SEC-CONSULT Security Advisory 20060613-0
===
title: HTML Code Injection in Outlook Web Access
program: Outlook Web Access
vulnerable version: Exchange 2000 (SP3), 2003 (SP1), 2003 (SP2)
===
Ubuntu Security Notice USN-297-1 June 13, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779,
CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2786,
CVE-2006-2787
===
Ubuntu Security Notice USN-288-4 June 13, 2006
dovecot regression
https://launchpad.net/bugs/49601
===
A security issue affects the following Ubuntu releases:
Ubuntu
===
Ubuntu Security Notice USN-298-1 June 13, 2006
libgd2 vulnerability
CVE-2006-2906
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
===
Ubuntu Security Notice USN-299-1 June 13, 2006
dhcdbd vulnerability
https://launchpad.net/bugs/49104
===
A security issue affects the following Ubuntu releases:
It may or may not be illegal. However it can provide the authorities
with just-cause to seize your equipment to verify you have not been in
their systems (or anyone elses). Nothing may ever come of it legally,
but your systems could end up sitting in an evidence room for years,
at the very least,
On 6/13/06, Ken Dunham [EMAIL PROTECTED] wrote:
I'm getting port 21 connection attempts every 5 minutes from about
half a dozen of my network users.
Hi,
Sounds like FTP and SSH attacks that are opportunistically launched by
Romanian attackers to date...
Given that the connections coming
==
Secunia Research 14/06/2006
- PicoZip zipinfo.dll Multiple Archives Buffer Overflow -
==
Table of Contents
Affected
==
Secunia Research 14/06/2006
- CMS Mundo SQL Injection and File Upload Vulnerabilities -
==
Table of Contents
Affected
==
Secunia Research 14/06/2006
- DeluxeBB SQL Injection and File Inclusion Vulnerabilities -
==
Table of Contents
Affected
===
For public distribution.
===
New website launched.
===
n3td3v group launched a new website last night and is ready for web traffic.
===
We pride ourselves in our continued work with the underworld at Google and Yahoo.
===
We
Description:
A query like select str_to_date( 1, NULL ); crashes mysqld.
Unaffected versions:
*= 4.1.18
*= 5.0.19
*= 5.1.6
For more details:
http://bugs.mysql.com/bug.php?id=15828
--
Kanatoko[EMAIL PROTECTED]
Open Source WebAppFirewall
http://guardian.jumperz.net/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1097-1[EMAIL PROTECTED]
http://www.debian.org/security/ Dann Frazier, Troy Heber
June 14th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SUSE Security Announcement
Package:sendmail
Announcement ID:SUSE-SA:2006:032
Date:
I would appreciate hearing a little feedback on this idea.
It strikes me that phishers and spammers have a vulnerability that we have
not yet exploited. They collect information, granted the returns are small
but since email is cheap they send out tons and those tons net them a
profitable return.
On each page, and at the bottom like a watermark is
Never trust your employees
Too harsh?
.pn.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of n3td3v
Sent: Wednesday, June 14, 2006 10:04 AM
To:
A simple SQL query can delete all records from the same IP/machine, if
the counter is above 2.
Presto, database cleaned. Also the phiser will now that at that address
there's someone who knows better. Remove the address from the database
and add a newbie clueless address instead.
Best-case
===
Ubuntu Security Notice USN-300-1 June 14, 2006
wv2 vulnerability
CVE-2006-2197
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
===
Ubuntu Security Notice USN-301-1 June 14, 2006
kdebase vulnerability
CVE-2006-2449
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
A query based on IP has the same problems everyone else has with IP address;
it would immediately remove everyone using the same proxy, or who happened
to get the same IP from a point of presence, or from a load balancer...
It might just be that a merchant trying to advertise this way and getting
Realistic. Also the also very harsh slogan don't steal music didn't
hurted Apple at all.
On Wed, 14 Jun 2006 12:29:28 -0700
Patrick Nolan [EMAIL PROTECTED] wrote:
PN On each page, and at the bottom like a watermark is
PN
PN Never trust your employees
PN
PN Too harsh?
