[Full-disclosure] MDKSA-2005:213 - Updated php packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:213 http://www.mandriva.com/security/

[Full-disclosure] MOCM deadline

thinkin' is interesting i'm forwarding hoping someone will find it useful. > Metro Olografix cultural telematics association, for the second edition > of the MOCM (Metro Olografix Crypto Meeting) that will take place in > Pescara approximately between the end of January and the beginning of > Febr

Re: [Full-disclosure] Administrivia: Noise

## Security Community statement by n3td3v As the real n3td3v I would like to join John Cartwright in his calls for calm during this difficult time. Obviously on the date mentioned where emotions were running high things were said that might not have been appropriate in retrospect of events. The c

RE: [Full-disclosure] freeftpd USER bufferoverflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What a leet poc so - -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de KF (lists) Envoyé : mercredi 16 novembre 2005 14:31 À : full-disclosure@lists.grok.org.uk Objet : re: [Full-disclosure] freeftpd USER

[Full-disclosure] Senao SI-680H VoIP Wifi phone undocumented open port

I disclosed today the following vulnerability at the 32nd CSI conference in Washington, D.C. Thanks, Shawn Merdinger === VENDOR: Senao VENDOR NOTIFIED: 28 June, 2005 VENDO

[Full-disclosure] Zyxel P2000W (Version1) VoIP Wifi phone multiple vulnerabilties

I disclosed today the following vulnerabilities at the 32nd CSI conference in Washington, D.C. Thanks, Shawn Merdinger === VENDOR: Zyxel PRODUCT: Zyxel P2000W Version 1 VOIP

[Full-disclosure] UTstarcom F1000 VoIP Wifi phone multiple vulnerabilities

I disclosed today the following vulnerabilities at the 32nd CSI conference in Washington, D.C. Thanks, Shawn Merdinger === VENDOR: UTStarcom VENDOR NOTIFIED: 27 June, 2005 v

[Full-disclosure] Hitachi IP5000 VoIP Wifi phone multiple vulnerabilities

I disclosed today the following vulnerabilities at the 32nd CSI conference in Washington, D.C. Thanks, Shawn Merdinger === VENDOR: Hitachi PRODUCT: Hitachi IP5000 VOIP WIFI

[Full-disclosure] MDKSA-2005:212 - Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:212 http://www.mandriva.com/security/

Re: [Full-disclosure] Database servers on XP and the curious flaw

While it still may not be "millions of people" several products come bundled with the desktop edition of SQL Server 2000, and I'm sure many will come with SQL Server 2005 Express. As far as I can tell by reading the paper (but not testing it myself) these are probably vulnerable as well if the con

Re: [Full-disclosure] Database servers on XP and the curious flaw

James Tucker wrote: > Long day? It will be. -Eliah ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Was: n3td3v.com, now: C.Meinel

Please don't ever think to put the discussion on the level of personal attacks. It's not an attack; it's karma. Also a way of looking after the community. No one is interested, and it's only in the interests of that I beg to differ. ___ Full-Discl

RE: [Full-disclosure] Database servers on XP and the curious flaw

Long day? > -Original Message- > From: Eliah Kagan [mailto:[EMAIL PROTECTED] > Sent: 16 November 2005 18:45 > To: [EMAIL PROTECTED] > Cc: bugtraq@securityfocus.com; > full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] > Subject: Re: [Full-disclosure] Database servers on XP and the > curi

Re: [Full-disclosure] Database servers on XP and the curious flaw

James Tucker wrote (off-list): > I think you mis-read the paper, this is NOT the fault of MS, who'se DBS is > NOT vulnerable due to PROPER authentication > design with the host OS. Yeah, you're right. What am I saying...? Forget everything I just said in this thread... I apologize to everybody

Re: [Full-disclosure] Database servers on XP and the curious flaw

David Litchfield wrote: > Hi Eliah, > > >David Litchfield wrote: > >> Hey all, > >> I've just put up a paper on a curious flaw that appears when running a > > >My intent is not to MS-bash here, but perhaps Microsoft is to blame > >for not educating people about this issue. (If they had, your paper

re: [Full-disclosure] freeftpd USER bufferoverflow

The default configuration is not vulnerable unless the Logging option "Log events" is checked. -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.

