Re: [Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

SecReview, My 2 cents on your review, although I will try to be nicer then you were to the reviewee. I'm completely skipping your section where you talked to the non-technical person, that's not even fair... sorta like reviewing a consulting group based on their website alone... oh shit, I forgot

[Full-disclosure] AXIGEN 5.0.x AXIMilter Format String Exploit

/* * Axigen 5.0.x AXIMilter Format String Exploit * * by hempel (JAN 16 2008) * * thx to mu-b (digit-labs.org) * */ #include #include #include #include #include #include #include char buf[] = "FROM:\r\nEHLO:\r\nCNIP:\r\nCNPO:\r\nCNHO: " /* offsets */ "\xb8\x96\x05\x08\xb9\x9

[Full-disclosure] [Professional IT Security Providers - Exposed] PlanNetGroup ( F )

The PlanNetGroup is a Professional IT Security Services Provider located at http://www.plannetgroup.com. One of our readers requested that we perform a review of the PlanNetGroup, so here it is. It is important to state that there isn’t all that much information available on the web about the PlanN

[Full-disclosure] Fwd: Incident: High traffic social media sites being exploited

-- Forwarded message -- From: n3td3v <[EMAIL PROTECTED]> Date: Jan 20, 2008 10:34 PM Subject: Incident: High traffic social media sites being exploited To: n3td3v <[EMAIL PROTECTED]> it appears hackers are exploiting high traffic social media sites right now by submitting sql quer

[Full-disclosure] [SECURITY] [DSA 1470-1] New horde3 packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1470-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2008

[Full-disclosure] [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] sqlninja 0.2.2 released

Hello security enthusiasts, a new version of sqlninja is out at Sourceforge ! Introduction Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB

[Full-disclosure] [SECURITY] [DSA 1469-1] New flac packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1469-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2008

[Full-disclosure] [SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1468-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2008