On Friday 17 June 2005 01:35, Sumy wrote:
> Some google thread that are very dangerous:
> http://www.exploitx.com/forum/azbb.php?1118964854
if you want a more complete manual on "how to use google and other search
engines" please go to:
http://www.fravia.com/
the weakest link in security is mos
Cisco VPN Concentrator Groupname Enumeration Vulnerability
1. Overview:
NTA Monitor has discovered a groupname enumeration vulnerability in the
Cisco VPN 3000 series concentrator products while performing a VPN security
test for a customer.
The vulnerability affects remote access VPNs with g
Hi,
I am new to this list and to security in general so please excuse my
question. A friend told me that our forum software phpBB is not very secure
and told me about this. Where can I get information on that? What must I do
to make it secure?
Thank you.
Kind regards,
Tom Edwards, Manager
Hi.
Am Sonntag, 19. Juni 2005 20:41 schrieb Andrew Griffiths:
> There is the below issue:
> http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-08/
>0321.html
This is interesting, but I don't fully understand the issue here.
Let's say you have a "regular" apache webserver with mod_p
>
> Hi,
>
> I am new to this list and to security in general so please excuse my
> question. A friend told me that our forum software phpBB is not very secure
> and told me about this. Where can I get information on that? What must I do
www.securityfocus.com has an archive of just about every
Tom Edwards wrote:
> I am new to this list and to security in general so please excuse my
> question. A friend told me that our forum software phpBB is not very
> secure and told me about this. Where can I get information on that? What
> must I do to make it secure?
Hi Tom,
many people are concer
Hey Bernd,
do yourself a favour and do not use safe_mode. safe_mode is not, was never
and simply can never be secure. It is deprecated.
There are simply too many ways to break out of safe_mode through 3rd party
libraries like f.e. libcurl.
Stefan Esser
Tom,
It pretty much breaks down to 3 questions:
1: will it be web facing at all (or are we looking at an internal server only)
2: Is this for company confidential information, or general chatter
3: What other products have you looked at?
To be honest, i'd recommend Phorum http://phorum.org/ as i
Hallo.
Am Montag, 20. Juni 2005 14:37 schrieb Stefan Esser:
> do yourself a favour and do not use safe_mode. safe_mode is not, was
> never and simply can never be secure. It is deprecated.
>
> There are simply too many ways to break out of safe_mode through 3rd
> party libraries like f.e. libcurl.
Hello Daniel,
thank you for your email. The software is installed on our normal internet
server. We had a complete data loss recently and the forum is just for
general discussion (e.g. people ask questions about a certain product etc.)
but there aren't many postings currently (due to the data
Hello,
if you want to fully protect your customers against each other you need to use
a CGI like implementation. If you have only a few separated vhosts you can also
try to have one httpd per customer and a reverse proxy...
If you do not want this, you should alteast perform the following steps
I've done some work on phpBB security
(http://seclists.org/lists/fulldisclosure/2005/Feb/0547.html,
http://www.phpbb.com/security/final_reports.php?p=2) and would not
personally commend them on their security record and responses. I've
gone through the code base and there are probably no remaining
I don't belive there is a slash port for windows at the moment,
although I could be wrong. Does anyone on here know for sure?
On 6/20/05, Tom Edwards <[EMAIL PROTECTED]> wrote:
> Hi Nick,
>
> thank you for your email. Does slash run on Windows?
>
> Thank you.
>
> Kind regards,
> Tom Edwards, Ma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"RealVNC4 NULL Session" mean "no authentication" and there is tons of
vnc using this UNsecured option.
as in my scan Radmin21 NULL Session mean also "no authentication" ,
but they removed it in radmin22, do the same, because in some days,
isc sans
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Of course, if you think you know of any viable attacks on VNC
> servers then feel free to get in touch.
sure I have mailed you a nice list of ip:5900 shomydeskt0p :) funny no
? good lines ? ;)
> The output that you've included just seems to show t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> As I've stated previously, "No Authentication" must be explicitly
> configured and is not enabled by default. What makes you think the
> servers in question aren't intended to be configured that way?
yep why not, assuming there is so dumb peoples,
Hello security community,
Full-Disclosure, a high profile mailing list where the
world's security engineers and other related meet and
read security information and discussion.
