-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 834-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 1st, 2005
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 833-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 1st, 2005
Paul Laudanski
>> If you're still using version 3 its time to upgrade. There is a version
6 out now.
>> And in their press release, only the free is affected.
Funny !! Thanks for suggestion :P
-Original Message-
From: Paul Laudanski [mailto:[EMAIL PROTECTED]
Sent: Saturday, October
On Sat, 1 Oct 2005, Debasis Mohanty wrote:
> Paul Laudanski wrote:
> >> This "exploit" was tested by members at CastleCops and found to be
> untrue:
>
> Unfortunately not !! Besides Zone Alarm free version it has been tested for
> ZA Pro 3x and it works like a charm. Again Symantec SecurityFocus
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200509-11:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
###
Luigi Auriemma
Application: Virtools Web Player and probably also other applications
which can read the Virtools files but I can't test
http://www.virtools.com
Versio
Paul Laudanski wrote:
>> This "exploit" was tested by members at CastleCops and found to be
untrue:
Unfortunately not !! Besides Zone Alarm free version it has been tested for
ZA Pro 3x and it works like a charm. Again Symantec SecurityFocus has
probably tested this for ZA Pro 5.1. so they have m
RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability
iDEFENSE Security Advisory 09.30.05
www.idefense.com/application/poi/display?id=311&type=vulnerabilities
September 30, 2005
I. BACKGROUND
RealPlayer is an application for playing various media formats,
developed by RealNetw
===
Ubuntu Security Notice USN-192-1 September 30, 2005
squid vulnerability
CAN-2005-2917
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
_
Sexy Action Security Bulletin
SASB-2005-09-30-GR8-2B-EL8
Zorch Vulnerability in Rhino Snarf Java Interpreter
_
Hi,
it's not really security related, but it looks like it is impossible to
find a contact address.
Reason for contact is that while using a more strict content filter engine
(WebWasher) between client and server we found that "bbs" application on
messages.yahoo.com send broken HTTP header:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 832-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 30th, 2005
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
#
apachetop insecure temporary file creation
Vendor: http://clueful.shagged.org/apachetop/
Advisory: http://www.zataz.net/adviso/apachetop-09022005.txt
Vendor informed: yes
Exploit available: yes
Impact : low
Exploitation : low
###
Hi list.
I checked some ideas and think that reflected XSS in user-agent and
other http request headers fileds (cookies for example) can be exploited
via http request smuggling\splitting cache poisoning attacks using
described techniques.
So vendors who discard such vulnerabilities as not explotab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 831-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 30th, 2005
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200509-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 830-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 30th, 2005
There's additional value to an exploit framework for many penetration
testing specialists: being able to write exploits faster sometimes makes
it possible to impress clients with a shell, rather than simply showing
them a POC crash. Having good shellcode libraries for various platforms
is a nic
19 matches
Mail list logo