Use the -sV --version-all options to determine version/service info
for each port.
On 9/21/07, scott [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Did this particular person,or persons know what you were going to do?
Looks like a honeypot,to me.
Been wrong
Surely you mean dalnet :)
I'm in favor of booting them all off the list. Let 'em keep their flame
wars on EFNet.
Geoff
Sent from my BlackBerry wireless handheld.
___
Full-Disclosure - We believe in it.
Charter:
Please be careful labeling something as vulnerabilities when they
aren't. You've described software bugs which should be reported to the
maintainer, none of them so far as I can see are vulnerabilities or
exploits.
___
Full-Disclosure - We believe in
back online - too many users ..
On 9/21/07, Rohit Srivastwa [EMAIL PROTECTED] wrote:
And your website is down at this moment
http://www.gnucitizen.org/ 403
http://www.gnucitizen.org/blog/ 403
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows 404
Is it a reverse attack by someone
Hi,
Too interesting and dangerousLast couple of months there were PDF
spamming (Stocks Information) all over the internet..I analyzed those PDF i
didn't find any such thingDid you checked them? Are they related to any
vulnerability?
Regards,
Taneja Vikas
http://annysoft.wordpress.com
Colin Alston wrote:
Please be careful labeling something as vulnerabilities when they
aren't. You've described software bugs which should be reported to the
maintainer, none of them so far as I can see are vulnerabilities or
exploits.
I can see crashbugs, operfloods, channel takeovers
Dear Lamer Buster,
Thanks for busting some lamers but now the situation in FD is going
out of hands. I seriously do not think that it is worth increasing the
noise in the list just to prove that Aditya K Sood is an idiot. We
already know he is. I am sure none of us take Aditya seriously because
Can't we all just get along? Now let's all have a nice giant group hug ;)
Geoff
Sent from my BlackBerry wireless handheld.
-Original Message-
From: Jimby Sharp [EMAIL PROTECTED]
Date: Fri, 21 Sep 2007 15:24:36
To:Nikolay Kichukov [EMAIL PROTECTED]
Cc:[EMAIL PROTECTED], Aditya K Sood
ThinkSECURE (securitystartshere.org) will be running AIRRAID2 in
Bangkok Thailand at the CentralWorld Shopping Complex (the ex-World
Trade Center) on 21 December 2007.
If you would like to register and participate in the event, read on:
=== What is AIRRAID2? ===
AIRRAID2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good idear...
Am 21.09.2007 um 10:49 schrieb Nikolay Kichukov:
I'd request that all of you stop fighting and leave the list to deal
with what it's meant to.
Cheers,
-Nikolay
[EMAIL PROTECTED] wrote:
I'm in favor of booting them all off
Nikolay, best thing I have read on Fool Disclosure for a least a
week now. Aditya, STFU and please with sugar on it. Listen to what we are
saying. Your professional reputation is through unless you post some real
work and vulnerabilities. I really am tired of the S/N ratio at If's current
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1376[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
September 21, 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1377[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
September 21, 2007
Dear Kees Cook,
CVE-2007-4033 is Buffer overflow in php_gd2.dll in the gd (PHP_GD2)
extension in PHP 5.2.3 allows context-dependent attackers to execute
arbitrary code via a long argument to the imagepsloadfont function.
Please, provide valid CVE entry.
--Thursday, September 20, 2007,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
|| [ISR]
|| || Infobyte Security Research
|| www.infobyte.com.ar
|| 09.21.2007
||
.:: SUMMARY
Barracuda Spam Firewall Cross-Site Scripting
Version: Barracuda Spam Firewall firmware v3.4.10.102
It is suspected that all previous
Dear Panda Security Response,
[EMAIL PROTECTED] was contacted about this same vulnerability in
Panda Antivirus 2007 on August, 11 2006 (more than year ago) without
any results and response, until information was published in Bugtraq.
As far, as I can see, pandasecurity.com is
I think anybody giving heat to Aditya is lame. He's just doin' what he do.
What's it got to do with you? Get real people. Stop complainin' 'cause
you're jealous of someone else's research. I'm sure it's the under 20's
complainin' on here.
On 9/21/07, Fabrizio [EMAIL PROTECTED] wrote:
Not in my book. I guess the people on this list are working off too many
different definitions of 0day. 0day to me is something for which there is
no patch/update at the time of the exploit being coded/used. So if I code
an exploit for IE right now and they don't patch it until April September
Hi,
On Fri, Sep 21, 2007 at 04:30:31PM +0400, 3APA3A wrote:
CVE-2007-4033 is Buffer overflow in php_gd2.dll in the gd (PHP_GD2)
extension in PHP 5.2.3 allows context-dependent attackers to execute
arbitrary code via a long argument to the imagepsloadfont function.
Please, provide
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1377-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
September 21, 2007
ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage
http://www.zerodayinitiative.com/advisories/ZDI-07-053.html
September 20, 2007
-- CVE ID:
CVE-2007-4991
-- Affected Vendor:
Microsoft
-- Affected Products:
ISA Server 2004 SP1
ISA Server 2004 SP2
-- TippingPoint(TM) IPS Customer
Some interesting discussion came up on some security lists this week
and it got me to thinking. Yes, hacking software is lame. Cool, so
you found some vulnerabilities in some widely distributed application,
service, or OS and it is patched just as quickly. Why don't we spend
our time and
There is more money to be made in the treatment of a disease, then actually
finding a cure.
