-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Update Advisory
___
Package name: XFree86
Advisory ID:
The Problem:
Internet Explorer ignores NUL characters
-- i.e. ascii characters with the value 0x00 -- most
security software does not. This behaviour of IE
does not depend on the charset in the Content-Type-Header.
En Detail
You can embed NUL characters at any place in an HTML
Hi Juha!
I have informed the vendor Netscape being affected on 9th
September 2005.
I did the same on the 10th of September - still no reply nor official
statement from Netscape which makes me a little worried.
2)
Disabling IDN support via about:config (or prefs.js file) is
possible in
Dear bugTraq,
I have reported this issue some time ago:
http://www.security.nnov.ru/Fnews19.html
but it looks like it was ignored, and not fixed in latest mozilla and
firefox releases, so I decided to send formal advisory
Issue: Mozilla browsers authentication weakness
lonely wolf wrote:
Peer Janssen wrote:
Aditya Deshmukh wrote:
(on system you want to copy)
dd if=/dev/hda | nc otherhost 5000
If you are running bash, then you do not even need netcat:
dd if=/dev/hda /dev/tcp/otherhost/5000
This is interesting.
Indeed :-)
Which version of
Howdy,
Does anyone have any real-world info/papers/figures on comparing the
performance of WEP64 vs 128 vs WPA vs WPA2 etc on recent-ish hardware? ie,
same hardware, different encryption methods, performance trade-offs from
each. Google's not being awfully helpful.
Thanks in advance. :)
Cheers,
There was some confusion as to whether this bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=307259 in bugzilla) was
similar or identical to https://bugzilla.mozilla.org/show_bug.cgi?id=267669.
David Baron of Mozilla is saying (I think - see
==
Secunia Research 14/09/2005
- AVIRA Antivirus ACE Archive Handling Buffer Overflow -
==
Table of Contents
Affected
Hey Paul,
What sort of info exactly are you looking for? Throughput figures, etc?
The difference you will notice in network performance between WEP 128 and WPA is
really minimal, to be honest with you, you shouldn't really notice any
performance hit at all. When it comes to WEP 64 and WEP 128,
For those of you that are interested in :hack.lu 2005The purpose of the hack.lu convention is to give an open and freeplayground where people can discuss the implication of new technologies
(mainly security) on society. hack.lu is a balanced convention wheretechnical and non-technical people can
-- Forwarded message --
From: Daniel Hanson [EMAIL PROTECTED]
Date: Sep 14, 2005 3:02 PM
Subject: SF new mailing list announcement: BS 7799 Security
To: [EMAIL PROTECTED]
The following mailing list was just added to the SecurityFocus
collection of moderated mailing lists: BS
This is https://bugzilla.mozilla.org/show_bug.cgi?id=281851
3APA3A wrote:
I have reported this issue some time ago:
http://www.security.nnov.ru/Fnews19.html
but it looks like it was ignored, and not fixed in latest mozilla and
firefox releases, so I decided to send formal advisory
What a news!!keep up the good work n3td3v :D
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de n3td3v
Envoyé : mercredi 14 septembre 2005 19:11
À : full-disclosure@lists.grok.org.uk
Objet : [Full-disclosure] Fwd: SF new mailing list announcement: BS
I was reading an article about an attacker that could have changed
a price in an online shopping cart-
Snip
Next,
Reshef performed a little number he calls ``electronic
shoplifting'': He edited the site's online order form to reduce the price
of a book from $22.95 to $2.95. Had
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Josh perrymon
Sent: Wednesday, September 14,
2005 4:05 PM
To:
full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure]
Exploiting an online store
I was reading an article about an attacker that could have
Red-Database-Security GmbH - Oracle Reports Security Advisory
Generic SQL Injection Vulnerability in Oracle Reports via Lexical
References
NameGeneric SQL Injection Vulnerability in Oracle
Reports
This is https://bugzilla.mozilla.org/show_bug.cgi?id=281851
It seems that this is assigned to
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2395 (in July
'05) too.
- Juha-Matti
___
Full-Disclosure - We believe in it.
Charter:
Hi Juha!
I have informed the vendor Netscape being affected on 9th
September 2005.
I did the same on the 10th of September - still no reply nor official
statement from Netscape which makes me a little worried.
Good to know. It seems that's their way to act.
They had a coverage Security
On Thu, 15 Sep 2005 03:29:25 +0200, Gadi Evron said:
Check the date of the article. That company no longer exists and SQL
injections are not THAT big of an issue for established eCommerce sites
as they were in 1999.
Which is exactly why the previous posting on the list was an SQL injection
Summary about Firefox IDN buffer overflow vulnerability workarounds in
Netscape Browser
[a new, more informative title used]
Instructions and methods described at Mozilla Foundation Security
Advisory What Firefox and Mozilla users should know about the IDN
buffer overflow security issue
-
Fedora Legacy Update Advisory
Synopsis: Updated CUPS packages fix security issue
Advisory ID: FLSA:163274
Issue date:2005-09-14
Product: Red Hat Linux, Fedora Core
Keywords:
-
Fedora Legacy Update Advisory
Synopsis: Updated squirrelmail package fixes security issues
Advisory ID: FLSA:163047
Issue date:2005-09-14
Product: Red Hat Linux, Fedora Core
-
Fedora Legacy Update Advisory
Synopsis: Updated Zlib packagea fix security issues
Advisory ID: FLSA:162680
Issue date:2005-09-14
Product: Fedora Core
Keywords: Bugfix
CVE
-
Fedora Legacy Update Advisory
Synopsis: Updated mozilla packages fix security issues
Advisory ID: FLSA:160202
Issue date:2005-09-14
Product: Red Hat Linux, Fedora Core
Keywords:
I know that bad programming habits exist on some of the sites out there and
still use Hidden fields to pass prices over.. Although not very commonI
found one this morning after sending the email...
My question is more on the theory I suppose... What laws are out there to
protect
I would have thought that obtaining value by deception is just simple fraud.
The detection of the incident and prosecution of the guilty is usually more
challenging than committing the offence, I understand.
Lyal
I know that bad programming habits exist on some of the sites out there and
still
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 812-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 15th, 2005
List: full-disclosure
Subject:[Full-disclosure] NUL Character Evasion
From: ju () heisec ! de
Date: 2005-09-13 21:24:42
The Problem:
Internet Explorer ignores NUL characters
-- i.e. ascii characters with the value 0x00 -- most
security software does
28 matches
Mail list logo
