Vendor: HP
Product: Mercury Quality Center
Version: 9.0 build 9.1.0.4352
Vendor Informed: No
HP Mercury Quality Center is test management product for companys to do
software testing and quality insurance.
HP Mercury Quality Center has additional guest command on server which
allows any user who
Hi
The PHP based redirection pages inherits a design flaw in
websites.
This makes it vulnerable to phishing attacks.Look into desired issue at:
http://zeroknock.blogspot.com/2007/04/vulnerable-vectors-in-php-based.html
http://zeroknock.metaeye.org/analysis/
Regards
Zeroknock
__
> http://rawlab.mindcreations.com/codes/exp/oracle/dbms_aq-enqueue.pl
[All work and no play makes bunker a dull boy...]
A problem has occurred during researching about this oracle package.
Because of particular coincidences concentrated on user privileges the
test results disaligned. Actually,
Justin Klein Keane wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I hate to add noise to the wire but this 'vulnerability' has nothing to
> do with PHP. This is a run of the mill exploitation of poorly designed
> software (i.e. trusting user input) that is endemic on the web, but
> i
On Thu, 22 Mar 2007 11:35:18 +0100 Andres Tarasco wrote:
> By default, most Microsoft DNS servers integrated with active directory allow
> insecure dynamic updates for dns records.
This statement is way too broad. Creating an AD-integrated zone in Windows
Server 2003 does create a "secure updates
Get it here
binary:
http://aircash.sourceforge.net/micro-distro-0.2-bin.zip
sources:
http://aircash.sourceforge.net/micro-distro-0.2-src.zip
Regards
Waldo Alvarez
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosu
Dear Denis,
As I told before, this feature/vulnerability related with dynamic dns
updates is known for a long time. My experience has demonstrated that this
weak configuration is very common and extended between most companies and
some of the attack vectors that I exposed were never considered as
> Hi, more information about the patch released April 1st can be found here:
>
> http://zert.isotf.org/
>
> Including:
> 1. Technical information.
> 2. Why this patch was released when eeye already released a third party
> patch.
Has anyone actually checked what this patch does? Who are ZERT and
On 4/3/07, Stefan Kelm <[EMAIL PROTECTED]> wrote:
> Has anyone actually checked what this patch does? Who are ZERT and
> ISOTF respectively ("About ISOTF" at http://www.isotf.org/?page_value=0
> says a lot...)?
>
> ...or is this an April Fool's joke?
The patch is 100% real and it is effective. I'
Microsoft Windows WMF Triggerable Kernel Design Error DoS Vulnerability
iDefense Security Advisory 04.03.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 03, 2007
I. BACKGROUND
The Microsoft Windows kernel controls which processes are allowed to run
and is responsible for accessing
Foresight Linux Essential Advisory: 2007-0006-1
Published: 2007-04-03
Rating: Minor
Updated Versions:
ImageMagick=/[EMAIL PROTECTED]:1-devel//1/6.3.3.5-1-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-5[
References:
https://issues.foresightlinux.org/browse/FL-222
http://lab
Foresight Linux Essential Advisory: 2007-0006-2
Published: 2007-04-03
Updated:
2007-04-03 Fix typo in updated group-dist version
Rating: Minor
Updated Versions:
ImageMagick=/[EMAIL PROTECTED]:1-devel//1/6.3.3.5-1-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.11-5
References:
Hardly.
Don't remember that last Zero day in 2006 do you?
http://www.eweek.com/article2/0,1895,2019162,00.asp
The Zert folks have coded up zero day patches before (VML and WMF
anyone?) and are folks actively out in the community. While I'm not
ready yet to install third party patches on system
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
a/s/l?
I currently reside in Fort Collins, Colorado and I obtained my PhD
from Texas A&M.
- - neal
On Tue, 03 Apr 2007 13:52:42 -0500 "Susan Bradley, CPA aka Ebitz -
SBS Rocks [MVP]" <[EMAIL PROTECTED]> wrote:
>Hardly.
>
>Don't remember that last Ze
Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability
iDefense Security Advisory 04.03.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 03, 2007
I. BACKGROUND
Kerberos is a network authentication protocol. It is used in
client-server systems to provide user authentication b
Foresight Linux Essential Advisory: 2007-0007-1
Published: 2007-04-03
Rating: Informational
Updated Versions:
nas=/[EMAIL PROTECTED]:devel/1.8b-1-2
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.12-1
References:
https://issues.rpath.com/browse/RPL-1155
http://cve.mitre.org/cg
ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-07-012.html
April 3, 2007
-- CVE ID:
CVE-2007-1680
-- Affected Vendor:
Yahoo!
