[Full-disclosure] [SECURITY] [DSA 1102-1] New pinball packages fix privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1102-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 26th, 2006

[Full-disclosure] error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2

Source: http://securityreason.com/achievement_securityalert/41 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2] Author: Maksymilian Arciemowicz (cXIb8O3) Date: - -Written: 10.6.2006 - -Public: 26.06.2006 from SECURITYREASON.COM CVE-2006-3011 - ---

[Full-disclosure] Whitepaper: IT (in)security implementation in a real world example

Greetings to the list, I have written a short paper on principles and failures of IT security based on a real-world example of a (yet unpublished) issue with DB CarSharing - a German car rental company. Extract: Preface This paper is not meant to be a disclosure or accusation. Although it is b

Re: [Full-disclosure] ................................................Oo...............................................

On 6/25/06, xyberpix <[EMAIL PROTECTED]> wrote: N3td3v yep, Valdis and Todd, I'm not too sure I understand why? Could you let me in on your reasoning, afaik Todd has always contributed decent stuff to this list. Just wanna know the reasoning behind your comment, that's all. xyberpix xber

Re: [Full-disclosure] ................................................Oo...............................................

N3td3v yep, Valdis and Todd, I'm not too sure I understand why?Could you let me in on your reasoning, afaik Todd has always contributed decent stuff to this list.Just wanna know the reasoning behind your comment, that's all.xyberpixOn 22 Jun 2006, at 23:39, nirvana wrote:I agree with you.People

[Full-disclosure] Is Windows TCP/IP source routing PoC code available?

Greetings to the list, As known, Microsoft did announce a security vulnerability concerning an overflow within the TCP/IP stack implementation when source routing fields are used: http://www.microsoft.com/technet/security/bulletin/MS06-032.mspx Is anyone aware of an exploit or POC code for th

[Full-disclosure] Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow

Author:JAAScois Date: 25.6.2006 Type: Heap Overflow Product: http://live.com , http://messenger.msn.com Patch: N/A Link : http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html -- Best Regards, Aleksander Hristov < root at securitydot.net > < http://sec

[Full-disclosure] hlink.dll: is IE affected?

MSRC says in http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx : this is actually a vulnerability in hlink.dll which is a Windows component so has much wider exposure than just Excel, as identified also e.g. in http://www.auscert.org.au/6421 http://www.kb.cert.org/vuls/id/39

Re: [Full-disclosure] MS Excel Remote Code Execution POC Exploit

yes i do have confirmed this in a post to bugtraq,the issue is with hlink.dll On 6/25/06, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote: It appears that two references mentioned in code posting (see Advisories) are erroneous. Code posting says about error while handling malformed URL strings; i.e