[Full-disclosure] Snort's BO pre-processor exploit

Hi, Just wanna point out a small exploit release for a remotely vulnerability in Snort's Back Orifice pre-processor found by ISS recently. http://www.thc.org/download.php?t=e&f=THCsnortbo.c Have fun, --rd/thc ___ Full-Disclosure - We believe in it.

[Full-disclosure] [SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 870-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 25th, 2005

Re: [Full-disclosure] Revised draft on ICMP attacks

Fuck you too and close the fucking list! no disclosure for life!On 10/24/05, John Cartwright <[EMAIL PROTECTED]> wrote: On Mon, Oct 24, 2005 at 06:23:15PM +0200, Joxean Koret wrote:> On 10/24/05, Fernando Gont <[EMAIL PROTECTED]> wrote:> >> >> >> > Feedback is welcome, noise should go to /dev/null

Re: [Full-disclosure] vhost enumeration

[EMAIL PROTECTED] wrote : > I think a zone transfer would be the only authoritative resource. This would only work for a given domain name. What if the server have several domains? -- Christophe Garault ___ Full-Disclosure - We believe in it. Chart

[Full-disclosure] Network Appliance iSCSI Authentication Bypass

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 # Security Advisory: Network Appliance iSCSI Authentication Bypass ## Origin Date: Wed Aug 3 2005 ## Publication Date: Mon Oct 24 2005 ## Synopsis Unauthenticated iSCSI Initiators can bypass iSCSI authentication on NetApp Filers by manipulating the

[Full-disclosure] [ GLSA 200510-20 ] Zope: File inclusion through RestructuredText

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200510-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 200510-21 ] phpMyAdmin: Local file inclusion and XSS vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200510-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] PHP iCalendar CSS

endar/mail2.txt VII. CVE INFORMATION No CVE at this time. VIII. DISCLOSURE TIMELINE 20051023 Bug discovered 20051024 Working exploit written 20051025 Sikurezza.org notification 20051025 Initial vendor notification 20051025 Initial vendor response 20051025 Vendor CVS fix 20051025 Public disclosure

Re: [Full-disclosure] vhost enumeration

On Tue, 25 Oct 2005 12:18:54 +0200, Zanzibar said: > [EMAIL PROTECTED] wrote : > > > I think a zone transfer would be the only authoritative resource. > > This would only work for a given domain name. What if the server have several > domains? Even worse, there may be multiple DNS and webserve

Re: [Full-disclosure] Revised draft on ICMP attacks

On Tue, Oct 25, 2005 at 11:48:26AM +0200, Joxean Koret wrote: > Fuck you too and close the fucking list! > no disclosure for life! Consider yourself moderated. Folks here are posting constructive information that others find useful. If you believe the information to be incorrect, you are entitled

Re: [Full-disclosure] Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte

Quoting Andrey Bayora <[EMAIL PROTECTED]>: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte. AUTHOR: Andrey Bayora (www.securityelf.org) Some file types like .bat, .html and .eml can be properly executed even if they have some "unrelated" beginning.

[Full-disclosure] [SECURITY] [DSA 871-1] New libgda2 packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 871-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 25th, 2005

[Full-disclosure] Continued threat continues

It has been reported via the n3td3v group news wire that the group has surpassed its 600th member, adding to speculation that the group, hosted on the Google Groups network is only going to grow larger. The founder n3td3v since 1999 has been responsible for a number of vendor-side reported inciden

[Full-disclosure] Skype security advisory

Synopsis The EADS/CRC security team discovered a flaw in Skype client. Skype is a P2P VoIP software that can bypass firewalls and NAT to connect to the Skype network. Skype is very popular because of its sound quality and ease of use. Skype client is available for Windows, Lin

Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.

I can confirm that this vulnerability in IE can be used in the following applications: . Invision Gallery . Vbulletin . Hotmail.com . Most "photo gallery" scripts Then I gave up looking. Surprised this doesn't have more coverage. On 10/23/05, Tatercrispies <[EMAIL PROTECTED]> wrote: This is a

[Full-disclosure] [SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 871-2 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 25th, 2005

[Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability

SEC-CONSULT Security Advisory 20051025-0 == title: Snoopy Remote Code Execution Vulnerability program: Snoopy PHP Webclient vulnerable version: 1.2 and earlier homepage: http

[Full-disclosure] SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS

SEC-CONSULT Security Advisory 20051025-1 = title: RSA ACE Web Agent XSS program: RSA ACE/Agent for Web vulnerable version: 5.1, 5.1.1 newer versions may be vulnerable

Re: [Full-disclosure] SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS

I believe 5.2 and 5.3 are vulnerable as well, there are other fun bugs hiding in there too :) Filemon rocks. -HD On Tuesday 25 October 2005 15:26, Bernhard Mueller wrote: > This flaw was discovered in version 5.1 of RSA Agent for Web. No other > versions were available for testing. Web Agents >5

[Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.

On Sat, 22 Oct 2005, K-Gen Gen wrote: > phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. > > I sent the report to phpBB and they said that a patch will be available > withing a few days and It will be integrated into 2.0.18 . > > Note: This works like XSS, and requires the

Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.

On 10/25/05, Paul Laudanski <[EMAIL PROTECTED]> wrote: Anyone have other ideas on this?  I've already implemented some code tovalidate file input and its working.  But is this the right approach? Since it is an IE issue, you may as well be using HttpOnly cookies. It isn't a perfect fix, but maybe

[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.

On Tue, 25 Oct 2005, Tatercrispies wrote: > On 10/25/05, Paul Laudanski <[EMAIL PROTECTED]> wrote: > > > > > > Anyone have other ideas on this? I've already implemented some code to > > validate file input and its working. But is this the right approach? > > > > Since it is an IE issue, you may a

RE: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte

Hello Andrey, Few comments on this - Correct me if I am wrong, "forged magic byte" might not always be able to fool the AV in real scenario (especially EXEs) unless you are talking about Static Virus scanners. In past few years the AV scanning technology has improved a lot and has gone even beyon

[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.

On 10/25/05, Paul Laudanski <[EMAIL PROTECTED]> wrote: If sites want to stay online that make use of dynamic content to someextent the onus is on them to do proper input validation.  There are PHPfunctions which permit for checking.  But again, they work well when checking local images. Both Opera

Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte

Hello Debasis, Please see my inline comments below. Thanks. Regards, Andrey - Original Message - From: "Debasis Mohanty" <[EMAIL PROTECTED]> To: "'Andrey Bayora'" <[EMAIL PROTECTED]>; Cc: Sent: Tuesday, October 25, 2005 7:17 PM Subject: RE: [Full-disclosure] Multiple Vendor Anti-Virus

Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well).

By prepending image headers you can often fool php/IE. This technique has been used successfully to bypass php checking and renders the php upon access. --- ÿØÿà JFIF --- or ---

[Full-disclosure] MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:193 http://www.mandriva.com/security/

[Full-disclosure] [SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 548-2 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 26th, 2005

Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well).

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Morning Wood wrote: > By prepending image headers you can often fool php/IE. > This technique has been used successfully to bypass php checking > and renders the php upon access. > --- > ÿØÿà JFIF > so

Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well).

On Wed, 26 Oct 2005 00:18:23 CDT, Matthew Murphy said: > It is unclear to me if this is an SP2-only issue. If it is, it can be > effectively mitigated by setting "Open files by content, not file > extension" to "Disable". At the very least, Microsoft should turn off > this disastrous mistake of