==
Layered Defense Advisory 13 September 2006
==
1) Affected Software
Symantec AntiVirus Corporate Edition 10.0
Symantec AntiVirus Corporate Edition 9.0
Symantec AntiVirus Corporate Edition 8.1
==
POC did nothing for my Foxit PDF reader. No www-page was opened and no
script was executed. Maybe you folks should just dump the clumsy and
insecure Acrobat Reader and move onto something better for reading .pdf
documents? ;)
--
My computer security & privacy related homepage
http://www.ma
Title: Hotmail/MSN Multiple cross site scripting (
XSS )
Author: Securma MassineMorX Security
Research Teamhttp://www.morx.org
Original Advisory/Xploit : http://www.morx.org/msnxss.txt
Vulnerability : Multiple cross site scripting ( XSS
) Severity: Medium/High
Description : msn.com
I have tested both of the examples and no warning boxes are showing.
It seams that everybody is getting different results. Interesting!
On 9/13/06, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote:
Proof of Concept for example 1 (backdoored1.pdf) opened with Adobe Reader 7.0.8
(i.e. no browser plug-i
I installed 7.0.8 (latest version) for testing.
If the document is loaded from the browser you receive no warning.
v7.0.8 seems to warn the user if the document is loaded from the
desktop.
I think this has to do with different Adobe contexts.
--
David Kierznowski
On 13/09/06, pdp (architect) <
On FD, and in several other security forums, Hadmut Danisch
<[EMAIL PROTECTED]>, a respected German information security analyst,
recently published a harsh critique of one optional feature in the
SID800, one of the newest of the six SecurID authentication tokens --
some with slightly differe
[EMAIL PROTECTED] to me:
> ===
> So you agree with the
> thinking part of the world
> that GWB and his so-
> called "advisors" are a
> bunch of idiots...
> ==
> I don't recall seeing your credentials for even belonging to that group,
> let alone t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SA0013 - Public Advisory
+
+ Mailman 2.1.8 Multiple Security Issues +
+
PUBLISHED ON
Sep 13, 2006
PUBLIS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Netragard, L.L.C Advisory* ***
~ Strategic Reconnaissance Team
~
~ http://www.netragard.com -- "We make I.T. Safe.
Nick FitzGerald -
===
So you agree with the
thinking part of the world
that GWB and his so-
called "advisors" are a
bunch of idiots...
==
I don't recall seeing your credentials for even belonging to that group,
let alone the memo that appointe
It is always possible to check the installed Acrobat plug-in with the following
test URL:
http://gemal.dk/browserspy/acrobat.html
(FF and MSIE)
The following command works only in Gecko-based browsers:
about:plugins
- Juha-Matti
___
Full-Disclosur
Yes, the first example opens MSIE without any user interaction when visiting
your PoC link with Firefox 1.5.0.6.
This issue is more serious due to recent unpatched issues and public exploits
in IE.
- Juha-Matti
David Kierznowski <[EMAIL PROTECTED]> wrote:
I installed 7.0.8 (latest version)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
BRAVO! Well done bkfsec!!
It seems that most everybody knows the truth except those still
blinkered by the Neocons and their media brainwashing campaign.
BTW, quite a good related article by Manuel Valenzuela (for those
interested) can be found
Proof of Concept for example 1 (backdoored1.pdf) opened with Adobe Reader 7.0.8
(i.e. no browser plug-in used) issued a Security Warning dialog box:
"The document is trying to conenct to the site:
http://www.google.com/owned.html
If you trust the site click "Allow", otherwise click "Block"."
Op
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1176-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
September 13th, 2006
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
___
McAfee, Inc.
McAfee Avert(tm) Labs Security Advisory
Public Release Date: 2006-09-12
Apple QuickTime Multiple Vulnerabilities
CVE-2006-4382, CVE-2006-4384, CVE-2006-4385, CVE-2006-4386,
CVE-2006-4388, CVE-2006-4389
Recently, there has been alot of hype involving backdooring various
web technologies. pdp (arcitect) has done alot of work centered around
this area.
I saw Jeremiah Grossman mention PDF's being "BAD", however, I was
unable to easily locate any practical reasons as to why. I decided to
investigate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1175-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
September 13th, 2006
[EMAIL PROTECTED] wrote:
It's not a joke Gary.
If you are attempting to make the claim that Saddam NEVER had WMD you are
either Profoundly Misinformed, Astonishingly Ignorant of Late 20th Century
History; or simply Lying.
Wow. How utterly intellectually dishonest of you...
Saying that the
Phenoelit Advisory
[ Title ]
Cisco Systems IOS VTP multiple vulnerabilities
[ Authors ]
FX <[EMAIL PROTECTED]>
Phenoelit Group (http://www.phenoelit.de)
Advisoryhttp://www.phenoelit.de/stuff/CiscoVTP.txt
[ Affected Products ]
Cisco I
[EMAIL PROTECTED] wrote:
> Contex -
>
>
>
>> If you consider that America are
>> able to lie about the weapons of mass
>> destruction and then admit it,
>
> "America" never lied about WMD.
> America is not in a posit
===
Ubuntu Security Notice USN-345-1 September 13, 2006
mailman vulnerabilities
CVE-2006-2941, CVE-2006-3636
===
A security issue affects the following Ubuntu releases:
Ubuntu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1161-2[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 13th, 2006
NetPerformer Frame Relay Access Device (FRAD) ACT Multiple Vulnerabilities
.<=[ Arif Jatmoko ]=>.
Release Date : 8 July 2006
Product Affected :
- NetPerformer FRAD ACT SDM-95xx version 7.xx (R1), earlier, and
possibly newer
- NetPerformer FRAD ACT SDM-93xx versio
The Hacker's Choice is proud to release
http://www.thc.org/thc-nokia-unlock
The tools exploits a design flaw on nokia mobile phones
to remove the phone-lock.
>From Nokia's webpage:
"The Phone Lock prevents your phone data from being accessed if
your phone is stolen.
"The l
28 matches
Mail list logo