Re: [Full-disclosure] selling windows & linux exploits

A fool and his money are two things that I would like to meet too. Geoff Sent from my BlackBerry wireless handheld. -Original Message- From: <[EMAIL PROTECTED]> Date: Thu, 26 Jul 2007 21:24:20 To: Subject: [Full-disclosure] selling windows & linux exploits I'm sending windows exploit

[Full-disclosure] selling windows & linux exploits

I'm sending windows exploit for some applications (winrar, winzip, office, iis) and some linux local root also. mail me for me informations. no list given, please just precise which exploit you want. Regards, Gerard H. -- HASH(0x8bd6f1c) HASH(0x8e6ddf8) http://tagline.hushmail.com/fc/Ioyw6h4e

[Full-disclosure] iDefense Security Advisory 07.26.07: IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability

IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability iDefense Security Advisory 07.26.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 26, 2007 I. BACKGROUND The capture program is a setuid root application, installed by default under multiple versions of IBM AIX,

Re: [Full-disclosure] [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory

Regarding the JWIG issue: this seems more like a description of a *class* of vulnerabilities that could apply to an application written in JWIG, if the application allows an attacker to influence the contents of a template (which seems quite possible). CVE does not handle vulnerability classes (t

[Full-disclosure] iDefense Security Advisory 07.26.07: IBM AIX pioout Arbitrary Library Loading Vulnerability

IBM AIX pioout Arbitrary Library Loading Vulnerability iDefense Security Advisory 07.26.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 26, 2007 I. BACKGROUND The pioout program is a setuid root application, installed by default under multiple versions of IBM AIX, that is used to i

[Full-disclosure] WordPress wp-feedstats persistent XSS

A persistent XSS vulnerability was found in wp-feedstats < 2.4 by David Kierznowski of GNUCITIZEN. Details: http://blogsecurity.net/wordpress/news-260707/ ___ Full-Disclosure - We believe in it. Charter: http://lists.gro

Re: [Full-disclosure] [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory

[sorry for any duplication] Regarding the JWIG issue: this seems more like a description of a *class* of vulnerabilities that could apply to an application written in JWIG, if the application allows an attacker to influence the contents of a template (which seems quite possible). CVE does not ha

Re: [Full-disclosure] Hash

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26-Jul-07, at 7:17 PM, Ronald MacDonald wrote: > On 27/07/07, Tremaine Lea <[EMAIL PROTECTED]> wrote: >> Apparently you've never heard of a mail administrator tagging >> outbound email for all users. It's pretty common. Of course, you may >> lack

Re: [Full-disclosure] Hash

On 27/07/07, Tremaine Lea <[EMAIL PROTECTED]> wrote: > Apparently you've never heard of a mail administrator tagging > outbound email for all users. It's pretty common. Of course, you may > lack the experience of dealing with large companies. > > Have a nice day. > > - --- > Tremaine Lea > Network

Re: [Full-disclosure] Hash

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> This message is confidential. ... > > Yet you wilfully and knowingly posted it to a public-access mailing > list with tens of thousands of subscribers and that is well-known > to be > archived in many places across the net? > > You must be a

[Full-disclosure] iDefense Security Advisory 07.26.07: IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities

IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities iDefense Security Advisory 07.26.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 26, 2007 I. BACKGROUND The ftp program is a client application for accessing data stored on FTP servers. This client is responsible for inter

[Full-disclosure] RIDICULOUS

http://www.google.com/safebrowsing/report_phish/Captcha?id=0&continu e=http%3A%2F%2Fwww.YAHOO.com&url=http%3A%2F%2FNOTHING&dq=&submit=Sub mit+Report -- HASH(0x8bca418) HASH(0x8cdb730) http://tagline.hushmail.com/fc/Ioyw6h4d84nqX3Jmz1mS4Fz1EfYHIoYCOs54AaB0X7A2sHCp99KAwY/ __

