[Full-disclosure] [SECURITY] [DSA 1459-1] New gforge packages fix SQL injection

2008-01-13 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1459-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst January 13, 2008

Re: [Full-disclosure] what is this?

2008-01-13 Thread crazy frog crazy frog
more,its not a java script,looks like a html page[notice the and tag n the file] there is also a random function,which generate the random string which is used to store teh files on c drive and may be for the random url.its trying to play mp3 and other files.all looks like messed up.may be there

[Full-disclosure] [SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service

2008-01-13 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1461-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 13, 2008

[Full-disclosure] [SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation

2008-01-13 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1462-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 13, 2008

[Full-disclosure] Nipper 0.11.2 Released

2008-01-13 Thread Ian Ventura-Whiting
Nipper is a network infrastructure parser. It processes configuration files from network devices and produces a report including a security audit of the device, configuration settings and other relevant information. Nipper currently supports the following device types:   * Cisco IOS-based route

[Full-disclosure] what is this?

2008-01-13 Thread crazy frog crazy frog
Hi, Recently on opening one of my site,my antivirus pops up saying that it has found on malicious script.the url is random and i have managed to get tht script.it is using some flaw in apple quick time. u can get the zip file for java script here: http://secgeeks.com/what.zip password is 12345 can

Re: [Full-disclosure] Javascript

2008-01-13 Thread damncon
This is from a current CNN home page: /* SiteCatalyst code version: H.10. Copyright 1997-2007 Omniture, Inc. More info available at http://www.omniture.com */ / ADDITIONAL FEATURES Plugins */ /* Specify the Report Suite ID(s) to track here */ v

[Full-disclosure] [SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities

2008-01-13 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1460-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 13, 2008

[Full-disclosure] Hacking The Interwebs

2008-01-13 Thread pdp (architect)
http://www.gnucitizen.org/blog/hacking-the-interwebs When the victim visits a malicious SWF file, a 4 step ATTACK will silently execute in the background. At that moment the attacker will have control over their router, pretty much regardless of its model. *Many of the home routers are vulnerable