Hello,
A new research from Watchfire has revealed a serious vulnerability in
Google Desktop.
The attack, which is fully presented in a new Watchfire research paper
released today (available at
http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf), can
allow a malicious individual to a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:044
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:045
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:046
http://www.mandriva.com/security/
___
On 2/15/07, iDefense Labs <[EMAIL PROTECTED]> wrote:
>
> The discoverer of this vulnerability wishes to remain anonymous.
And the reason can be found here:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=133
Great "discovery"!
___
Full-Disclosure - We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Got an email today that was crafted to look like it came from Bank of
America, the message contained the following:
Because of unusual number of invalid login attempts on you account, we
had to believe that, their might be some security problem on
===
Ubuntu Security Notice USN-424-1 February 21, 2007
php5 vulnerabilities
CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909,
CVE-2007-0910, CVE-2007-0988
===
A secur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified IP Conference Station and IP
Phone Vulnerabilities
Advisory ID: cisco-sa-20070221-phone
http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml
Revision 1.0
For Public Release 2007 February 21 1600
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in 802.1X Supplicant
Advisory ID: cisco-sa-20070221-supplicant
http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml
Revision 1.0
For Public Release 2007 February 21 1600 UTC
###
Luigi Auriemma
Applications: games developed by SimBin Development Team
http://www.simbin.se
Versions: GTR - FIA GT Racing Game <= 1.5.0.0
Weakness in Full Disclosure mailing list allows morons to flourish
Vulnerable: The entire mailing list
Severity: Critic-Ill
Classification: Loser Validation
BugTraq-ID: TBA
CVE-Number: TBA
Remote Exploit: YUP
Local Exploit: YUP
Vendor URL: http://lists.grok.org.uk
Author: Mai Long Wang
Scheduled Re
This is quite interesting although it is a concept that has been
developed on sla.ckers.org some time ago. I love the presentation...
brilliant.
On 2/21/07, Yair Amit <[EMAIL PROTECTED]> wrote:
> Hello,
>
> A new research from Watchfire has revealed a serious vulnerability in
> Google Desktop.
>
>
> Full disclosure has also introduced other types of clowns who spam up
> legitimate users' email boxes with moronic responses fired off in
> desperation in attempts to boost the clown's ego.
Should the irony of the fact that this is exactly what you just did be
lost on me?
On Wed, 21 Feb 2007,
-=[ADVISORY---]=-
Call center 0,93
Author: CorryL[EMAIL PROTECTED]
-=[---]=-
-=[+] Applica
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:047
http://www.mandriva.com/security/
___
Dear Marc,
This is hilarious, should there ever be a Top10 of the most weird bugs,
this surely is one of them, repost for pure amusement :
Solaris 2.6, 7, and 8 /bin/login has a vulnerability involving the
environment variable TTYPROMPT. This vulnerability has already been
reported to BugTraq
On 2/22/07, Michal Zalewski <[EMAIL PROTECTED]> wrote:
> There is an interesting vulnerability in how Firefox handles bookmarks.
> The flaw allows the attacker to steal credentials from commonly used
> browser start sites (for Firefox, Google is the seldom changed default;
> that means exposure of
Dear phishers,
If ever you need someone to help you with your spelling and grammar to make
your phishing emails just a bit convincing, drop me a mail and I will
proof-read your scam texts. I have a degree in English and I was regularly
top of my class for spelling. Whilst I do not doubt your tech
Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability
iDefense Security Advisory 02.16.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 16, 2007
I. BACKGROUND
Trend ServerProtect is an Anti-virus application designed to run on file
servers to catch viruses befor
There is an interesting vulnerability in how Firefox handles bookmarks.
The flaw allows the attacker to steal credentials from commonly used
browser start sites (for Firefox, Google is the seldom changed default;
that means exposure of GMail authentication cookies, etc).
The problem: it is relativ
michal, is that a feature or a bug? maybe it is not obivous to me what
you are doing but it i feel that it is almost like asking the user to
bookmark a bookmarklet. of course it is a security problem if you
execute untrusted bookmarklet on a page :).
On 2/21/07, Michal Zalewski <[EMAIL PROTECTED]>
On Thu, 22 Feb 2007, pdp (architect) wrote:
> michal, is that a feature or a bug? maybe it is not obivous to me what
> you are doing but it i feel that it is almost like asking the user to
> bookmark a bookmarklet.
Bookmarklets should be bookmarkable only manually, with user knowledge and
consent
There seems to be some confusion regarding the exact impact of the
location.hostname vulnerability, and the ways to protect against it. I
wanted to offer a quick clarification.
1) Cookie setting (session fixation) attacks can be executed universally
and with no restrictions. This is demonst
===
Ubuntu Security Notice USN-425-1 February 22, 2007
slocate vulnerability
CVE-2007-0227
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6
Yes yes! They will make sure of course however the dumb person that falls
for it thinks "hey look Bank Of America" can't spell heheheh
On 2/21/07, James Rankin <[EMAIL PROTECTED]> wrote:
Dear phishers,
If ever you need someone to help you with your spelling and grammar to
make your phishing em
to forgive me but if you will be going to call peoples in the list morons
because they affix the posts constantemente to feed egos can you at least
mentioning gadi enron and valdis kletnieks for the names ? perhaps perhaps
also you do not realize that this list does not have nothing absolutamente
On 2/22/07, Michal Zalewski <[EMAIL PROTECTED]> wrote:
> There is an interesting vulnerability in how Firefox handles bookmarks.
> The flaw allows the attacker to steal credentials from commonly used
> browser start sites (for Firefox, Google is the seldom changed default;
> that means exposure o
Hey, there is a passwords.txt showing on the 3rd slide :) intentional?
;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of pdp
(architect)
Sent: Wednesday, February 21, 2007 5:03 PM
To: Yair Amit
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-dis
Yea he uses it later in the video, you see him pull it up in the attack, and
read it. One would assume it is fake.
-Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steven
Scheffler
Sent: Thursday, February 22, 2007 1:23 AM
To: pdp (architect); Yair
On Thu, 22 Feb 2007, Steve Ragan wrote:
> Yea he uses it later in the video, you see him pull it up in the attack, and
> read it. One would assume it is fake.
[lights dim, sinister accords play]
...OR IS IT?
/mz
___
Full-Disclosure - We believe in
===
Ubuntu Security Notice USN-426-1 February 22, 2007
ekiga, gnomemeeting vulnerabilities
CVE-2007-1006, CVE-2007-1007
===
A security issue affects the following Ubuntu releas
31 matches
Mail list logo
