[Full-disclosure] [ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Re: [Full-disclosure] Microsoft Excel Embedded Shockwave Flash Object Flaw [Fix Released]

Finally MS released the fix for CVE-2006-3014 along with others - http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx Regards, -d -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Debasis Mohanty Sent: Friday, October 06, 2006 1:02 AM To: [E

[Full-disclosure] [ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:218 http://www.mandriva.com/security/ ___

Re: [Full-disclosure] GNU tar directory traversal

Hello, [EMAIL PROTECTED] wrote: > no. Not agreed. -C is for changing the directory *before processing the > remaining arguments*. So, if you don't want tar to overwrite files, you > have to use -w. Siim was right, -w is a workaround. Therefore it is - in opposite to my former opinion - a secur

Re: [Full-disclosure] Anonymizing RFI Attacks Through Google

Gadi Evron wrote: > Noam Rathaus on using Google to anonymize attacks on websites: > http://blogs.securiteam.com/index.php/archives/746 > By placing a URL on any web page, Google will find it, visit it and > then index it. With this mechanism, it is possible to anonymize > attacks on third party w

Re: [Full-disclosure] GNU tar directory traversal

Hello, Siim Põder wrote: > But not outside cwd or another directory specified by the -C option. > Agreed? Great. no. Not agreed. -C is for changing the directory *before processing the remaining arguments*. So, if you don't want tar to overwrite files, you have to use -w. GTi