Re: [Full-disclosure] Tel Aviv University Security Forum - 18th of March

The site is in english (at least the points on the map) all it shows is where the lecture is! On 3/16/07, Hakuna Matata <[EMAIL PROTECTED]> wrote: is there any English version of this site available --Hakuna On 3/16/07, Gadi Evron <[EMAIL PROTECTED]> wrote: > TAUSEC - The Security Forum, host

[Full-disclosure] TOOL: LLTD implementation in Perl

Hello list, I just released a LLTD (Link Layer Topology Discovery Protocol) implementation written in Perl (using Net::Frame framewwork). Also, the OSPF implementation used to write the OSPF Attack Shell has also been released (see www.gomor.org). You may use this two modules to write fuzzers,

Re: [Full-disclosure] Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability

On 3/15/07, Ismail Dönmez <[EMAIL PROTECTED]> wrote: > On Thursday 15 March 2007 04:26:29 James Matthews wrote: > > and you would think some bugs we got rid of in open source software! > > str{cpy,cat,...} which don't take an size attribute should be removed from > standard libc, I don't see why pe

[Full-disclosure] OWASP Spring of Code 2007

Following the success of last year's OWASP Autumn of Code(AoC 06) we are are now launching the OWASP Spring of Code 2007(SpoC 007) with more budget, more energy and more expectation

Re: [Full-disclosure] Tel Aviv University Security Forum - 18th of March

On Fri, 16 Mar 2007, Hakuna Matata wrote: > is there any English version of this site available > Sorry, no. > --Hakuna Gadi. -- "beepbeep it, i leave work, stop reading sec lists and im still hearing gadi" - HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007. __

[Full-disclosure] Double Trap XSS Injection : An Analysis

Hi all This analysis will enable you to the different realm of XSS injection attacks. No XSS cheatsheat is used in this. I am presenting the full analysis of it. The demonstration target is SecTheory security consultation website. This process goes in both ways. This will throw light on the tro

[Full-disclosure] [ MDKSA-2007:063 ] - Updated libwpd packages to address heap overflow vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:063 http://www.mandriva.com/security/ ___

[Full-disclosure] [ MDKSA-2007:064 ] - Updated openoffice.org packages to address libwpd heap overflow vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:064 http://www.mandriva.com/security/ ___

Re: [Full-disclosure] tinyurl.com - Local Clipboard

On Thu, Mar 15, 2007 at 12:30:48PM -0500, Shaun wrote: > I took a quick look and it appears that they aren't trying to read the > clipboard, they're trying to write the generated tinyurl to it for the > folks who are too lazy to control-c it out of the page. Annoying to have > your clipboard conten

[Full-disclosure] Call For Papers - IT Underground Dublin

Dear Specialists, Call For Papers for IT Underground 2007 - Dublin edition is now open. We kindly invite you as a speaker to our conference to come and share your experiences and insights about IT Security. Prepare your BYOL (Bring Your Own Laptop) presentation or a lecture to pass your knowled

[Full-disclosure] iDefense Security Advisory 03.16.07: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities

Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities iDefense Security Advisory 03.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 16, 2007 I. BACKGROUND libwpd is a C++ library used to decode and encode word perfect documents. It is commonly used as a plug-in in word

[Full-disclosure] [NETRAGARD-20070316 SECURITY ADVISORY][FrontBase Database <= 4.2.7 ALL PLATFORMS][REMOTE BUFFER OVERFLOW CONDITION][LEVEL: EASY][RISK:MEDIUM]

-- "We make I.T. Safe." [Advisory Information] - --- Contact : Adriel T. Desautels Researcher : Kevin Finisterre Advisory ID : NETRAGARD-20070316 Pr

[Full-disclosure] [ GLSA 200703-15 ] PostgreSQL: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 200703-14 ] Asterisk: SIP Denial of Service

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 200703-16 ] Apache JK Tomcat Connector: Remote execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] rPSA-2007-0056-1 gnupg

rPath Security Advisory: 2007-0056-1 Published: 2007-03-16 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect Deterministic Weakness Updated Versions: gnupg=/[EMAIL PROTECTED]:devel//1/1.4.7-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=

[Full-disclosure] rPSA-2007-0057-1 libwpd

rPath Security Advisory: 2007-0057-1 Published: 2007-03-16 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: libwpd=/[EMAIL PROTECTED]:devel//1/0.8.9-1-0.1 References: http://www.cve.mitre.org/cgi-bin/