Re: [Full-disclosure] Database servers on XP and the curious flaw

Hi Eliah, David Litchfield wrote: Hey all, I've just put up a paper on a curious flaw that appears when running a My intent is not to MS-bash here, but perhaps Microsoft is to blame for not educating people about this issue. (If they had, your paper would be superfluous.) Usually if milli

Re: [Full-disclosure] Database servers on XP and the curious flaw

David Litchfield wrote: > Hey all, > I've just put up a paper on a curious flaw that appears when running a > database server on Windows XP with Simple File Sharing enabled. The flaw > essentially allows a remote attacker to gain access to the database, > sometimes with DBA privileges, without know

[Full-disclosure] CMP Media Acquires Black Hat

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/11-15 -2005/0004216861&EDATE= - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Davide Del Vecchio "Dante Alighieri" [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.alighieri.org http://www.ezln.it -

Re: [Full-disclosure] Was: n3td3v.com, SHUT THE FUCK UP!

Trolling is a two-way street. There is the troll and people that can't help but get a word in. All of these threads would have gone away long ago if everyone just ignored it. By the way, social engineering is a big part of security.On 11/16/05, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:

Re: [Full-disclosure] Kiddiots Today

Thats right I am the ass that keep prodding to continue posting. The point being you just keep provoking more by not letting it go.On 11/15/05, Aditya Deshmukh < [EMAIL PROTECTED]> wrote: and you replied to it again. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf O

[Full-disclosure] Cisco Security Advisory: Fixed SNMP Communities and Open UDP Port in Cisco 7920 Wireless IP Phone

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Fixed SNMP Communities and Open UDP Port in Cisco 7920 Wireless IP Phone Document ID: 68179 Advisory ID: cisco-sa-20051116-7920 http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml Revision 1.0 For Public

[Full-disclosure] mambo remote code sexecution

a vulnerability exist in globals.php when register_globals is off and allow remote code inclusion   this a GLOBALS overwrite   in components/com_content/content.html.phpthere is the line:require_once( $GLOBALS['mosConfig_absolute_path'] . '/includes/HTML_toolbar.php' );okda globals.php:if (!ini_get

[Full-disclosure] [ GLSA 200511-14 ] GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] Database servers on XP and the curious flaw

Hey all, I've just put up a paper on a curious flaw that appears when running a database server on Windows XP with Simple File Sharing enabled. The flaw essentially allows a remote attacker to gain access to the database, sometimes with DBA privileges, without knowledge of a valid password. To be h

Re: [Full-disclosure] Three years and ten months without a patch

On 11/16/05, Barrie Dempster <[EMAIL PROTECTED]> wrote: [...] > Are we forgetting slammer ? A worm that attacked a product which you > would expect to be used in a similar way. > > Backend or not, the system should be patched, being backend is not a > justifiable reason for not patching the system.

Re: [Full-disclosure] Three years and ten months without a patch

On Wed, 2005-11-16 at 10:19 +0100, Marco Ermini wrote: > On 11/15/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > > So why not start teaching some lessons David and release exploit code. > > It seems that is the only way they learn and take thing seriously. > > Rarely this software did not run in a

[Full-disclosure] 30gigs SQL injection vulnerability

I found a sql injection vulnerability, which leads to password disclosure in 30gigs.com email service. The vulnerability exists in http://www.30gigs.com/getpassword/ page due to lack of validation of user submitted data. Proof of Concept: enter http://www.30gigs.com/getpassword/ and copy & paster t

Re: [Full-disclosure] another filename bypass vulnerability - from cmd.exe

It also work for windowsXp 2 and with other ext .   i.e exe.txt.exe.pdf ..  On 11/16/05, Aditya Deshmukh <[EMAIL PROTECTED]> wrote: Was doing some testing [xfocus-AD-051115]Ie Multiple antivirus failed to scanmalicous filename bypass vulnerability The system is windows 2000 sp4 srp5 withall ot

