-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 809-3 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
On Sat, 5 Nov 2005, Brian Dessent wrote:
Robert Kim Wireless Internet Advisor wrote:
Nick, hi... why would you want to filter out the digests? will this
eliminate digests from my subscriptioin?
It would have nothing to do with *sending* the digests, and everything
to do with stopping
Hey;
Do you guys know
On Sun, 30 Oct 2005, [EMAIL PROTECTED] wrote:
Send Full-Disclosure mailing list submissions to
full-disclosure@lists.grok.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 885-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
Kira wrote:
Dear All
I wrote Snort Back Orifice Preprocessor Exploit for Win32 targets. It's
for educational purpose only.
This exploit was tested on
- Snort 2.4.2 Binary + Windows XP Professional SP1
- Snort 2.4.2 Binary + Windows XP Professional SP2
- Snort 2.4.2 Binary + Windows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 884-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
On 06 Nov 05, at 01:00, [EMAIL PROTECTED] wrote:
Then you never really understood the implementation, seems. Of
course
all implementations keep the content of the directory as read with
getdents or so in the DIR descriptor. But it is usually not the case
that the whole content fits into the
SEC-CONSULT Security Advisory 20051107-0
=
title: toendaCMS multiple vulnerabilites
program: toendaCMS
vulnerable version: 0.6.2
homepage: www.toenda.com
SEC-CONSULT Security Advisory 20051107-1
===
title: Macromedia Flash Player ActionDefineFunction
Memory Corruption
program: Macromedia Flash Plugin
On Sun, Nov 06, 2005 at 10:10:10PM -0600, Ron DuFresne wrote:
On Sat, 5 Nov 2005, Brian Dessent wrote:
Robert Kim Wireless Internet Advisor wrote:
Don't security professionals know how to use email
for god's sake?
What makes you think at this day in age, security professionals are no
Vulnerability: Open Pizza Databases and Email
Severity: Burnt Cheese
Vuln. Researcher: Yo! Noid Attack Squad
Did you expect Papa John's pizza to really care about their own
privacy policy? I hope not. How about a database of about 10,000
Papa Johns customers who complained over the past three
NetBSD 2.1 below ptrace() local root exploit.
___
To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com
___
===
Ubuntu Security Notice USN-214-1 November 07, 2005
libungif4 vulnerabilities
CVE-2005-2974, CVE-2005-3350
===
A security issue affects the following Ubuntu releases:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 887-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
Zone Labs Products Advance Program Control and OS Firewall (Behavioral
Based) Technology Bypass Vulnerability
I. PRODUCT BACKGROUND
ZoneAlarm Pro and Internet Security Suite with its a new level of protection
is what Zone Labs calls an OS Firewall based on Behavior Based Analysis
has gone
I'm going to allow a few domain names to expire that might be of
interest to somebody else on the list... If you want them, let me know
and I'll transfer them to you just before they expire and you can renew
them yourself.
They are:
UNFAIRDISCLOSURE.COM
UNFAIRDISCLOSURE.ORG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 888-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory:Multiple vulnerabilities in PHPlist
Name:TKADV2005-11-001
Revision:1.0
Release Date:2005/11/07
Last Modified: 2005/11/07
Author: Tobias Klein (tk
Suresec Security Advisory - #8
07/11/2005
Mac OS X (xnu) - Multiple information leaks.
Advisory: http://www.suresec.org/advisories/adv8.pdf
Description:
The Mac OS X kernel has several information leaks.
In certain cases this might be sensitive information, such as portions of
the file
Security Advisory 20051107-1===title:
Macromedia Flash Player ActionDefineFunction
Memory Corruptionprogram: Macromedia Flash Plugin vulnerable version: flash.ocx v7.0.19.0 and earlier
libflashplayer.so before 7.0.25.0
All well known security companies and CERTs not list Flash Player 5.x at
all, it seems they don't see that version as supported.
Many advisories said today Macromedia Flash Player 7.0.19.0 and prior
are affected.
From Macromedia itself:
Affected Software Versions
Flash Player 7.0.19.0 and
I was interested in getting feedback from current mail group users.We have mirrored your mail list in a new application that provides a more aggregated and safe environment which utilizes the power of broadband.Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version adds broadcast
===
Ubuntu Security Notice USN-215-1 November 07, 2005
fetchmail vulnerability
CVE-2005-3088
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty
Hello all,
Can someone explain how to apply security patches on the system without
rebooting the machine?
I guess that I cant patch the kernel without compiling and rebooting the
machine, so the only way is with iptables and keeping the daemons fresh?
Regards,
Carlos Silva,
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3501
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:205
http://www.mandriva.com/security/
On 11/6/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I don't see how that is relevant; the typical use of readdir() is as follows:
DIR *dirp = opendir(name);
while ((dent = readdir(dirp)) != NULL) {
...
}
closedir(dirp);
Nothing other
#
#
#
# Advisory #1 Title:
#
# RANKBOX = XSS vulnerability
Hey,
Can someone explain how to apply security patches on the system without
rebooting the machine?
I guess that I cant patch the kernel without compiling and rebooting the
machine, so the only way is with iptables and keeping the daemons fresh?
Well, if you have a customised kernel you'll
On Tue, 08 Nov 2005 09:03:32 +1000, Stuart Low said:
Well, if you have a customised kernel you'll probably find that your
need to reboot with a new kernel becomes fairly low (Kernel level
exploits are fairly rare, especially remote ones).
If you've upgraded services probably the easiest way
Carlos Silva aka |Danger_Man| wrote:
Can someone explain how to apply security patches on the system without
rebooting the machine?
If you are interested in Windows patches (I apologise for the market-speak):
http://www.determina.com/solutions/liveshield.html
On Linux you can just restart the
On Mon, 07 Nov 2005 18:05:11 PST, Alexander Sotirov said:
On Linux you can just restart the patched service of course. Most package
managers (i.e. dpkg and rpm) will do it for you after the update.
Note that rpm will only do that if the person who packaged the updated RPM
specified a
[EMAIL PROTECTED] wrote:
...
Had they done so, we would never have had to use readdir_r() and progammers
would not have introduced bugs in the (mis)use of pathconf, over allocating,
etc.
I would be interested in seeing any real-world use of readdir_r() in
a context where readdir_r() is required
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:205
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 889-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 8th, 2005
35 matches
Mail list logo
