-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1000-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 14th, 2006
I think you try to remove the slash at the end...
What about the logs ?
Alice Bryson a écrit :
BTW, this kind of ip address would not always work. i try to use
http://2887060730/ to access an internal web server
http://172.21.12.250, but failed.
It said 400 bad request.
I use Windows XP
IE5 was the last version of IE to support that kind on octal URL. In IE6 it has
been deprecated.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Julien GROSJEAN
- Proxiad
Sent: 14 March 2006 08:45
To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]
(I recommend you read the original, as many parts of the text are links to
other resources)
http://www.osvdb.org/blog/?p=104
US Government Studies Open Source Quality
US Government Studies Open Source Quality reads the SlashDot thread, and it
certainly sounds interesting. Reading deeper,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1001-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
March 14th, 2006
Octal with eights in it?? As mentioned, it works works fine with
IE6 if you remove the final /
No. it was decimal.
FWIW, here's a quickie way to convert between the 3
(hex,decimal,dottedquad) -- all of which work in URLs.
Also .. the security zone bypass trick I mentioned earlier is
I'm sorry, but relying on some statistical analysis tool to certify
code is utter bullshit. Sure, this thing is useful in finding bonehead
mistakes and certainly is a worthy tool, but code that passes cannot be
considered defect free. This leads to a serious false sense of
security...and a sense
Do you know what Full Disclosure mean?
Go posting your shit anywhere else.
Regards
Expanders
just0days wrote:
I sell an Internet Explorer 0day. Command execution - Internet zone.
Are you interested? Make
an offer.
Bye
___
Full-Disclosure - We
i offer you a handfull magic beans !
- Original Message -
From: Expanders [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk
Sent: Wednesday, March 15, 2006 2:23 AM
Subject: Re: [Full-disclosure] Internet Explorer 0day
Do you know what Full Disclosure mean?
Go posting your shit
I'll start the bidding at $950.I've also got BIND 8 and IIS stuff for trade.
On 3/14/06, just 0days
[EMAIL PROTECTED]
wrote:I sell an Internet Explorer 0day. Command execution - Internet zone. Are you interested? Make an offer.
Bye
___
Alain,
Check the FAQ at:
http://www1.cs.columbia.edu/~salman/skype/
They present two distinct methods for blocking Skype.
Guy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Will bid important information of use for all if exploit and not
just crash.
On Tue, 14 Mar 2006 09:16:26 -0800 Andrew A [EMAIL PROTECTED]
wrote:
I'll start the bidding at $950.
I've also got BIND 8 and IIS stuff for trade.
On 3/14/06, just 0days [EMAIL PROTECTED] wrote:
I sell an
On Sun, 12 Mar 2006 23:10:09 +0100, [EMAIL PROTECTED] said:
INSERT INTO `fdmail` VALUES (2077, '[EMAIL PROTECTED]',
'[EMAIL PROTECTED]');
And people wonder why I PGP sign everything.
pgpvn9aP7FtPs.pgp
Description: PGP signature
___
On Mon, 13 Mar 2006 14:49:45 EST, Tim said:
The issue brought up has to do with authentication, not encryption.
Authentication has to be good, or else encryption is 100% worthless.
Actually, encryption can do some good, even in the absence of authentication.
Even if the remote end is totally
I offer you a flaming bag of poo.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of just
0daysSent: Tuesday, March 14, 2006 6:53 AMTo:
full-disclosure@lists.grok.org.ukSubject: [Full-disclosure] Internet
Explorer 0day
I sell an Internet Explorer 0day. Command execution -
You got that when you chose to use IE. =]
-KF
Soderland, Craig wrote:
I offer you a flaming bag of poo.
**
___
Full-Disclosure - We believe in it.
Charter:
On Tue, 14 Mar 2006 13:38:31 EST, Soderland, Craig said:
I offer you a flaming bag of poo.
