Anyone familiar with injecting ICMP or DNS packets with NC?
I heard HPING or Juggernaut may be the way to go?
JP
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - ht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:193-2
http://www.mandriva.com/security/
Valdis Kletnieks to me:
> > This is a Johnny come lately perversion of the real meaning of Trojan
> > Horse in reference to software. Trojan Horse, or simply Trojan,
> > software has always meant, and still does to anyone with a vague hint
> > of historical awareness, software that gets instal
Voyager Beta worm - not complete - maybe someone else has time to
look at it
set serveroutput on
set verify off
DECLARE
i1 INTEGER;
i2 INTEGER;
iHostToSearchFor INTEGER;
current_ipaddress VARCHAR2(100);
current_network VARCHAR2(100);
current_letter VARCHAR2(1);
c UTL_TCP.CONNECTION;
ln in
Hey mvp, you know they have their own mailing list where to advertise
this... + you don't mention about the repacking issue so it's useless
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Paul
Laudanski
Envoyé : lundi 31 octobre 2005 19:58
À : bugtraq@sec
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Stefan Esser wrote:
> Unfortunately for you, the CVS commit you quote has nothing todo with
> the XSS vulnerability in my advisory.
> My advisory covers "Input Validation Part 1" which you can read here
>
> http://viewcvs.php.net/viewcvs.cgi/php-
James,
My main focus was on Step 5
But you are correct.
-Todd
> -Original Message-
> From: James Eaton-Lee [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 31, 2005 2:06 PM
> To: Todd Towles
> Cc: Tim; Emmanuel Goldstein; full-disclosure@lists.grok.org.uk
> Subject: RE: [Full-disclos
[EMAIL PROTECTED] wrote:
Which is particularly amusing, given that the Trojan Horse written about by
Homer
was quite specifically a 'remote access Trojan' - a very small number of
soldiers
were hidden inside to open the gates for the main forces. If anything, the
use of the term to mean "remo
On Mon, 2005-10-31 at 10:48 -0600, Todd Towles wrote:
> Step 1 - Go to Google.
>
> Step 2 - Search for "filetype:pdf "
>
> Step 3 - Repeat Step 1 and Step 2 for all subjects needed.
>
> Step 4 - Remember to get quote sources for all work as a responsible
> researcher.
>
> Step 5 - http://www.g
* Stefan Esser:
> http://viewcvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c.diff?r1=1.245.2.2&r2=1.245.2.3
>
> I hope this is enough to convince you... (because your bug report has
> nothing todo with arrays not beeing escaped at all)
With current PHP, his URL happens to trigger the array es
Hello Matthew,
> http://cvs.php.net/diff.php/php-src/ext/standard/info.c?r1=1.252&r2=1.253&ty=u
>
> For the change marked "Input Validation Part 2". It uses ENT_QUOTES
> escaping as opposed to ENT_NOQUOTES escaping. The lack of escaping on
> quotes in entity attributes is the *EXACT* issue my bu
* Matthew Murphy:
> Nice try, Stefan.
>
> I reported this vulnerability more than three years ago (against 4.2.x)
> on October 12, 2002 via the PHP bug database. I was told to implement
> an .ini setting and the bug was marked "Bogus".
>
> For information, please see PHP Bug #19881:
> http://bugs
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Stefan Esser wrote:
> Mr. Murphy, I don't know what your problem is, but the bug you refer to
> and that is described in the bug tracker post is not the bug the
> advisory contains. Just because you reported some XSS vulnerability in
> phpinfo() d
This fixes numerous issues:
http://www.phpbb.com/support/documents.php?mode=changelog
Download: http://www.phpbb.com/downloads.php
--
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops(SM), http://castlecops.com
___
Full-Disclosure - We believ
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Nice try, Stefan.
I reported this vulnerability more than three years ago (against 4.2.x)
on October 12, 2002 via the PHP bug database. I was told to implement
an .ini setting and the bug was marked "Bogus".
For information, please see PHP Bug
Step 1 - Go to Google.
Step 2 - Search for "filetype:pdf "
Step 3 - Repeat Step 1 and Step 2 for all subjects needed.
Step 4 - Remember to get quote sources for all work as a responsible
researcher.
Step 5 - http://www.guidoz.com/tryhere.jpg - and remember it.
> -Original Message-
> F
Problems with your post:
A. Emmanuel Goldstein is already taken. Please don't use other people's
handles.
(http://en.wikipedia.org/wiki/Emmanuel_Goldstein)
B. You cross-posted to crap loads of lists. This is really annoying.
C. Why would we give you our presentations that we worked hard
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardened-PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: PHP File-Upload $GLOBALS Overwrite Vulnerability
Release Date: 2005/10/31
Last Modified: 2005/1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardened-PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: PHP register_globals Activation Vulnerability in parse_str()
Release Date: 2005/10/31
Last Modi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardened-PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()
Release Date: 2005/10/31
Last Modifie
Martijn Lievaart wrote:
> Hihi, clamav cought that... :-]
Your point?
Once upon a time it "cought" the GPL as a virus too...
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.
>
>> The virus scanner determined the type of the file by
>> the header and it failed. That's bad news. I am
>> wondering however, when I execute that file, how does
>> the OS process the file? I guess my question is, if I
>> have a modified version of a virus, with whatever
>> header, if I try to
Hi!
My name's Luis and I'm a computer science student from Spain. I'm
planning to organise a presentation at my university about all the
aspects about security, hacking and social engineering that a system
administration should be aware of and the thing is that I'm running
late so It would be grea
i'm on windows 2000 professional, SP4 Spanish.. and crash on first
reload :-(
AppName: iexplore.exeAppVer: 6.0.2800.1106 ModName: mshtml.dll
ModVer: 6.0.2800.1515Offset: 001ac530
> Windows Server 2003 Std Edition SP1 ITALIAN 32-bit
> (IE32-6.0.3790.1830, hardening service enabled
24 matches
Mail list logo
