Yeah, you're right - no-one uses TIBCO products
http://www.tibco.com/customers/default.jsp
Andy
From: phioust [mailto:[EMAIL PROTECTED]
Sent: 16 October 2007 19:06
To: full-disclosure@lists.grok.org.uk; Andy Davis
Subject: Re: [Full-disclosure]
visit this site
a very important italian Security meeting
november 27, 2007
http://www.atsystemgroup.org/en/conventions/nss07
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
for testing purposes
the POC of the vulnerabiliy discovered by the KIPH fuzzer
RS
#!/usr/bin/perl
#
# Vulnerabily discovered using KiF ~ Kiph #
# #
# Authors: #
#
for testing purposes
the POC of the vulnerabiliy discovered by the KIPH fuzzer
RS
#!/usr/bin/perl
#
# Vulnerabily discovered using KiF ~ Kiph #
# #
# Authors: #
#
LOL
The 'postcodeloterij' is indeed a lottery in the netherlands, competely
legit and pretty wel known. Thousands of dutch people have won prizes...
however... the lottery only applies to dutch people. Freely translated
'postcodeloterij' means 'zipcode lottery', and it only uses dutch
zipcodes so
LAMO
On 10/17/07, jeroen [EMAIL PROTECTED] wrote:
LOL
The 'postcodeloterij' is indeed a lottery in the netherlands, competely
legit and pretty wel known. Thousands of dutch people have won prizes...
however... the lottery only applies to dutch people. Freely translated
'postcodeloterij'
Why everybody said it is a zero day about PDF? it's just a fault in
IE7, or just want to make a big media hit? real PDF zero day will
exists in the PDF's file format, or some Adobe's expanded functions.
Actually, it's about PDF *and* IE7. Both are at fault, and if either
one of them was
visit this site
a very important italian Security meeting
november 27, 2007
http://www.atsystemgroup.org/en/conventions/nss07
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
this would effectively make the password hash the password.
Are you sure this scheme is used?:P
On 10/16/07, Bipin Gautam [EMAIL PROTECTED] wrote:
hi list,
i was reading the article,
http://www.f-secure.com/weblog/archives/1293.html
but just an example.
why do many people out there
NGSSoftware Insight Security Research Advisory
Name: Oracle TNS Listener DoS and/or remote memory inspection
Systems Affected: Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 22nd June 2006
All BitTorrent Trackers built on the tb-source use this scheme, when you
login you recieve a cookie with your password hash, when someone steals
the cookie/pw-hash they can steal that account... Funny sidenote,
tb-source is ofter vulnerable to XSS
upb wrote:
this would effectively make the
KJK::Hyperion ha scritto:
The present patch is dramatically under-tested and it has underwent no
quality assurance procedure whatsoever, so please deploy with the
greatest care.
Indeed, I just found a gruesome memory leak in it. A silly bug, brown
paperbag-grade shame. If you installed my
On Wed, 17 Oct 2007 14:39:28 +0300, upb said:
this would effectively make the password hash the password.
Are you sure this scheme is used?:P
Far too often. I'm continually amazed at how shallow the talent pool for
web developers is. There's 140+ million registered domains, there's nowhere
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nice catch.
On Wed, 17 Oct 2007 08:16:21 -0400 KJK::Hyperion
[EMAIL PROTECTED] wrote:
KJK::Hyperion ha scritto:
The present patch is dramatically under-tested and it has
underwent no
quality assurance procedure whatsoever, so please deploy with
the
NGSSoftware Insight Security Research Advisory
Name: Oracle RDBMS Data packet DoS
Systems Affected: Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 23rd June 2006
Date of Public Advisory: 17th
NGSSoftware Insight Security Research Advisory
Name: SQL Injection Flaw in Oracle Workspace Manager
Systems Affected: Oracle 10g release 1 and 2, Oracle 9i
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 22nd August 2006
Date of Public
NGSSoftware Insight Security Research Advisory
Name: Oracle audit issue with XMLDB ftp service
Systems Affected: Oracle Oracle 9ir2, 10g Release 1
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 9th March 2006
Date of Public Advisory:
NGSSoftware Insight Security Research Advisory
Name: Multiple SQL Injection Flaws in Oracle CTX_DOC package
Systems Affected: Oracle 10g release 1 and 2
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 6 June 2005
Date of Public Advisory:
(resend with title...)
NGSSoftware Insight Security Research Advisory
Name: SQL Injection Flaw in Oracle Workspace Manager
Systems Affected: Oracle 10g release 1 and 2, Oracle 9i
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 22nd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Adobe has a work around (but doesn't seem to have a fix yet) for this
vulnerability (which they categorize as critical). They also state
(and testing seems to validate) that impact is limited to Windows XP
machines with IE 7.
and how many use the product you found the vulnerability in?
On 10/17/07, Andy Davis [EMAIL PROTECTED] wrote:
Yeah, you're right – no-one uses TIBCO products….
http://www.tibco.com/customers/default.jsp
Andy
--
*From:* phioust [mailto:[EMAIL PROTECTED]
It appears that new version of Netscape has been released.
More information at
Release Notes :: Netscape Navigator Web Browser
http://browser.netscape.com/releasenotes/
New Netscape Navigator 9 ships security fixes and is multi-platform
http://blogs.securiteam.com/?p=1019
The new version is
KJK::Hyperion ha scritto:
ShellExecute is not called ExecuteUri [...]
