On Wed, Jun 06, 2007 at 05:13:54PM -0300, Daniel Cid wrote:
DenyHosts, Fail2ban and BlockHosts are vulnerable to remote log injection
that can lead to arbitrarily injection of IP addresses in /etc/hosts.deny. To
make it more interesting, not only IP addresses can be added, but
also the wild
Dear all,
for your information.
RUS-CERT Security Announcement 2007-06:01 (1380)
The built-in Mini Switch in Alcatel-Lucent's IP-Touch Telephones under
OmniPCX
Application: Space4k
Web Site: http://www.space4k.[pl|fr|com|de|it]
Bug: XSS (Cross site Scripting)
Discoverer: Florian Stinglmayr
Date: 2007-06-07
--
Description:
Space4K is a massive multiplayer online game game
[
[--
[
[Message: 2
[Date: Wed, 6 Jun 2007 20:23:25 -0400
[From: Larry Seltzer [EMAIL PROTECTED]
[Subject: Re: [Full-disclosure] You shady bastards.
[To: full-disclosure@lists.grok.org.uk
[Message-ID:
[ [EMAIL PROTECTED]
[Content-Type: text/plain;
The key is *personal* e-mail. It's not unreasonable for any
company to assume their e-mail systems are used primarily for
business purposes. The e-mail doesn't indicate it's personal. It
doesn't say, Your Ghonorrhea test results have come back! Click
here for the results. The e-mail has no
On Wednesday 06 June 2007 11:06, Tim wrote:
Sorry H.D., it most likely isn't illegal.
I agree. But still sleazy.
cheers,
--dr
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
[EMAIL PROTECTED] wrote:
So I take it that law enforcement computer examiners and prosecutors *do* have
the years of experience in software engineering and exploit construction and
use, to qualify them to translate a bit of data into forensic evidence of guilt?
Catch 22. This is why
Any company email adress is primarily intended for company related issues.
Even the company in question allows you to use it for personal issues,
it's still mainly intented for company use.
An email adressed to, up until recently employed, security researcher,
HR drone or sales assistant, Elmer
Ayup, true enough re jury confusion.
Once a machine has had a malware infection though, the point a layman needs to
understand is simply: it is not possible in under (a large number, maybe 1000)
man
years) to determine that the machine has not been remotely controllable if
connected
to an
Hi Tavis,
Reply inline.
On 6/7/07, Tavis Ormandy [EMAIL PROTECTED] wrote:
These aren't exactly 0-day, I discussed several of these attacks last
year, such as CVE-2006-6301, and informed the authors that there were
undoubtedly more attacks against these tools. This topic is a favourite
rant
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer
Overflow Vulnerabilities
CA Vuln ID (CAID): 35395, 35396
CA Advisory Date: 2007-06-05
Reported By: ZDI
Impact: Remote attackers can cause a denial of service or
potentially execute
cannot reproduce..
yahoo IM versions
6.0.0.1922
8.1.0.249
DCE2F8B1-A520-11D4-8FD0-00D0B7730277
ywcupl.dll
versions 2.0.1.2 and 2.0.1.4
9D39223E-AE8E-11D4-8FD3-00D0B7730277
ywcvwr.dll
versions 2.0.1.3 and 2.0.1.4
___
Full-Disclosure - We believe in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
Debian Security Advisory DSA 1299-1[EMAIL PROTECTED]
http://www.debian.org/security/ dann frazier
June 7th, 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
what's more stupid? a bunch of l33+ defcon security conference
attendees too stupid to read a distribution list before sending
sentive information or stupid rantings about big bad capitalistic
corporations?
- ---
“You don't have to be a man to fight
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1300-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
June 7th, 2007
What's the point of a disclosure you can't reproduce?
aaargh, pest!
On 07/06/07, Morning Wood [EMAIL PROTECTED] wrote:
cannot reproduce..
yahoo IM versions
6.0.0.1922
8.1.0.249
DCE2F8B1-A520-11D4-8FD0-00D0B7730277
ywcupl.dll
versions 2.0.1.2 and 2.0.1.4
DeepSec In-Depth Security Conference 2007 Europe - Nov 20-23 2007 -
Vienna, Austria
http://deepsec.net/
Second Call for Papers
We're inviting you to submit papers and proposals for trainings for
the first annual DeepSec security conference.
We've been able to get some really good submissions,
Corrected and working:
I am very sorry! Please check again
Exploit #1
new versions:
9D39223E-AE8E-11D4-8FD3-00D0B7730277
success yahoo version 8.1.0.249
Exploit #2:
no success ( black box in IE )
1 for 2 come on danny!!!
___
Exploit #2:
working now..
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
rPath Security Advisory: 2007-0117-1
Published: 2007-06-07
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Denial of Service
Updated Versions:
gd=/[EMAIL PROTECTED]:devel//1/2.0.33-4.4-1
php=/[EMAIL PROTECTED]:devel//1/4.3.11-15.11-1
20 matches
Mail list logo
