[Full-disclosure] [SECURITY] [DSA 834-1] New prozilla packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 834-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 1st, 2005

[Full-disclosure] [SECURITY] [DSA 833-1] New mysql-dfsg-4.1 packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 833-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 1st, 2005

RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC

Paul Laudanski >> If you're still using version 3 its time to upgrade. There is a version 6 out now. >> And in their press release, only the free is affected. Funny !! Thanks for suggestion :P -Original Message- From: Paul Laudanski [mailto:[EMAIL PROTECTED] Sent: Saturday, October

RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC

On Sat, 1 Oct 2005, Debasis Mohanty wrote: > Paul Laudanski wrote: > >> This "exploit" was tested by members at CastleCops and found to be > untrue: > > Unfortunately not !! Besides Zone Alarm free version it has been tested for > ZA Pro 3x and it works like a charm. Again Symantec SecurityFocus

[Full-disclosure] UPDATE: [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [UPDATE] GLSA 200509-11:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] Buffer-overflow and directory traversal bugs in Virtools Web Player 3.0.0.100

### Luigi Auriemma Application: Virtools Web Player and probably also other applications which can read the Virtools files but I can't test http://www.virtools.com Versio

RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC

Paul Laudanski wrote: >> This "exploit" was tested by members at CastleCops and found to be untrue: Unfortunately not !! Besides Zone Alarm free version it has been tested for ZA Pro 3x and it works like a charm. Again Symantec SecurityFocus has probably tested this for ZA Pro 5.1. so they have m

[Full-disclosure] iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability

RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability iDEFENSE Security Advisory 09.30.05 www.idefense.com/application/poi/display?id=311&type=vulnerabilities September 30, 2005 I. BACKGROUND RealPlayer is an application for playing various media formats, developed by RealNetw

[Full-disclosure] [USN-192-1] Squid vulnerability

=== Ubuntu Security Notice USN-192-1 September 30, 2005 squid vulnerability CAN-2005-2917 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog)

[Full-disclosure] SA Security Bulletin: Zorch Vulnerability in Rhino Snarf Java Interpretor

_ Sexy Action Security Bulletin SASB-2005-09-30-GR8-2B-EL8 Zorch Vulnerability in Rhino Snarf Java Interpreter _

[Full-disclosure] Contact to webmaster of messages.yahoo.com - bbs application sends broken HTTP header

Hi, it's not really security related, but it looks like it is impossible to find a contact address. Reason for contact is that while using a more strict content filter engine (WebWasher) between client and server we found that "bbs" application on messages.yahoo.com send broken HTTP header:

[Full-disclosure] [SECURITY] [DSA 832-1] New gopher packages fix several buffer overflows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 832-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze September 30th, 2005

[Full-disclosure] [ GLSA 200509-21 ] Hylafax: Insecure temporary file creation in xferfaxstats script

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200509-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] apachetop insecure temporary file creation

# apachetop insecure temporary file creation Vendor: http://clueful.shagged.org/apachetop/ Advisory: http://www.zataz.net/adviso/apachetop-09022005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low ###

[Full-disclosure] RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein

Hi list. I checked some ideas and think that reflected XSS in user-agent and other http request headers fileds (cookies for example) can be exploited via http request smuggling\splitting cache poisoning attacks using described techniques. So vendors who discard such vulnerabilities as not explotab

[Full-disclosure] [SECURITY] [DSA 831-1] New mysql-dfsg packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 831-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze September 30th, 2005

[Full-disclosure] [ GLSA 200509-20 ] AbiWord: RTF import stack-based buffer overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200509-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [SECURITY] [DSA 830-1] New ntlmaps packages fix information leak

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 830-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze September 30th, 2005

Re: [Full-disclosure] exploit frameworks

There's additional value to an exploit framework for many penetration testing specialists: being able to write exploits faster sometimes makes it possible to impress clients with a shell, rather than simply showing them a POC crash. Having good shellcode libraries for various platforms is a nic