Re: [Full-disclosure] MiTM with https there are any tools ?

Thnx a lot for all the replies. The tool that most adapt to my needs was the last one, from Claes Nyberg - It's a really great tool man, thanks a lot. The stogare method is also well organized and get the right bytes in both directions - i was able even to unzip java classes embedded :-)

[Full-disclosure] For Sale: Security Vulnerability Database Company

Apologies if this email is not appropriate for this list. We have been appointed to facilitate the sale of company which has developed and maintains a security vulnerability database, thus are looking for potential buyers for our client. The company maintains a database of all security

[Full-disclosure] HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit

-- HYSA-2006-005 h4cky0u.org Advisory 014--Date - Wed March 08 2006 TITLE:== WordPress 2.0.1 Remote DoS Exploit SEVERITY:= Medium SOFTWARE:= Wordpress 2.0.1 and prior

[Full-disclosure] [SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 987-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff March 7th, 2006

[Full-disclosure] [SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 988-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff March 8th, 2006

[Full-disclosure] dikline.com official message.

The full disclosure posting about ruby backdoor is fake. We are looking into the source of this Jason Savora. Please disreguard his comments. [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter:

[Full-disclosure] RevilloC mail server USER command heap overflow

1-title: Revilloc mail server USER command heap overflow Product: Revilloc MailServer and Proxy v 1.21 (http://www.revilloC.com) The mail server is a central point for emails coming in and going out from home or office The service will work with any standard email client that supports POP3 and

[Full-disclosure] Remote access to NeuSecure/Netcool backend database via web interface credentials leakage

-= DDSi Security Report =- March 8th, 2006- Another credentials leak was found in Netcool/NeuSecure Security Information Management platform which leads to remote backend database access with

[Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoS problem

Are you sure about that amplification process?? Actually if the packet reaches huge sizes it will be fragmented at the attacker's own place cuz of the network equipment's mtu... or won't be transmitted at all... The concept of the smurf attack is in sending large amount of spoofed packets to the

[Full-disclosure] Re: PHP-based CMS mass-exploitation

On Tue, 7 Mar 2006, Daniel Bonekeeper wrote: 83.84.14X.XXX - - [06/Mar/2006:18:18:12 -0500] GET

[Full-disclosure] Cisco PIX embryonic state machine 1b data DoS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arhont Ltd - Information Security Arhont Advisory by: Konstantin V. Gavrilenko (http://www.arhont.com) http://www.hackingciscoexposed.com Arhont ref: arh200601-1 Advisory: Cisco PIX

[Full-disclosure] PHP-based CMS mass-exploitation

This is not the first time that we see those kind of attacks, but on the recent days, I've noticed those requests on my webservers with a considerable frequency: 83.84.14X.XXX - - [06/Mar/2006:18:18:12 -0500] GET

RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem

In the scenario you describe, I cannot see any actual amplification... I'll give you a senario where you can see. lets say you have 2 name servers that are local to you. I setup a domain, example.com. In this domain I create a text record which is 100K in length, I don't know, perhaps I paste

Re: [Full-disclosure] elevating privileges from Admin to SYSTEM

Regarding... It's been a while since I played on a Windows box, but I believe you can also create a service which launches a useful process (e.g.: explorer.exe, cmd.exe) as Local System. Furthermore, I believe that you can do this as a Power User too. Must check a bit that service

Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem

Sorry, I don't see this as amplification in your example, because YOUR dns servers are 100% of the traffic. 1:1 ratio. Now, if you get the world to cache your text records, and have THEM flood with source-spoofed UDP (unrelated to the victim's DNS servers), that'd work, and is actually a

Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem

On Wed, 8 Mar 2006, Security Lists wrote: Sorry, I don't see this as amplification in your example, because YOUR dns servers are 100% of the traffic. 1:1 ratio. Once the first request to the nameservers is made, the object should be cached by the nameservers. Instead of one packet to each

RE: [Full-disclosure] PHP-based CMS mass-exploitation

This is a mambo based exploit. There are linux based worm variants which compromise an site running a vulnerable version of Mambo and then execute a malicious perl script which in turns attempts to exploit remote sites. Harry Original Message Subject: [Full-disclosure]

[Full-disclosure] [ MDKSA-2006:054 ] - Updated kdegraphics packages fixes overflow vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:054 http://www.mandriva.com/security/

[Full-disclosure] %5BFull-disclosure%5D%2018%20ways%20to%20escalate%20privileges%20in%20Zone%20Labs%0A%09ZoneAlarm%20Security%20Suite%20build%206.1.744.000In-Reply-To=

It appears that some of the characters in the previous post were not HTML safe. The original article can be found at: a href=http://reedarvin.thearvins.com/20060308-01.html;http://reedarvin.thearvins.com/20060308-01.html/a ___ Full-Disclosure - We