[Full-disclosure] another filename bypass vulnerability - from cmd.exe

Was doing some testing [xfocus-AD-051115] Ie Multiple antivirus failed to scan malicous filename bypass vulnerability The system is windows 2000 sp4 srp5 with all other patches upto date. At the command prompt cmd.exe execute the following with the results. I copy and paste from cmd.exe -

[Full-disclosure] [USN-216-1] GDK vulnerabilities

=== Ubuntu Security Notice USN-216-1 November 16, 2005 gtk+2.0, gdk-pixbuf vulnerabilities CVE-2005-2975, CVE-2005-2976, CVE-2005-3186 === A security issue affects the following

Re: [Full-disclosure] Meeting Room Names

Native.Code wrote: Something not related to vulnerabilities you guys are requested to suggest names for our meeting rooms. We don't want to call them with sad names like Room A, Board Room etc. but something interesting. Our office in Bavaria, Germany, is located in an old house with stucco un

[Full-disclosure] freeftpd USER bufferoverflow

Hi,   While drooling over my new Adriana Lima wallpaper, my tongue accidentally hit my keyboard and more than 1012 chars were sent to the login screen of my freeftpd server (which i use to backup my Adriana Lima pics). Guess what...the server crashed! Luckily I attach ollydbg to every process I hav

Re: [Full-disclosure] Was: n3td3v.com, now: C.Meinel

On 11/16/05, Byron Sonne <[EMAIL PROTECTED]> wrote: > > Carolyn Meinel wrote: > > I'd be wary of anything Ms. Meinel has to say: > http://attrition.org/errata/charlatan/shame/index2.html > > The info's old but some leopards don't change their spots. Please don't ever think to put the discussion o

[Full-disclosure] Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability

Alert7, you forgot to test the vulnerability on NOD32 antivirus. It's actually very famous and quite reliable product so I think you should definitively test it too. Cheers Yog-Sotho "[EMAIL PROTECTED]

Re: [Full-disclosure] Three years and ten months without a patch

On 11/15/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > So why not start teaching some lessons David and release exploit code. > It seems that is the only way they learn and take thing seriously. Rarely this software did not run in a what is considered "secured" environment - I mean, this is rarely

RE: [Full-disclosure] Was: n3td3v.com, SHUT THE FUCK UP!

Damn shut the fuck up all bunch of kiddies searching friends and leave FD for what it is , SECURITY!   De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de poo Envoyé : mercredi 16 novembre 2005 10:05 À : full-disclosure@lists.grok.org.uk Objet : Re: [Full-disclosure] Wa

Re: [Full-disclosure] How to discover customers of hosting company for n3td3v.com

hey carolyn where the nekkid pics at? On 11/15/05, Epic <[EMAIL PROTECTED]> wrote: Carolyn Meinel wrote:> That silly post about n3td3v.com led to fun playtimes with the > Scottsdale, AZ web farm that hosts it.>> Name:n3td3v.com> Address:  64.202.167.129>> Nslookup of 64.202.167.129 gives:> Nam

Re: [Full-disclosure] Was: n3td3v.com, now: C.Meinel

throw the filthy wench off the starboard bow yaaar On 11/16/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: On 11/15/05, Byron Sonne <[EMAIL PROTECTED]> wrote:>  > Carolyn Meinel wrote: >> I'd be wary of anything Ms. Meinel has to say:> http://attrition.org/errata/charlatan/shame/index2.html>> The i

Re: [Full-disclosure] Not the real n3td3v

yeah we want gobbles !! gobble gobble gobble  On 11/15/05, Rembrandt <[EMAIL PROTECTED] > wrote: On Tue, 15 Nov 2005 12:21:02 -0600n3td3v n3td3v < [EMAIL PROTECTED] > wrote:> People,> actions such as this are what keeps these things going.ack> Until people just ignore idiots it will still happen.a