Re: [Full-disclosure] [ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability

Dear [EMAIL PROTECTED], smc> References: smc> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 Description Unspecified vulnerability in HP Tru64 UNIX 4.0F PK8 up to 5.1B-3 and HP Internet Express for Tru64 UNIX 6.3 through 6.5, when running Sendmail, might allow remote

Re: [Full-disclosure] Acrobat reader 7.0.8 released

Good work, Paul. This KB document #327817 had time stamp 'Last edited - 05/31/2006' during your post. It says '06/08/2006' now. It appears that Secunia published (first) advisory today: http://secunia.com/advisories/20576/ Their severity is Moderately Critical (3/5). - Juha-Matti Paul Szabo <[

[Full-disclosure] Advisory: Unauthorized password recovery in phpBannerExchange

Advisory: Unauthorized password recovery in phpBannerExchange RedTeam identified an SQL injection that can be triggered due to a bad user input sanitization in phpBannerExchange. It is possible to recover a password of an user and thereby overtake his account. Details === Product: phpBanner

[Full-disclosure] Advisory: Authentication bypass in phpBannerExchange

Advisory: Authentication bypass in phpBannerExchange RedTeam identified two SQL injections in phpBannerExchange. It is possible to bypass user authentication with them. Details === Product: phpBannerExchange Affected Versions: All versions up to phpBannerExchange 2.0 RC5 Fixed Versions: 2.0

Re: [Full-disclosure] Is there a way to trace back Tor user

This is covered in the Tor FAQ:http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-a79d22244cc04ca5472832cbcc315198b875f34c The best attack that I know of right know involves measuring latency to each Tor node and correlating that with transmissions at the destination server. The latency goe

[Full-disclosure] notepad oddatiy

could some one tell me why/how this happens. 1. Open up Notepad 2. Type in this sentence exactly (without quotes): "this app can break" 3. Save the file to your hard drive. 4. Close Notepad 5. Open the saved file by double clicking it. Instead

RE: [Full-disclosure] notepad oddatiy

> >-Original Message- > >From: [EMAIL PROTECTED] [mailto:full- > >[EMAIL PROTECTED] On Behalf Of John Bond > >Sent: Friday, June 16, 2006 12:12 AM > >To: full-disclosure@lists.grok.org.uk > >Subject: [Full-disclosure] notepad oddatiy > > > >could some one tell me why/how this happens. > >

Re: [Full-disclosure] notepad oddatiy

On 6/16/06, John Bond <[EMAIL PROTECTED]> wrote: could some one tell me why/how this happens. unicode -- mic (fd tech support) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsore

RE: [Full-disclosure] notepad oddatiy

Absolutely not, just test it. You can use strings "Bush hid the facts" and "aa aaa aaa" mentioned at many source news too. Don't use carriage return. Works fine with my xp and w2k machines. - Juha-Matti --clip-- I hope this is a sick joke... ___

Re: [Full-disclosure] notepad oddatiy

Confirmed on xpsp2, fully patched. ~Mike. John Bond wrote: could some one tell me why/how this happens. 1. Open up Notepad 2. Type in this sentence exactly (without quotes): "this app can break" 3. Save the file to your hard drive. 4. Close N

[Full-disclosure] [USN-297-2] Thunderbird extensions update for recent security update

=== Ubuntu Security Notice USN-297-2 June 15, 2006 mozilla-thunderbird, thunderbird-quickfile updates === A security issue affects the following Ubuntu releases: Ubuntu 6.

Re: [Full-disclosure] notepad oddatiy

On 6/15/06, mikeiscool <[EMAIL PROTECTED]> wrote: On 6/16/06, John Bond <[EMAIL PROTECTED]> wrote:> could some one tell me why/how this happens. unicode-- mic (fd tech support)   i think you mean b0rkcode  ___ Full-Disclosure - We believe in it. Charter:

Re: [Full-disclosure] notepad oddatiy

ציטוט Juha-Matti Laurio: Absolutely not, just test it. You can use strings "Bush hid the facts" and "aa aaa aaa" mentioned at many source news too. Don't use carriage return. Works fine with my xp and w2k machines. It's a bug: http://blogs.msdn.com/michkap/archive/2006/06/14/631016.aspx -- ht

[Full-disclosure] [ GLSA 200606-17 ] OpenLDAP: Buffer overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200606-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 200606-18 ] PAM-MySQL: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200606-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 200606-19 ] Sendmail: Denial of Service

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200606-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Re: [Full-disclosure] [ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability

* 3APA3A <[EMAIL PROTECTED]> [2006-06-15 12:14:13 +0400]: > Dear [EMAIL PROTECTED], > > smc> References: > > smc> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 > > Description Unspecified vulnerability in HP Tru64 UNIX 4.0F PK8 up to > 5.1B-3 and HP Internet Express for

[Full-disclosure] SinFP 2.00 - a major release with many new features

Download: http://sourceforge.net/projects/sinfp/ Info: http://www.gomor.org/sinfp Mailing list: https://lists.sourceforge.net/lists/listinfo/sinfp-discuss NEWS FOR 2.00: - complete rewrite - sinfp.db completely reworked - new tests based on comparison between probe and response (TCP seq/a

Re: [Full-disclosure] notepad oddatiy

what's really interesting is that if you do that, then overwrite text (little black boxes) with anything else i.e. "this is random text". save the file, then revert back to the original text. it shows the text perfectly spooky :) On 15/06/06, Shoshannah Forbes <[EMAIL PROTECTED]> wrote: ציט

[Full-disclosure] rPSA-2006-0105-1 arts

/cvename.cgi?name=CVE-2006-2916 http://issues.rpath.com/browse/RPL-426 http://www.kde.org/info/security/advisory-20060615-2.txt Description: In previous versions of arts, the artswrapper program has a vulnerability which enables a local users to escalate to root privileges if

[Full-disclosure] rPSA-2006-0106-1 kdebase

/cvename.cgi?name=CVE-2006-2449 http://issues.rpath.com/browse/RPL-425 http://www.kde.org/info/security/advisory-20060615-1.txt Description: KDM allows the user to select the session type for login. This setting is stored in the user home directory. Previous versions of KDM will

Re: [Full-disclosure] RE: MySQL DoS

mysql 5.0.20 Community version under Windows XP Professional Query works fine, no crash at all. On Thu, 15 Jun 2006 15:50:21 -0400 "Brent Meshier" <[EMAIL PROTECTED]> wrote: BM> I am not able to reproduce this bug. BM> BM> mysql> select str_to_date( 1, NULL ); BM> ++

[Full-disclosure] RE: MySQL DoS

I am not able to reproduce this bug. mysql> select str_to_date( 1, NULL ); ++ | str_to_date( 1, NULL ) | ++ | NULL | ++ 1 row in set (0.00 sec) Brent Meshier Director IT Operations Global Transport Logisti

[Full-disclosure] [ MDKSA-2006:105 ] - Updated kdebase packages fix local vulnerability in kdm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:105 http://www.mandriva.com/security/ ___

[Full-disclosure] [ MDKSA-2006:106 ] - Updated mdkkdm packages fix local vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:106 http://www.mandriva.com/security/ ___

[Full-disclosure] RE: MySQL DoS

Salut, On Thu, 2006-06-15 at 15:50 -0400, Brent Meshier wrote: > I am not able to reproduce this bug. > > mysql> select str_to_date( 1, NULL ); > ++ > | str_to_date( 1, NULL ) | > ++ > | NULL | > ++ > 1 row