It appears that OpenOffice.org has issued a patch for WMF/EMF heap overflow
vulnerability.
Both versions 1.1.x and 2.x are affected to this issue.
According to Bugzilla entry code execution is possible.
More details via
https://rhn.redhat.com/errata/RHSA-2007-0001.html
and
http://blogs.securite
> Sometimes, the track record is only good because nobody looked into it.
>
Nice quote...
-KF
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com
Anders B Jansson wrote:
> I'd say that it's a design decition, not sure that it's a design flaw.
> It's all down to what you try to protect.
> ... connecting any device not 100% controlled by the company to a company
> network is strictly forbidden, doing so would be regarded as intended
> sabota
CCC was amazing! I am definitely going next year again. For more videos
and presentations suggestions, skip to the link below.
One of the greatest surprises for me at 23C3 was my personal introduction
to Monochrom ( http://monochrom.at/ ,
http://en.wikipedia.org/wiki/Monochrom ), a group of hacker
And it makes a great phishing hole too.
Google for any banking pdf's
and attach your fake banking site to let the user login to read the article.
For example:
Send out an email pretending to come from Citibank, about a new
article on Wealth Management, with a link to the real article:
http://www.c
No, that is incorrect. This is not visible by the application because
achor tags are not sent to the webserver. This is completely invisible
to web application firewalls. Btw, a user on http://sla.ckers.org/ made
this recommendation for fixing your own browsers:
Firefox->Tools->Options->Conten
Stan Bubrouski wrote:
> You're forgetting that gmail has a feature to report phishing
> messages, that alone could give google quite a list of phishing sites
> given its userbase.
_And_ the "Report Web Forgery..." option in Firefox' Help menu also
reports the suspect URL to Google at:
http:/
I'm not sure if anyone else has posted this, but it looks to me like
Acrobat 6 and 7 are vulnerable, but not 8.
Also, all versions of Firefox are vulnerable, IE8 SP1 and earlier are,
but IE 6 SP2 and IE7 aren't.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog
Hi
>
> google toolbar
> or it buys/gets this information from some isp/companies/anybody with a big
> enough pipe ..
>
Perhaps they get mail in on gmail also ;) doh.
Bye,
Raymond.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.
===
Ubuntu Security Notice USN-398-2 January 03, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504
==
For those who haven't yet heard, fake Seal and PhD, "Dr." Bill
Hancock has finally left this world for less suspicious pasture, proving
that there *is* a God.
--
Yours,
J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF
"In the age-old contest between popularity and principle, only those
willing to l
good work
On 1/3/07, Stefano Di Paola <[EMAIL PROTECTED]> wrote:
> Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
>
> Original Advisory:
> http://www.wisec.it/vulns.php?page=9
>
> Original Discovery and Research:
> Stefano Di Paola
>
> Contribution:
> Giorgio Fedon (IE Dos, UXSS Analysis)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200701-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean
Access
Advisory ID: cisco-sa-20070103-CleanAccess
http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml
Revision 1.0
For Public Release 2007 January 03 1600 UTC
[EMAIL PROTECTED] wrote:
> Sorry about that but that's wrong. All the credits have to go to
> Stefano Di Paola and Giorgio Fedon. They presented that stuff at the
> 23C3 in Berlin.
the original paper is located here
http://events.ccc.de/congress/2006/Fahrplan/events/1602.en.html
probably Stefano
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
Original Advisory:
http://www.wisec.it/vulns.php?page=9
Original Discovery and Research:
Stefano Di Paola
Contribution:
Giorgio Fedon (IE Dos, UXSS Analysis)
Elia Florio (Poc and Code Execution analysis)
Status: Vendor Informed on 15 Octob
Before I begin to trash.
I do not reject any of the findings, most I'll argue that it's a matter of
perspective.
Ben Bucksch wrote:
> = Abstract =
>
> The Perforce client has a huge gapping security hole by design. It
> totally trusts the Perforce server and does whatever the server tells
> it
On Wed, 03 Jan 2007 10:58:55 +0100, Steve Clement said:
> As to whether the Blacklist should be public or not is up to personal
> believes. I for one think that it should be publicly available to have
> at least a good static reference of the most commonly used phishey sites...
There's no such t
= Abstract =
The Perforce client has a huge gapping security hole by design. It
totally trusts the Perforce server and does whatever the server tells
it, writing arbitrary files.
= Disclaimer =
This is so terribly obvious that I'd be surprised that this is news, but
I couldn't find anything.
no worries, the vulnerability details presented on my blog post were
updated. good work.
On 1/3/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Quoting "pdp (architect)" <[EMAIL PROTECTED]>:
>
> > This finding was originally mentioned by Sven Vetsch, on his blog.
> > This is a very good and qui
php0t wrote:
> How exactly does such data get captured? Somebody placed a link
>
Well the poster of the password link would've done better explaining how
goog mines the data instead of easily disclosing valid e-mail passwords.
This shows yet again how crucial it is to use throw-away password
Quoting "pdp (architect)" <[EMAIL PROTECTED]>:
> This finding was originally mentioned by Sven Vetsch, on his blog.
> This is a very good and quite interesting. Good work.
Sorry about that but that's wrong. All the credits have to go to Stefano Di
Paola and Giorgio Fedon. They presented that stuf
pdp (architect) wrote:
> I will be very quick and just point to links where you can read about
> this issue.
>
> It seams that PDF documents can execute JavaScript code for no
> apparent reason by using the following template:
>
>
> http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:
I will be very quick and just point to links where you can read about
this issue.
It seams that PDF documents can execute JavaScript code for no
apparent reason by using the following template:
http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here
You must understand t
You're forgetting that gmail has a feature to report phishing
messages, that alone could give google quite a list of phishing sites
given its userbase.
-sb
On 1/2/07, moniker monikerd <[EMAIL PROTECTED]> wrote:
>
> i see only two possible ways for google to get this kind of data.
>
> google toolb
On 02 Jan 07, at 12:20, Matias Soler wrote:
> Synopsis: Apache 1.3.37 htpasswd buffer overflow vulnerability
> Version: 1.3.37 (latest 1.3.xx)
>
> Product
> ===
> Apache htpasswd utility
>
> Issue
> =
> A buffer overflow vilnerability has been found, it is dangerous
> only on
> environmen
http://sb.google.com/safebrowsing/update?versio=goog-black-url:1:
version info for each file:
---
[goog-black-enchash 1.15525]
[goog-black-url 1.7755]
[goog-sandbox-text 1.5]
[goog-white-domain 1.19]
[goog-white-url 1.371]
27 matches
Mail list logo