Re: [Full-disclosure] Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability

Did Yahoo put out a security notification yet? I don't see any mention of a bug fix on the yahoo messenger page. And when I turn on my yahoo messenger (ver 8.0.0.701), shouldn't I be alerted to receive an update? - Siddhartha -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006

Hi. On 10/27/06, LIUDIEYU dot COM [EMAIL PROTECTED] wrote: Upon IE7 release, Secunia published SA22477 titled `Internet Explorer 7 mhtml: Redirection Information Disclosure`. It seems to be able to make redirecting with mhtml fail by returning the response by 201 or 202. There for, It is

[Full-disclosure] MHL-2006-003 Public Advisory: ezOnlineGallery Multiple Security Issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MHL-2006-003 - Public Advisory +---+ | ezOnlineGallery Multiple Security Issues | +---+ PUBLISHED ON October 26th,

Re: [Full-disclosure] Vulnerability automation and Botnet solutions I expect to see this year

*. Gadi Intelligence (very limited) On 10/26/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE-Hash: SHA1On Tue, 24 Oct 2006 10:52:58 -0500 Gadi Evron [EMAIL PROTECTED]wrote:So, what I am going to talk about... A tad bit of history onvulnerabilities and their use

[Full-disclosure] [ Capture Skype trafic ]

All is in the mail's subject. I need to match this crazy-encrypted-random trafic, to destroy it (I think I'm not alone to need informations on this product). I've found some work on the BlackHats slides, but skype updates.. Thx in advance. -- Tyop? Student. Excuse my english.

[Full-disclosure] parallels Desktop file permission notice

While testing the useful parallels for osx, i noticed that this piece of software: root 2818 0.0 0.031780152 ?? Ss5:33PM 0:01.57 /Library/StartupItems/Parallels/prl_dhcpd wrote this file: x:~ xxx$ ls -al /Library/Parallels/.dhcpd_configuration with the following

Re: [Full-disclosure] [ Capture Skype trafic ]

use a packet analyzer proxy bluecoat comes to mind as one that works quite well... Exibar - Original Message - From: Tyop? [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com Sent: Friday, October 27, 2006 7:27 AM Subject: [Full-disclosure] [

Re: [Full-disclosure] [ Capture Skype trafic ]

On 10/27/06, Exibar [EMAIL PROTECTED] wrote: From: Tyop? [EMAIL PROTECTED] All is in the mail's subject. I need to match this crazy-encrypted-random trafic, to destroy it (I think I'm not alone to need informations on this product). I've found some work on the BlackHats slides, but

Re: [Full-disclosure] Vulnerability automation and Botnet solutions I expect to see this year

On 10/27/06, poo [EMAIL PROTECTED] wrote: *. Gadi Intelligence (very limited) You are just jealous that he has a job in infosec,and you are a 3rd shift helpdesk technician.I guess the official ratio of trolls to normal people have passed 1:1 on FD, sweet!

[Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability

ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-035.html October 26, 2006 -- CVE ID: CVE-2006-5478 -- Affected Vendor: Novell -- Affected Products: Novell eDirectory 8.8.1 -- TippingPoint(TM) IPS

[Full-disclosure] Coppermine 1.4.9 SQL injection

// http://www.w4cking.com CREDIT: w4ck1ng.com PRODUCT: Coppermine 1.4.9 http://coppermine-gallery.net/ VULNERABILITY: SQL Injection NOTES: - SQL injection can be used to obtain password hash - You must be a registered user to access the vulnerable page,

[Full-disclosure] [ MDKSA-2006:188 ] - Updated mono packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:188 http://www.mandriva.com/security/

[Full-disclosure] [ MDKSA-2006:189 ] - Updated xsupplicant fixes possible remote root stack smash vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:189 http://www.mandriva.com/security/

[Full-disclosure] [ MDKSA-2006:190 ] - Updated mutt packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:190 http://www.mandriva.com/security/

[Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt)

The latest version of RFIDIOt, the open-source python library for RFID exploration/manipulation, contains code that implements the ICAO 9303 standard for Machine Readable Travel Documents in the form of a test program called 'mrpkey.py'. This program will exchange crypto keys with the

Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006

Dear Mi/aster Liu Die Yu, I would like to let you know that i know you and i greatly respect your work. I'm not a security expert, but when i speak about IE vulnerabilities; i speak about Liu Die Yu just as when i speak about oracle vulnerabilities, i speak about *Litchfield when i speak

[Full-disclosure] [ MDKSA-2006:192 ] - Updated ruby packages fix DoS vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:192 http://www.mandriva.com/security/

Re: [Full-disclosure] [ Capture Skype trafic ]

gabriel rosenkoetter wrote: (That said... keeping people from using Skype on a corporate network is an HR problem, not a network management/security problem, methinks, just like any P2P software.) Huh?? Final enforcement may be an HR problem, but if your corporate IT policies and system

Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability

On 10/27/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since October 26, 2006 by Digital Vaccine protection filter ID 4519. For further product information on the