Remind you of anything?
Shirkdog
' or 1=1--
http://www.shirkdog.us
Date: Fri, 21 Sep 2007 10:37:20 -0700
From: [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]
Subject:
Just like technology research (hacking)... but... if you are the one
that finds a cure, you'll make your buck too.
M. Shirk wrote:
There is more money to be made in the treatment of a disease, then
actually finding a cure.
Remind you of anything?
Shirkdog
' or 1=1--
I notice that you didn't mention any rare disease that none of your
friends or relatives have.
Why is it that all of these altruistic people seem to never give a
crap until it happens to them? Did Michael J Fox give one thin dime
to Parkinsons until he had it? How about Christopher Reeves and
But then there is the important concept of the private 0day, a new
vulnerability that a malicious person has but has not used yet.
But the point is there is no such thing as a 0day *vulnerability; there's
a 0day exploit, an exploit in the wild before the vulnerability id
discovered.
By claiming
Multiple Vendor ImageMagick Off-By-One Vulnerability
iDefense Security Advisory 09.19.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 19, 2007
I. BACKGROUND
ImageMagick is a suite of image manipulation tools (animate, composite,
conjure, convert, display, identify, import, mogrify
Hi,
i am trying to analyse the old asn integer overflow.Can anyone guide me
towards right direction?which function contains the vulnerable code?is it
asn1_decode?
thanks for any help.
--
___
Full-Disclosure - We believe in it.
Charter:
Dear Kristian Erik Hermansen,
It sounds like you are friends with a lot of people that would make
good Youtube material[1].
What makes your friends so special? A lot of geniuses are dying in
the world. Consider African children[2] that are smart enough to
crawl towards food, but fail en route
[EMAIL PROTECTED] wrote:
But a 0 day vulnerability is meaningless as a definition; it applies to
a vulnerability for exactly 24 hours and then is meaningless. ALL
vulnerabilities were discovered at some point and had their 24 hours of
0 day fame by your definition. It just does not make
wow! I am going to love Aditya after sometime for his shameless nature
and being even more adamant than some of the FD trolls.
Aditya - we can understand your feeling that you are completely lost
and looking for your daddy over internet. Guess what we have a
surprise for you! Dr Neal's recent
Multiple Vendor ImageMagick Sign Extension Vulnerability
iDefense Security Advisory 09.19.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 19, 2007
I. BACKGROUND
ImageMagick is a suite of image manipulation tools (animate, composite,
conjure, convert, display, identify, import,
On Sat, 22 Sep 2007 00:49:30 +0530, Code Breaker said:
i am trying to analyse the old asn integer overflow.Can anyone guide me
towards right direction?which function contains the vulnerable code?is it
asn1_decode?
It's not the old asn integer, it's one of the old asn integer...
There were
* Code Audit Labs:
that's funny, the above code still can be bypassed because of
incorrect check order.
and example code
calloc(0x1001, 0x10);
it will return NULL in winxp or gligc 2.5
it will return 0x10 sizes heap in glibc 2.5(maybe prior) or
win2000 sp4
This
To quote Alien from the 4420 website:
Monday 24th September, 2007 starting at 19:30
-room private till 21:30 then we might pop out to a certain local
again... :-)
Location: Charing Cross Sports Club, Charing Cross Hospital
Tube: Hammersmith or Barons Court
Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities
iDefense Security Advisory 09.19.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 19, 2007
I. BACKGROUND
ImageMagick is a suite of image manipulation tools (animate, composite,
conjure, convert, display,
Dear All,
pa http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
Is this the way responsible disclosure works these days ?
Adobes representatives can contact me from the usual place.
Wow, now that's coordinated release. Knowing the bugs that you found
previously it should take 10 minutes to
Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities
iDefense Security Advisory 09.19.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 19, 2007
I. BACKGROUND
ImageMagick is a suite of image manipulation tools (animate, composite,
conjure, convert, display,
pa http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
Is this the way responsible disclosure works these days ?
Adobe?s representatives can contact me from the usual place.
Wow, now that's coordinated release. Knowing the bugs that you found
previously it should take 10 minutes to
Are you gonna blow hot air VK or are you gonna help the man/woman???
On Friday, September 21, 2007, at 12:44PM, [EMAIL PROTECTED] wrote:
On Sat, 22 Sep 2007 00:49:30 +0530, Code Breaker said:
i am trying to analyse the old asn integer overflow.Can anyone guide me
towards right direction?which
On 9/21/07, Curt [EMAIL PROTECTED] wrote:
I notice that you didn't mention any rare disease that none of your
friends or relatives have.
Why is it that all of these altruistic people seem to never give a
crap until it happens to them? Did Michael J Fox give one thin dime
to Parkinsons until
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:187
http://www.mandriva.com/security/
Jeez, what a bunch of whiny pussies.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
There are two vanilla XSS on 'wp-register.php'. Only versions =2.0.1
appear to be affected.
More info can be found on GNUCITIZEN's BlogSecurity:
http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/
Regards,
--
pagvac
gnucitizen.org, ikwt.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
That's been disclosed already, but thanks for your $0.02 USD ($0.02 CDN)
Cheers,
- ---
Tremaine Lea
Network Security Consultant
Intrepid ACL
Paranoia for hire
On 21-Sep-07, at 5:40 PM, h4h wrote:
Jeez, what a bunch of whiny pussies.
45 matches
Mail list logo
