Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication

2008-01-03 Thread Michal Zalewski
On Thu, 3 Jan 2008, avivra wrote: http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx Although it's amusing Firefox filters '' in this prompt to begin with, rather than designing it more wisely not to render attacker-controlled text inline (use a table

[Full-disclosure] King Kong plays the banjo

2008-01-03 Thread brutealmighty
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Happy new year! SHA256: 70fdb783515753bad4c2cd4ccf3ff886299378469c862d710c6b0791698de5c4 - tgz 8000fd7f9d8bfb23d8a5e97248dec458c74578eafee2ea5b644bfa15e267e5d5 - rb c3481cf8015dfc14bdf7be7dfe8d371bff1a44a713f01c63f21f824e22043bb9 - decrypted

Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication

2008-01-03 Thread avivra
On Jan 3, 2008 12:48 PM, Michal Zalewski [EMAIL PROTECTED] wrote: Note that any person familiar with the dialog is unlikely to be confused by this prompt, as a clear indication of the originating site, consistent with the design of this dialog, is preserved (...at http://avivraff.com;).

Re: [Full-disclosure] Uber Lamer Ass of the Year. Vote!

2008-01-03 Thread damncon
Is this your mature and worried response about your personal abilities ? n3td3v can-not-code. We talk about things your mom wouldn't approve of and i'm not letting you sign up, na na na. btw im already signed in lulz ___ Full-Disclosure - We believe

[Full-disclosure] [SECURITY] [DSA 1443-1] New tcpreen packages fix denial of service

2008-01-03 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1443-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 03, 2008

[Full-disclosure] multiple CAPTCHA automation test bypass digest

2008-01-03 Thread 3APA3A
Dear bugtraq, Below is a digest of vulnerabilities in multiple CAPTCHA systems. All vulnerabilities were reported by MustLive (websecurity.com.ua) during The Month of Bugs in CAPTCHA 1. Peterâ–“s Custom Anti-Spam Image 2.9 (Wordpress plugin) 1.1 antiselect value can be guessed with

[Full-disclosure] securityvulns.com russian vulnerabilities digest

2008-01-03 Thread 3APA3A
Dear bugtraq, Belowisadigestofvulnerabilitiespublishedby http://securityvulns.com/ and believed to be previously unpublished in English.Allvulnerabilitieswerereported by MustLive (http://websecurity.com.ua/). 1. AwesomeTemplateEngine

[Full-disclosure] [SECURITY] [DSA 1445-1] New maradns packages fix denial of service

2008-01-03 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1445-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 03, 2008

[Full-disclosure] [SECURITY] [DSA 1446-1] New wireshark packages fix denial of service

2008-01-03 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1446-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 03, 2008

[Full-disclosure] [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

2008-01-03 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1447-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 03, 2008

Re: [Full-disclosure] Critical Vulnerability in [Full-Disclosure]

2008-01-03 Thread reepex
well I will miss all your fan mail from the past. maybe i will forward them to the list one day for other's entertainment On Jan 2, 2008 9:55 PM, scott [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 An your earth-shattering views are *SO* important,you must make sure

[Full-disclosure] http://www.plannetgroup.com/home.html

2008-01-03 Thread auto113496
Check this out... -- Need cash? Click to get a cash advance. http://tagline.hushmail.com/fc/Ioyw6h4dP5JA5M122hYuWOr3jac6oXWShCFBbNFC49vdQ6tjvJ0gAI/ http://www.plannetgroup.com/home.html ___ Full-Disclosure - We believe in it. Charter:

[Full-disclosure] rPSA-2008-0001-1 dovecot

2008-01-03 Thread rPath Update Announcements
rPath Security Advisory: 2008-0001-1 Published: 2008-01-03 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Remote User Non-deterministic Weakness Updated Versions: [EMAIL PROTECTED]:1/1.0.10-0.1-1 rPath Issue Tracking System:

[Full-disclosure] rPSA-2008-0004-1 tshark wireshark

2008-01-03 Thread rPath Update Announcements
rPath Security Advisory: 2008-0004-1 Published: 2008-01-03 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Denial of Service Updated Versions: [EMAIL PROTECTED]:1/0.99.7-0.1-1 [EMAIL PROTECTED]:1/0.99.7-0.1-1 rPath Issue Tracking