-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Even better ,if you push a hash on us,do tell whether it's a 0-day or a
known exploit.
Regards,
Redhowlingwolves
__
It's all about (IN)Security
http://www.hacking-passion.com
Brian Eaton wrote:
> On 6/27/07,
On 6/27/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> For the love of god people can we stop with the hashing already?
The hashes would be less annoying if they had an easily filtered subject line.
Let me suggest that anyone who wants to publish a hash of
vulnerability report on full disclos
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ITEM #1]
md5: f003f211097296b2550fe760b0a15b56
sha1: 0e5d518cb65a403ef9261865727f9be8b9b8faa1
sha256:
e5ac98012e4943b081065f9fa968a862876d64e96ba54c06e7e305114970870f
[ITEM #2]
md5: da39ec93068bb4ec75c65ce647fa32ef
sha1: c2befeaad596b67d2d6c8297be5b4
> For the love of god people can we stop with the hashing already?
hmm... i like hash ( and cake )
can we have a Month of Hash Cakes?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and spons
--On June 27, 2007 3:27:28 PM -0400 "Adriel T. Desautels"
<[EMAIL PROTECTED]> wrote:
Paul,
Specifically what are you looking for?
As I mentioned earlier, I'm not interested in DoSes. I'm looking at how
to hack a Polycom to use it to infect users, perhaps be a C&C for a
botnet, that sor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0029-1
Published: 2007-06-27
Rating: Critical
Updated Versions:
krb5=/[EMAIL PROTECTED]:devel//1/1.4.1-7.7-1
krb5-workstation=/[EMAIL PROTECTED]:devel//1/1.4.1-7.7-1
group-dist=/[EMAIL PROTECTED]:1
For the love of god people can we stop with the hashing already?
> Such research was done by pdp (architect) and myself. We informed the
> vendor and will publish the details when a fix is available.
>
> The following is the MD5 hash for the advisory file.
>
> $ md5sum.exe research.txt
> 3db1d
rPath Security Advisory: 2007-0136-1
Published: 2007-06-27
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
httpd=/[EMAIL PROTECTED]:devel//1/2.0.59-0.7-1
mod_ssl=/[EMAIL PROTECTED]:devel//1/2.0.59-0.7-1
Refer
rPath Security Advisory: 2007-0135-1
Published: 2007-06-27
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated Versions:
krb5=/[EMAIL PROTECTED]:devel//1/1.4.1-7.7-1
krb5-server=/[EMAIL PROTECTED]:devel//1/1.4.1-7
On 6/27/07, Pete Simpson <[EMAIL PROTECTED]> wrote:
> ...
> After all few educated individuals would be likely to be so pretentious
> as to declare themselves as both Dr and PhD?
lol
it is the Standford envy; for the A&M philosopher must shore up his
fine credentials lest the authority and expert
On 6/27/07, Dr. Neal Krawetz PhD <[EMAIL PROTECTED]> wrote:
> We heard you the first time, gobbles aka n3td3v.
the ruse has died since jt5944 spoiled the fun. ~_~;
try forging the hush.mac.com addr? oh well, i myself would avoid this
list after equating full disclosure with extortion and terror
I haven't followed all of this rather strange thread, but I wonder if
n_td_v, gobble_ and the venerable Doctor may be one and the same group?
After all few educated individuals would be likely to be so pretentious
as to declare themselves as both Dr and PhD? As if we might confuse the
guy, on this
I believe this makes you the fool.
- doc neal, phd
http://www.hackerfactor.com/blog/
On Wed, Jun 27, 2007 at 11:07:11PM +0100, pagvac wrote:
> I didn't intend to send it twice.
>
> On 6/27/07, Dr. Neal Krawetz PhD <[EMAIL PROTECTED]> wrote:
> >We heard you the first time, gobbles aka n3td3v.
>
We heard you the first time, gobbles aka n3td3v.
- doc neal
http://www.hackerfactor.com/blog/
On Wed, Jun 27, 2007 at 10:49:25PM +0100, pagvac wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Nice look up to http://unknown.pentester.googlepages.com/sitemap.xml
>
> If you bothered th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nice look up to http://unknown.pentester.googlepages.com/sitemap.xml
If you bothered that much you deserve the advisory I guess :-D.
btw, I didn't know google pages have sitemap.xml enabled by default.
So no hash cracking here, just to set things st
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nice look up to http://unknown.pentester.googlepages.com/sitemap.xml
If you bothered that much you deserve the advisory I guess :-D.
btw, I didn't know google pages have sitemap.xml enabled by default.
So no hash cracking here, just to set things s
Ha ;) The question is are they really hashes?
On 6/27/07, Jared DeMott <[EMAIL PROTECTED]> wrote:
Dr. Neal Krawetz PhD wrote:
> Send it over here. The picture, not the hash. I have the technologies
> to determine whether the image is computer generated, digitally altered,
> or legitimately a
netVigilance Security Advisory #31
eTicket version 1.5.5 XSS Attack Vulnerability
Description:
eTicket is an electronic (open source) support ticket system based on osTicket,
that can receive tickets via email (pop3 or pipe) and a web-based form, as
well as manage them using a web interface.
Succ
netVigilance Security Advisory #30
eTicket version 1.5.5 Path Disclosure Vulnerability
Description:
eTicket is an electronic (open source) support ticket system based on osTicket,
that can receive tickets via email (pop3 or pipe) and a web-based form, as
well as manage them using a web interface.
After plugging this hash into John The Ripper, I was able to
reproduce the text of the original advisory. It follows in
entirety. For those wishing to verify the hash provided by the
architect, I have also included the advisory in attachment form as
a convenience for the skeptics who say MD5 ca
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1322-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
June 27th, 2007
Due to your extreme uncooperativeness, I will be attempting to
brute force the contents of this advisory in the meantime. Thank
you.
