http://observer.guardian.co.uk/comment/story/0,,2200579,00.html?gusrc=rssfeed=technology
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On 10/31/07, glopeda. com [EMAIL PROTECTED] wrote:
From: [EMAIL PROTECTED]
Application: less 394 and prior
Type: Format strings vulnerability
Priority: Low
Meager demonstration:
$ export LESSOPEN=%s%n
$ less somefile
Segmentation fault
$
Interesting...
$ echo $LESSOPEN
|lesspipe.sh %s
However, I put together a Flash video showing the bug. It may not be
exploitable, but I also haven't been keeping up with the latest bad
pointer / alternate code path research stuff. Maybe someone can do
some ninjitsu code exec using this...
Hello,
I had a quick look with
SEC Consult Security Advisory 20071031-0
title: Perdition IMAP proxy str_vwrite format string
vulnerability
program: Perdition Mail Retrieval Proxy
vulnerable version
It's taking arguments out of your environment for the format string,
put a couple more %n's and watch it die horribly. That's why I said
a meager demonstration. The emphasis was definitely on meager ;)
On 10/31/07, Jeffrey Denton [EMAIL PROTECTED] wrote:
On 10/31/07, glopeda. com [EMAIL
http://www.encyclopediadramatica.com/Richard_Curtis
State Rep. Richard Curtis, R-La Center, caught up in a statewide media frenzy
over an ongoing extortion investigation in Spokane, is making the assertion
that he is not gay. Curtis, 48 has been besieged by phone calls since news
broke about
Hello list,
Anyone have a security contact at Open Text Corporation (www.opentext.com)?
Many thanks,
clappymonkey (Michael Kemp)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
==
Secunia Research 31/10/2007
- McAfee E-Business Server Auth Packet Handling Buffer Overflow -
==
Table of Contents
Affected
==
Secunia Research 31/10/2007
- CUPS IPP Tags Memory Corruption Vulnerability -
==
Table of Contents
Affected
Sorry, but it seems that it is the other way around--vulnerable are
versions 0.9.8f, unaffected versions = 0.9.8f.
Gruß, Steffan
On Tue, Oct 30, 2007, Pierre-Yves Rofes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability
iDefense Security Advisory 10.31.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 31, 2007
I. BACKGROUND
MacroVision InstallShield is an installer solution utilized by many
software vendors in order to
Symantec Altiris Deployment Solution TFTP/MTFTP Service Directory
Traversal Vulnerability
iDefense Security Advisory 10.31.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 31, 2007
I. BACKGROUND
Symantec Altiris Deployment Solution is an automated OS deployment
solution that is
List,
Some time ago I remember that someone posted a PoC of a small site that
had a really nice looking flash animation that performed a virus scan and
after the virus scan was finished, the user was prompted for a Download
virus fix? question. After that, of course, a file is sent to the
resulting to se in a pen test cuz you cant break any of the actual machines?
lulz
On 10/31/07, Joshua Tagnore [EMAIL PROTECTED] wrote:
List,
Some time ago I remember that someone posted a PoC of a small site that
had a really nice looking flash animation that performed a virus scan and
I'd like to thank everyone for their responses. It took me a few days to
process all that and play around with those fancy tools. I think I hacked
this protocol, or at least manipulated it in a way it was designed not to.
It's likely that this is a trivial matter since the protocol is not used for
On Wed, 31 Oct 2007 16:56:20 CDT, reepex said:
resulting to se in a pen test cuz you cant break any of the actual machines?
Lots of *actual* compromises happen the same exact way - resorting to SE.
As such, if a pen test doesn't cover the same territory, it's incomplete.