-- Affected Products:
Yahoo! Messenger 8.x
-- TippingPoint(TM) IPS Customer Protection:
TippingPo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1276-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
April 3th, 2007
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200704-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
LS> The Firefox docs say that it doesn't support .ani files for cursors.
LS> How are you exploiting it?
AS> I'll wait until the patch is out before I publish the technique.
AS> As far as I know there are no public ANI exploits for Firefox yet.
So now can you say how Firefox is vulnerable?
Larr
The patch for ANI is out from Microsoft. I'm assuming the question is if we
will see this technique for Firefox exploitation posted now?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry
Seltzer
Sent: Tuesday, April 03, 2007 2:14 PM
To: Alexander Soti
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200704-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200704-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200704-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
The April Chicago 2600/DefCon 312 Meeting is near! The meeting will be Friday,
April 6th at the Neighborhood Boys and Girls Club and will feature much
of the same usual fun that all of you have grown to expect!
NOTE: We have a contest this month! Borrowed from the ShmooCon Crypto
Challange, if you
the source was leaked, and the guys from defcon have been asking websites to
take it down or they take them down (or so rumor has it).
here is the javascript source:
http://www.scheunig.de/news/jikto.txt
=]
--
___
Full-Disclosure - We believe in it.
Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability
iDefense Security Advisory 04.03.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 03, 2007
I. BACKGROUND
The X Window System (or X11) is a graphical windowing system used on
Unix-like systems. It is based on a
Multiple Vendor X Server fonts.dir File Parsing Integer Overflow
Vulnerability
iDefense Security Advisory 04.03.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 03, 2007
I. BACKGROUND
The X Window System (or X11) is a graphical windowing system used on
Unix-like systems. It is based
Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability
iDefense Security Advisory 04.03.07
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 03, 2007
I. BACKGROUND
The X Window System (or X11) is a graphical windowing system used on
Unix-like systems. It is based on
Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP
Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service
Pack 1, and Microsoft W
And there's a patch for that Realtek already to go on the download
site. (read the caveat section). So far all I've seen/heard is that one.
This is patching 7 graphics items not just the one. ...that's 6 more
things the folks that throw at me from those Metasploit modules ;-)
Jason Frisvold w
===
Ubuntu Security Notice USN-449-1 April 04, 2007
krb5 vulnerabilities
CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
===
A security issue affects the following Ubuntu releas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:074
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:075
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:076
http://www.mandriva.com/security/
___
Alex had said that he was exploiting this bug on Firefox, even though
the Firefox docs say it should be impossible. I'm just trying to
understand how his claims are possible.
There's no reason to believe the Firefox developers need to do anything.
IE, for example, is fixed when the ANI code in GDI
Larry Seltzer wrote:
> Alex had said that he was exploiting this bug on Firefox, even though
> the Firefox docs say it should be impossible. I'm just trying to
> understand how his claims are possible.
>
> There's no reason to believe the Firefox developers need to do anything.
> IE, for example,
>>Larry, why are you so curious about how this exploit works?
Because the Firefox docs say they don't support ANI files for cursors
and I can't get any non-malicious ones to work in it. I have to admit
I'm having trouble getting them to work in IE now too.
What's wrong with this code?
BODY{c
>>Firefox doesn't support ANI files for cursors. If the exploitation
method was so obvious, we would already have Firefox exploits in the
wild, wouldn't we?
I don't know. I'll have to think about how else you would get it to use
an ANI. There's no Flash involved, is there?
>>Maybe the url should
Larry Seltzer wrote:
>>> Larry, why are you so curious about how this exploit works?
>
> Because the Firefox docs say they don't support ANI files for cursors
> and I can't get any non-malicious ones to work in it. I have to admit
> I'm having trouble getting them to work in IE now too.
That's c
George Ou wrote:
> The patch for ANI is out from Microsoft. I'm assuming the question is if we
> will see this technique for Firefox exploitation posted now?
Why? That would needlessly put Firefox users at risk -- not everyone will
be able to apply the Windows patch immediately. Microsoft may hav
Hello:
I see that today I'm getting downloads from the website. Incredible
yesterday (1:27 am here in -5 GMT) got more than the first day. Well anyway
that could be maybe because people doesn't know that the Microsoft patch is
out there or... just want to see. Who knows? Well previous versions we
42 matches
Mail list logo