This function isn't, either, but it should be close enough:
/* --- 8 -- 8 -SNIP- 8 -- 8 -- 8 -SNIP- 8 --- */
/*
* Helper functions to unambiguously execute URLs with ShellExecute(Ex).
* Author: KJK::Hyperion
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services
Module
Advisory ID: cisco-sa-20071017-fwsm
http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml
Revision 1.0
For Public Release 2007 October 17 1600 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Web-based
Management Vulnerability
Document ID: 97836
Advisory ID: cisco-sa-20071017-IPCC
http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml
Revision 1.0
For Public Release 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Document ID: 98833
Advisory ID: cisco-sa-20071017-cucm
http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml
Revision 1.0
For Public
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA
Appliances
Advisory ID: cisco-sa-20071017-asa
http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml
Revision 1.0
For Public Release 2007 October 17 1600 UTC (GMT
Although ... I dont remember entering this lottery - because I havent been
18 that long and it wouldnt be legal!?
no one cares. next time send your nudes kthx.
--
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush
thanks for the target list andy! D:
--
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5
HACKERShack0d4yc4nh4pp3nTOanyONEfull-disclosureh4ckkfisaniggerEPICLULZ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Dude VanWinkle,
I find your alias offensive.
On Wed, 17 Oct 2007 13:31:32 -0400 nigger johnson
[EMAIL PROTECTED] wrote:
Although ... I dont remember entering this lottery - because I
havent been
18 that long and it wouldnt be legal!?
no one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yessir.
On Wed, 17 Oct 2007 10:27:49 -0400 David Litchfield
[EMAIL PROTECTED] wrote:
(resend with title...)
NGSSoftware Insight Security Research Advisory
Name: SQL Injection Flaw in Oracle Workspace Manager
Systems Affected: Oracle 10g release 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
They are just covering their asses in case someone figures out a
scenario where this bug is actually useful, and tries going on a
media whoring campaign talking about how evil Adobe is for not
originally rating the vulnerability higher.
You bunch of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear List,
I am currently tasked with evaluating which webbrowser is the most
secure, to be deployed across all machines at the fortune 500
corporation I'm currently working at. Can you, armchair security
enthusiast and full-disclosure reader,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In your professional opinion, is upgrading to the latest version
the best decision? Or is there a better browser to use?
- -JPelinks4lyfe
On Wed, 17 Oct 2007 11:55:28 -0400 Juha-Matti Laurio juha-
[EMAIL PROTECTED] wrote:
It appears that new
Did people power get rid of Gadi Evron from Full-Disclosure?
The security researcher and robot network expert from Israel hasn't been
seen on Full-Disclosure mailing list since the What is a 0-day? fallout
between the researcher and members of the security community, including me,
n3td3v.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:199
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John,
I believe I digitally intercepted this blackberry user's email.
- - Forwarded message from [EMAIL PROTECTED] -
Please change my subscription address to:
[EMAIL PROTECTED]
Thank you!
Erik Laykin
Sent via BlackBerry by ATT
-
It's always recommended to update to the latest version if there are Netscape
installations
(many public computers have alternative browsers and I have seen many 7.x
versions on these computers etc..)
But in fact, I prefer Firefox.
Netscape Navigator 9 supports Firefox extensions (i.e. Mozilla
This is dated 10th Oct but always useful:
Zone-H.org - 10 reasons websites get hacked
http://www.zone-h.org/content/view/14865/1/
based to OWASP Top 10 list.
- Juha-Matti
___
Full-Disclosure - We believe in it.
Charter:
ROFL OMG HAHAHA WTF LOL @ XSS nº1
On 10/17/07, Juha-Matti Laurio [EMAIL PROTECTED] wrote:
This is dated 10th Oct but always useful:
Zone-H.org - 10 reasons websites get hacked
http://www.zone-h.org/content/view/14865/1/
based to OWASP Top 10 list.
- Juha-Matti
Usually I delete your e-mail but this one is worthy of a comment.
Yeah, look at the staff members of Zone-H, they are true script kid of the
highest order...
http://www.zone-h.org/content/view/14206/139/
And the content management system used on their site alone signals major
lameness activity
Why shot the messenger..kill zat darn army (OWASP ) that create the mess in
the first place !!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I thought the main reasons for intrusion were fun and/or profit. I
don't see them on your list anywhere.
I think your list sucks.
On Wed, 17 Oct 2007 16:46:35 -0400 Juha-Matti Laurio juha-
[EMAIL PROTECTED] wrote:
This is dated 10th Oct but always
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks bud.
Incidentally, we have been seeing a lot of s0ftpj.org posts lately -
is your hacker group trying to make a comeback? If so, why?
I think r00tabega should return as well!
- -JPscene historian is written between my bra and ket lulz!
On
On 10/17/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
1) Personal favorite browser,
http://crawler.archive.org
2) Most secure browser,
links ... not elinks or lynx... links
3) Best browser plugins,
none
4) Favorite youtube video,
youtube takes down really important content, such as
Yes, you are right, the adobe's fault is allowing to call mailto URI
without user's validate(they checked other URIs such as http but not
mailto), but the remote code execute is due to MS's fault, I am not
prefer or hate any vendor and anyone, but the initial disclosure misleaded
me to believe
46 matches
Mail list logo