PN
PN .pn.
PN
PN
n3td3v group befriends some of the biggest blackhats on the internet
to get between them.
WTF?
On 6/14/06, Cardoso [EMAIL PROTECTED] wrote:
Realistic. Also the also very harsh slogan don't steal music didn't
hurted Apple at all.
On Wed, 14 Jun 2006 12:29:28 -0700
Patrick Nolan [EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1098-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
June 14th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1099-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
June 14h, 2006
Yes, but where are the promised zerodays
?
vaporware ?
- Original Message -
From:
n3td3v
To: full-disclosure@lists.grok.org.uk
; [EMAIL PROTECTED]
Sent: Wednesday, June 14, 2006 6:03
PM
Subject: [Full-disclosure] All new
anti-cyber terror website
Summary
Date: 14 Jun 2006
Vendor: Sun Microsystems, Inc.
Name: iPlanet Messaging Server
Version: 5.2 HotFix 1.16 (built May 14 2003)
Vuln: msg.conf symlink attack
Severity: high
Software description
The iPlanet Messaging Server is a software product that
I'm seeing a ton of HTTP requests in the following fashion:
GET index.html - 80 - ip address HTTP/1.1 fuujcbjbGbagkmkGuj7kmgnebl
+qekaf - - website.com 302 0 0 532 206 218
The random string would normally be the user-agent. I can't help but
think this is a bot of some sort.
Anybody know of
They're all busy coding the Duke Nukem Forever 0Day exploits...
On Wed, 14 Jun 2006 21:07:18 +0100
Aaron Gray [EMAIL PROTECTED] wrote:
AG Yes, but where are the promised zerodays ?
AG
AG vaporware ?
AG - Original Message -
AG From: mailto:[EMAIL PROTECTED]n3td3v
AG To:
-Original Message-
From: Shannon Johnston
Sent: Wednesday, June 14, 2006 10:17 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Strange HTTP requests
I'm seeing a ton of HTTP requests in the following fashion:
GET index.html - 80 - ip address HTTP/1.1
It's all from one source IP, but the requests are for various files from
various websites hosted on my servers. Different domains, different
files, even different file types.
It's making about 8-10 GET requests at the same time, then does it again
almost exactly a minute later.
I can't remember
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
n3td3v,
You are a proper goose.
You've lost all credibility here (if you ever had any to begin
with), yet you persist.
There's been many posts trying to explain this to you in different
ways, yet you've ignored the wisdom. Most have been polite,
Are all of the user strings the same?On 6/14/06, Shannon Johnston [EMAIL PROTECTED] wrote:
It's all from one source IP, but the requests are for various files fromvarious websites hosted on my servers. Different domains, different
files, even different file types.It's making about 8-10 GET
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:101
http://www.mandriva.com/security/
Am Mittwoch, 14. Juni 2006 21:30 schrieb Cardoso:
A simple SQL query can delete all records from the same IP/machine, if
the counter is above 2.
Ha, you think phisher are that smart? I for myself hit the button
only once with fake credentials from my dynamic IP.
If everybody does it... Well...
I was not clear, sorry. A good semi-unique-id must use IP, browser
version and other data collected from the http headers. Of course the IP
alone is not enough.
(except for marketing guys, who trully believe we can magically know
exactly now many people are browsing the site..)
On Wed, 14 Jun
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:102
http://www.mandriva.com/security/
Found a new javascript escape for yahoo webmail, works with explorer,
cookie stealing can begin yet again.
You must give a correct source address to be able to get a cookie. Do
not abuse, thx.
Proof-of-concept (kind-of):
http://zmailhost.ath.cx/
php0t
www.zorro.hu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:103
http://www.mandriva.com/security/
On Wed, 14 Jun 2006 18:03:30 BST, n3td3v said:
We pride ourselves in our continued work with the underworld at Google and
Yahoo.