Trying to use social engineering to extract his real snail-mail address? :)
pgpkjKNpVuSOG.pgp
Description: PGP signature
___
Full-Disclosure - We believe in
You got that when you chose to use IE. =]
Mozilla isn't any better these days. Let's all
improve on netcat!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-004.html
March 14, 2006
-- CVE ID:
CVE-2006-0028
-- Affected Vendor:
Microsoft
-- Affected Products:
Office 2000
Office XP
Office 2003
-- TippingPoint(TM) IPS Customer Protection:
Fortinet Security Advisory: FSA-2006-08
Microsoft Excel Column Index Improper Memory Access
Advisory Date : March 14, 2006
Reported Date : January 24, 2006
Vendor : Microsoft
Affected Products : Microsoft Excel 2003 Chinese Version
Fortinet Security Advisory: FSA-2006-09
Microsoft Excel Formula Size Stack Overflow
Advisory Date : March 14, 2006
Reported Date : January 24, 2006
Vendor : Microsoft
Affected Products : Microsoft Excel 2003 Chinese Version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oooh, if that's the bidding, I'm sure that I've got a Sendmail one
round here somewhere ;-)
xyberpix
Blog: http://blogs.securiteam.com
On 14 Mar 2006, at 17:16, Andrew A wrote:
I'll start the bidding at $950.
I've also got BIND 8 and IIS
Hello,
I'm sorry to bother you.I'm justcurious. I was surfing and hit a familiar tide pool I say familiar, because I'm on the mistral.cz network inCzech Republic, My ISP is the
www.mistral.cz or chello.upc.cz they are about the onlyreal gig in this town or state rather when it comes to
This is Brandon Kovacs. I have changed my email address, it is now
[EMAIL PROTECTED] Thank you!
--
-Brandon Kovacs
www.brandonkovacs.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Hi.
For those who didn't attend to Black Hat Europe nor
EuSecWest, here is the paper on which the presentation
was based.
WLSI - Windows Local Shellcode Injection
Abstract:
This paper describes a new technique to create 100%
reliable local exploits for Windows
operating systems, the technique
Actually, encryption can do some good, even in the absence of authentication.
Even if the remote end is totally unauthenticated, you have at least
guaranteed
that nobody is doing any passive sniffing of the content in transit. You've
at least forced an attacker to mount an active MitM
hi there
It is very strange thing. I have done the following tries.
trying result
http://172.21.12.250success
http://2887060730 failed
http://2887060730/ failed
telent 2887060730 80 failed
ping 2887060730
hi there
It is very strange thing. I have done the following tries.
trying result
http://172.21.12.250success
http://2887060730 failed
http://2887060730/ failed
telent 2887060730 80 failed
ping 2887060730
On Tue, Mar 14, 2006 at 12:04:57PM -0700, Don Bailey wrote:
You got that when you chose to use IE. =]
Mozilla isn't any better these days. Let's all
improve on netcat!
Well, OpenBSD's has an option to work via HTTP proxies in the upcoming
3.9 release... ;-)
Joachim
hi, i'm italian..my eng is not very
good..:D
i'm search a BNCexploit..
is possible to connect all server?it's a
question..
tnx
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
= CodeScan Advisory, codescan.com [EMAIL PROTECTED]
=
= Multiple Vulnerabilities In ASPPortal.net
=
= Vendor Website:
= http://www.aspportal.net
=
= Affected Version:
=Version 3.00
=
= Researched By
=CodeScan Labs
= CodeScan Advisory, codescan.com [EMAIL PROTECTED]
=
= Unauthenticated Arbitrary File Read in Horde v3.09 and prior
=
= Vendor Website:
= http://www.horde.org
=
= Affected Version:
=Versions prior to and including
Yes
On Tue, 14 Mar 2006 15:14:21 -0800 [CTN]-BongSnoTbOmBs[CTN]
[EMAIL PROTECTED] wrote:
hi, i'm italian..my eng is not very good..:D
i'm search a BNCexploit..
is possible to connect all server?it's a question..
tnx
Concerned about your privacy? Instantly send FREE secure email, no account
On 3/14/06, gboyce [EMAIL PROTECTED] wrote:
I tried this trick against my personal Apache 2 webserver, and got a 400
bad request as well. The apache log is showing Client sent malformed
Host header.
It looks like Apache is getting the decimal host header, and doesn't
understand what to do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Relase Date: 2006-03-15
CVE: CVE-2006-0031
Affected Products:
==
Microsoft Office Excel 2000
Microsoft Office Excel XP
Microsoft Office Excel 2003
Impact:
===
Microsoft Excel is a popular spreadsheet program of Microsoft Office
35 matches
Mail list logo