-disclosure] CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability

CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability CA Vulnerability ID: 32896 Discovery Date: 2005/04/26 Discovered By: Alex Wheeler Title: Computer Associates Vet Antivirus engine heap overflow vulnerability Impact: Remote attackers can gain privileged a

Re: [Full-disclosure] Not even the NSA can get it right

James Tucker wrote: > Please, define right. > > Theirs is a world of deception, therefore any judgement you make based > upon any information may be comprised of as much disinformation as > information. In effect, you can't define such things for them. absolutely, and I'm glad someone said it. So

Re: [Full-disclosure] KIBUV.B or variant?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 the src code to these bots are traded around a great deal. most likley either the irc owner changed the port /banner in which the bot is to listen or they have coded it with a different port and banner. this is not at all uncommon. so chances are its t