J
On Wed, 27 Jun 2007 16:29:43 -0400 pagvac
<[EMAIL PROTECTED]> wrote:
>The file "research.txt" will be provided once the vendor fixes the
>issues. At that point a
Please provide the original content of research.txt so I can verify
that the hash is correct. I will also need the hash of your
md5sum.exe. Thanks.
J
On Wed, 27 Jun 2007 16:02:16 -0400 pagvac
<[EMAIL PROTECTED]> wrote:
>The HTTP interface of a network appliance has been researched and
>found t
Dr. Neal Krawetz PhD wrote:
> Send it over here. The picture, not the hash. I have the technologies
> to determine whether the image is computer generated, digitally altered,
> or legitimately a real picture!
>
> These technologies shall be unveiled at Blackhat during my presentation.
> Sometimes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The HTTP interface of a network appliance has been researched and
found to be vulnerable to several persistent XSS and CSRF.
Such research was done by pdp (architect) and myself. We informed the
vendor and will publish the details when a fix is availa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The HTTP interface of a network appliance has been researched and
found to be vulnerable to several persistent XSS and CSRF.
Such research was done by pdp (architect) and myself. We informed the
vendor and will publish the details when a fix is avail
Send it over here. The picture, not the hash. I have the technologies
to determine whether the image is computer generated, digitally altered,
or legitimately a real picture!
These technologies shall be unveiled at Blackhat during my presentation.
Sometimes it is difficult to determine which ass
> :. GOODFELLAS Security Research TEAM .:
> :. http://goodfellas.shellcode.com.ar .:
>
> hpqxml.dll 2.0.0.133 from HP Digital Imaging Arbitary Data Write
> ===
>
> Internal ID: VULWAR200706275.
>
> Introduction
>
> hpqxml.dll is a library includ
I agree with Debasis.
I spent a year and a half in an Infosec Office doing code audits for
E-Commerce web apps. I tried various open source automated tools and found
that most of them missed the vast majority of exploitable vulnerabilities.
In my experience, nothing beats a line-by-line analysis
LOLOLOLOLOLOL
On Wed, 27 Jun 2007 17:50:55 -0400 Brian Mariani - Shellcode SRL
<[EMAIL PROTECTED]> wrote:
>Lolololololololololololo too
>
>-Message d'origine-
>De : [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] De la part de
>Joey
>Mengele
>Envoyé : mercredi, 27. juin 2007 20:18
>À : [E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Andy Davis <[EMAIL PROTECTED]> [2007-06-27 06:07] wrote:
> It has been more than a year since Michael Lynn first demonstrated a reliable
> code execution exploit on Cisco IOS at Black Hat 2005. Although his
> presentation received a lot of media cove
lolololol
On Wed, 27 Jun 2007 13:48:45 -0400 Jared DeMott <[EMAIL PROTECTED]>
wrote:
>Month of Random Hashes wrote:
>> [ITEM #1] == my hinney
>> sha1: a25d7360e1294a6a6242ed4621d5d73347ea6398
>Took a picture of my backend and would like to post the hash.
>
>__
Month of Random Hashes wrote:
> [ITEM #1] == my hinney
> sha1: a25d7360e1294a6a6242ed4621d5d73347ea6398
Took a picture of my backend and would like to post the hash.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosu
> What program(s) do you use in static code analysis? It doesn't matter if
> you are a hardcore grep+editor researcher or if you use complex
> frameworks: Tell me (and also the rest of the list) about it.
Secure code review is one of the most mis-guided field where many
security folks talks only a
http://christ1an.blogspot.com/2007/06/planet-websecurityorg-is-launching.html
Those of you who have spoken to me recently may already be aware of this
project,
but for those who don't, I am pleased to announce the launch of Planet
Websecurity,
founded with the intention to bring together similar
Interesting use of Ajax/ Web 2.x by scammers
hxxp://scanner.malwarealarm.com/5/scan.php
Please replace hxxp by http
It detected around 18 infections of Windows Malware on my GNU/ Linux machine
for the following and more malware listed in this file:
http://scanner.malwarealarm.com/5/fileslist.j
Louhi Networks Oy
-= Security Advisory =-
Advisory: Checkpoint VPN-1 UTM Edge Cross Site Request Forgery
Release Date: 2007/06/26
Last Modified: 2007/06/26
Authors: Henri Lindberg, Associate of (ISC)² [EMAIL PROTECTED]
Source: http://securityreason.com/achievement_securityalert/45
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability ]
Author: Maksymilian Arciemowicz (cXIb8O3)
SecurityReason
Date:
- - Written: 10.02.2007
- - Public:
Security Advisory
-
Title: deviantArt does not check authorization for image download
Risk Rating: High
Platforms: Any
Author: Timothy Redaelli <[EMAIL PROTECTED]>
Date: 27-06-2007
Overview
deviantArt does not apply any type of authorization checki
It has been more than a year since Michael Lynn first demonstrated a
reliable code execution exploit on Cisco IOS at Black Hat 2005. Although
his presentation received a lot of media coverage in the security
community, very little is known about the attack and the technical
details surrounding the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Source: http://securityreason.com/achievement_securityalert/45
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass
Vulnerability ]
Author: Maksymilian Arciemowicz (cXIb8O3)
Securit
Michal Zalewski wrote:
> Whether Safari devs are to blame here exclusively, I'm not sure - IDN
> concept is by itself pretty evil, and this can be viewed simply a clever
> take on homograph attacks.
I found out that firefox has a configuration property:
network.IDN.blacklist_chars. It includes th
42 matches
Mail list logo