Yes, your house is
It's valid IMO, but also depends on the client expectations. At the outset,
the parameters of what's being tested should be well outlined. Some clients
prefer purely technical measures for penetration. Others are open to a
complete (i.e. SE included) test. Obviously a better choice, but I
must be on one of the .gov red teams ;]
On Wed, 31 Oct 2007, reepex wrote:
Date: Wed, 31 Oct 2007 16:56:20 -0500
From: reepex [EMAIL PROTECTED]
To: Joshua Tagnore [EMAIL PROTECTED],
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Flash that simulates virus scan
ZDI-07-059: Verity KeyView SDK Multiple File Format Parsing
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-07-059.html
October 23, 2007
-- CVE ID:
-- Affected Vendor:
Verity
-- Affected Products:
KeyView SDK
-- Vulnerability Details:
Several vulnerabilities exist in the
ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-058.html
October 16, 2007
-- CVE ID:
CVE-2007-5766
-- Affected Vendor:
Oracle
-- Affected Products:
E-Business Suite 11
E-Business Suite 12
-- TippingPoint(TM) IPS Customer
ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-062.html
October 25, 2007
-- CVE ID:
CVE-2007-4599
-- Affected Vendor:
RealNetworks
-- Affected Products:
RealNetworks RealPlayer version 10.5
-- TippingPoint(TM)
ZDI-07-060: HP OpenView Radia Integration Server File System Exposure
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-060.html
October 23, 2007
-- CVE ID:
CVE-2007-5413
-- Affected Vendor:
Hewlett-Packard
-- Affected Products:
HP OpenView Radia Integration Server
--
ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
October 25, 2007
-- CVE ID:
CVE-2007-2263
-- Affected Vendor:
RealNetworks
-- Affected Products:
RealNetworks RealPlayer version 10.5
--
ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-063.html
October 25, 2007
-- CVE ID:
CVE-2007-2264
-- Affected Vendor:
RealNetworks RealPlayer version 10.5
-- Affected Products:
RealPlayer 6.x
--
ZDI-07-064: Novell Client Trust Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-064.html
October 25, 2007
-- CVE ID:
CVE-2007-5767
-- Affected Vendor:
Novell
-- Affected Products:
BorderManager 3.8
-- Vulnerability Details:
This vulnerability allows remote
On 10/31/07, Joshua Tagnore [EMAIL PROTECTED] wrote:
List,
Some time ago I remember that someone posted a PoC of a small site that
had a really nice looking flash animation that performed a virus scan and
after the virus scan was finished, the user was prompted for a Download
virus fix?
Did you try contacting his campaign, and asking them if it was theres?
While they may not fess up, it wouldn't hurt.
Actually, it would hurt my wallet, and waste my time, compounding the
loss
already incurred by receiving the spam in the first place.
Also, if you really believed that it
dont you listen to pdp ever? the government uses xss and bruteforces
remote desktop logins
http://seclists.org/fulldisclosure/2007/Oct/0417.html
pdp: military grade exploits? :) dude, I am sorry man.. but you are living
in some kind of a dream world. get real, most of the military hacks
are as
Actually, it would hurt my wallet, and waste my time, compounding the
loss
already incurred by receiving the spam in the first place.
But it's worth your time to forward spam to everyone on the
full-disclosure mailing list.
Also, if you really believed that it might come from his campaign,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It would be nice if the people who ridicule pdp would actually do some
research in the field of JS exploits before passing judgement.
Two places I can think of are RSnake's blog at http://ha.ckers.org/
and also the forum: http://sla.ckers.org/forum/
user interaction on a random file format? haven't we been over this
types of bugs?
This pool of zdi bugs is almost more laughable then idefense's aix spam flood
On 10/31/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
This vulnerability allows remote attackers to execute code on vulnerable
post auth sql injection in random admin console - lulz
On 10/31/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
The specific flaw exists in the okxLOV.jsp page in the Administration
console.
___
Full-Disclosure - We believe in it.
Charter:
Joshua Tagnore wrote:
Some time ago I remember that someone posted a PoC of a small site that
had a really nice looking flash animation that performed a virus scan and
after the virus scan was finished, the user was prompted for a Download
virus fix? question. After that, of course, a
33 matches
Mail list logo