Re: [Full-disclosure] windows arp dos

On 7/25/07, " Knud Erik H?jgaard " <[EMAIL PROTECTED]> wrote: > Tested on xp sp2 and vista., screenshot and .pl attached. There are > quite a few ways to improve this, for example rate limiting the packet > sending so as to not over-send, multiple targets and stuff like that. > However, that means

Re: [Full-disclosure] Hash

Oh Nick, you're so dreamy! J On Thu, 26 Jul 2007 19:20:27 -0400 Nick FitzGerald <[EMAIL PROTECTED] l.demon.co.uk> wrote: >shadown wrote: > >> Just some hashed for the record. >> >> CA eTrust (vulnpack): >> md5:919a7645a07aafb388af00e9b39d21bf >> sha-1:b21f31892fff9de9bd6933850a66587786896fa1 >>

[Full-disclosure] FLEA-2007-0034-1:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0034-1 Published: 2007-07-26 Rating: Major Updated Versions: lighttpd=/[EMAIL PROTECTED]:devel//1/1.4.15-0.3-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.6-2 References: https://issues.rpath

[Full-disclosure] Hash

Just some hashed for the record. CA eTrust (vulnpack): md5:919a7645a07aafb388af00e9b39d21bf sha-1:b21f31892fff9de9bd6933850a66587786896fa1 SHA-256:66fd618e17bfe7db223f9547df15763d8246a49bbd6bbd7aee01964f2537bf86 -- Sergio Alvarez Security, Research & Development IT Security Consultant email: [EM

Re: [Full-disclosure] Hash

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You're kidding. You must not have been receiving the list in the last 24 hours then ;) Cheers, - --- Tremaine Lea Network Security Consultant Intrepid ACL "Paranoia for hire" On 26-Jul-07, at 9:16 PM, [EMAIL PROTECTED] wrote: > I've heard of g

Re: [Full-disclosure] Hash

I've heard of grammar Nazi's lurking on lists, but now we have signature Nazi's too? Haven't you all got something else better to do like finding an exploit or something rather than bicker over something that amounts to little more than a tag line? Cripes, this has to be the stupidest argument

Re: [Full-disclosure] Hash

Tremaine Lea wrote: > Sure, it's possible. Possibly Sergio is lazy. As he sent it via > gmail's auth smtp servers and not from webmail, it's just as possible > it happened in his mail client. And he still could have, and should have edited it. > And all of that aside, who cares? We see sig

Re: [Full-disclosure] Hash

shadown wrote: > Just some hashed for the record. > > CA eTrust (vulnpack): > md5:919a7645a07aafb388af00e9b39d21bf > sha-1:b21f31892fff9de9bd6933850a66587786896fa1 > SHA-256:66fd618e17bfe7db223f9547df15763d8246a49bbd6bbd7aee01964f2537bf86 Cool -- thanks for that info... > -- > Sergio Alvarez >

Re: [Full-disclosure] Hash

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26-Jul-07, at 8:52 PM, Peter Besenbruch wrote: > Tremaine Lea wrote: >> Sure, it's possible. Possibly Sergio is lazy. As he sent it via >> gmail's auth smtp servers and not from webmail, it's just as possible >> it happened in his mail client. >

Re: [Full-disclosure] [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

> -Original Message- > From: Williams, James K > Sent: Tuesday, July 24, 2007 7:56 PM > To: 'full-disclosure@lists.grok.org.uk' > Subject: [CAID 35525, 35526]: CA Products Arclib Library > Denial of Service Vulnerabilities > > Title: [CAID 35525, 35526]: CA Products Arclib Library Deni

Re: [Full-disclosure] Hash

Nick FitzGerald wrote: > shadown wrote: > > >> Just some hashed for the record. >> >> CA eTrust (vulnpack): >> md5:919a7645a07aafb388af00e9b39d21bf >> sha-1:b21f31892fff9de9bd6933850a66587786896fa1 >> SHA-256:66fd618e17bfe7db223f9547df15763d8246a49bbd6bbd7aee01964f2537bf86 >> > > Cool -- th

[Full-disclosure] [SECURITY] [DSA 1342-2] New bind9 packages fix DNS cache poisoning

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1341-2[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff July 25th, 2007