Over the last two weeks I have noticed an issue with
Full-Disclosure. Many times I would be rejected from
the list by a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Jun 20, 2005 at 09:34:36AM -0700, n3td3v wrote:
> Technical details of permanent failure:
> PERM_FAILURE: SMTP Error (state 10): 554 Service
> unavailable; Client host [zproxy.gmail.com] blocked
> using dsn.rfc-ignorant.org; Not supporting null
On Mon, 20 Jun 2005 09:34:36 PDT, n3td3v said:
> Technical details of permanent failure:
> PERM_FAILURE: SMTP Error (state 10): 554 Service
> unavailable; Client host [zproxy.gmail.com] blocked
> using dsn.rfc-ignorant.org; Not supporting null
> originator (DSN)
Complain to GMail - it's saying th
Complain to Gmail, considering that they are the ones blacklisted. As
mentioned before, it is good that FD uses blacklists.
n3td3v wrote:
Hello security community,
Full-Disclosure, a high profile mailing list where the
world's security engineers and other related meet and
read security informa
[EMAIL PROTECTED] writes:
Complain to GMail - it's saying that a 'MAIL FROM:<>' is invalid, when
in fact its the *mandatory* way of sending bounce messages. RFC2821, section
6.1:
That may be what the error message from the blacklist claims to say, but
that's not what the "evidence" provided
On Mon, 20 Jun 2005 13:20:56 EDT, Graham Reed said:
> That may be what the error message from the blacklist claims to say, but
> that's not what the "evidence" provided on the blacklist's website says:
>
> http://www.rfc-ignorant.org/tools/detail.php?domain=zproxy.gmail.com&submitted=1116709803
[EMAIL PROTECTED] writes:
OK.. apparently a miscue - they're listed in the wrong zone - this should
be for the postmaster zone not the DSN zone.
They're in postmaster as well, with the same evidence.
There is however a requirement that if they *emit* mail that claims an origin
of @zproxy.gm
"Class101",
VNC has always provided the option to operate without requiring
authentication, there is no such thing as a "RealVNC4 NULL Session", and VNC
has never used SSL encryption, so I'm afraid it sounds like someone's been
telling you porkies!
The output that you've included just seems to sh
"Class101",
If "NULL Session" means "No Authentication" then you may wish to contact
dfind's authors to have the text changed to something more appropriate.
"No Authentication" is not enabled by default, so servers must have been
explicitly configured that way. You may wish to contact your site
"class101",
As I've stated previously, "No Authentication" must be explicitly configured
and is not enabled by default. What makes you think the servers in question
aren't intended to be configured that way?
FYI, "passworded means it's passworded" isn't really a very helpful
description, given t
"Class101",
Sorry, perhaps I wasn't clear: There are valid reasons for wanting to run
servers without requiring authentication of viewers. Have you asked the
people who's servers you're scanning whether they intended them to be
configured that way?
Cheers,
Wez @ RealVNC Ltd.
> -Original
How goes it Tom.
The link below will show you the exploits that are out in the wild for phpbb.
http://www.milw0rm.com/remotephp.php?it=phpBB
Regards,
/str0ke
On 6/20/05, Tom Edwards <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am new to this list and to security in general so please excuse my
> ques
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thierry Zoller wrote:
> Antigen.zip (fake compressed size and uncompressed size values)
> ---
> Failed:
> McAfee 4513
The Antigen.zip test is flawed. The EICAR test file, by definition,
Novell GroupWise Plain Text Password
Vulnerability.
Overview:A Vulnerability exsists
in the Novell GroupWise Client that will allow an attacker to identify the id
and password of the users GroupWise email
1. Problem Description
An undocumented account with a default password exists, additionally guest
users can DoS the switch.
2. Tested systems
The following versions were tested and found vulnerable:
Vertical Horizon VH-2402S with firmware 02.05.00
Vertical Horizon VH-2402S with firmware 02.0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
32 matches
Mail list logo