And here we all thought Google's corporate slogan was Don't be evil, and
now we find out there's devil worshippers there
pgpv24yqCBI88.pgp
Description: PGP
My guess is that the person requesting these is building or using a
HTTP Request library / plugin which generates random user agents. From
CPAN this is true of PoCo::Client::HTTP which they may be using or
something related.
if you do this you are not curing the problem, rather you are making it
worse. This will never stop phishers from sending emails and you will
tell them that you are an active victim, so they will flood you more!
Saeed
Geo. wrote:
I would appreciate hearing a little feedback on this idea.
It
On 6/15/06, Geo. [EMAIL PROTECTED] wrote:
I would appreciate hearing a little feedback on this idea.
It strikes me that phishers and spammers have a vulnerability that we have
not yet exploited. They collect information, granted the returns are small
but since email is cheap they send out tons
The promised 0-days are about as real as n3td3v himself.On 6/15/06, Aaron Gray [EMAIL PROTECTED] wrote:
Yes, but where are the promised zerodays
?
vaporware ?
- Original Message -
From:
n3td3v
To:
full-disclosure@lists.grok.org.uk
; [EMAIL PROTECTED]
Sent:
Michael Weinert to Cardoso:
A simple SQL query can delete all records from the same IP/machine, if
the counter is above 2.
You think most (some?) spammers use SQL servers to store their stolen
identity data?
I've only ever seen scripted Email, other folks' formmail and plain
text file on
You have to look more carefully, there actually ARE some 0day techniques
described on the page.
If the buffer limit set by the program can be increased, then your
enterprise class software is compromised, along with data held on local
hosts.
also known as 'buffer limit exaltation' or 'memory
-Original Message-
[EMAIL PROTECTED] On Behalf Of n3td3v
Sent: Thursday, June 15, 2006 3:04 AM
To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]
Subject: [Full-disclosure] All new anti-cyber terror website
===
For public distribution.
===
if you do this you are not curing the problem, rather you are making it
worse. This will never stop phishers from sending emails and you will
tell them that you are an active victim, so they will flood you more!
Why would they flood me more? It's not like you can hide your email address
if you
hey, a valid mail address, let's forward it to my buddy Joe Spammer and
his \/|agra pills
It almost as bad as clicking the remove bait some spammers post within
their messages.
On Wed, 14 Jun 2006 21:22:08 -0400
Geo. [EMAIL PROTECTED] wrote:
G if you do this you are not curing the problem,
hey, a valid mail address, let's forward it to my buddy Joe Spammer and
his \/|agra pills
It almost as bad as clicking the remove bait some spammers post within
their messages.
If you're replying to a spam you just received, assume we are beyond caring
about this.
Geo.
Hi folks:Can I get this file somewhere else? Like a web site or something. This gmail thing detects it as a virus. I doub't yahoo will let it pass still, that's wht i don;t ask anyne to send it to me ;). I wonder who asked to have an stupid scanner in the e-mail that you can't disable. I don't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:104
http://www.mandriva.com/security/
Title: Message
That
doesn't work any more.
Another one, for Internet Explorer however does work that i found the
other day.
Send
yourself one using my POC :)
http://zmailhost.ath.cx/
or
http://zmail.zorro.hu/
php0t
/ zorro.hu
-Original Message-From:
[EMAIL PROTECTED]
Just another fucking rotten mess...
- Original Message -
From: Geo. [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk
Sent: Thursday, June 15, 2006 2:37 AM
Subject: Re: [Full-disclosure] Phishing and Spammers
hey, a valid mail address, let's forward it to my buddy Joe
Here's a site that does something similar http://www.419eater.com/ .
This site is targeted at 419 scammers out of Africa. I don't know
exactly how much good their work does, but it's pretty funny sometimes.
Dave King
http://www.remotecheckup.com
Why not encourage everyone to reply to
Salut,
On Thu, 2006-06-15 at 02:24 +0900, Kanatoko wrote:
A query like select str_to_date( 1, NULL ); crashes mysqld.
mysql Ver 14.12 Distrib 5.0.18, for -netbsd (alpha) using EditLine
wrapper
- not affected
mysql Ver 14.7 Distrib 4.1.15, for pc-linux-gnu (i486) using readline 5.1
-
56 matches
Mail list logo