The old buffer-overflow in the subtitles handled by VLC has not been
fully patched in version 0.8.6e, in fact buffer_text2 in ParseSSA is
still unchecked:
if( sscanf( s,
Dialogue: %[^,],%d:%d:%d.%d,%d:%d:%d.%d,%81920[^\r\n],
buffer_text2,
The funny thing is that my old
###
Luigi Auriemma
Application: BootManage TFTPD
http://www.bootix.com/products/administrator_en.html
Versions: = 1.99 (BootManage Administrator = 7.1)
Platforms:Windows
Bug:
###
Luigi Auriemma
Application: MG-SOFT Net Inspector
http://www.mg-soft.com/netinsp.html
(bug C affects any MgWTrap3 service which is included in
almost
On Sat, 15 Mar 2008 08:44:29 -, worried security said:
i call government involvement...
worried if u are a government who wants an attack highly known
about do you A) attack some random blog, or b) attack high profile
news website?
lots of rambling deleted
Have you considered the
rm_duplicate_chains is an optimised way to remove duplicate chains
in Rainbow Tables.
An article (in french) is available here :
http://www.sisecurite.fr/articles_et_actualites/Retirer-les-doublons-des-Rainbow.html
To use it (assuming tables are sorted) :
- Install Boost Regex library :
Online at:
http://int21.de/cve/CVE-2008-0125-phpstats.html
Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0125
http://www.michael-wagner.de/software/phpstats/
Description
phpstats is a tool creating statistic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1485-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2008
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-1522-1[EMAIL PROTECTED]
http://www.debian.org/security/ Florian Weimer
March 17, 2008
On Wed, Mar 12, 2008 at 7:51 AM, Dancho Danchev
[EMAIL PROTECTED] wrote:
lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu;
www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com;
boisestate.edu; aoa.gov; gustavus.edu; archive.org;
gsbapps.stanford.edu; bushtorrent.com;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-1523-1[EMAIL PROTECTED]
http://www.debian.org/security/ Florian Weimer
March 17, 2008
On Mon, 17 Mar 2008 21:35:03 -, you said:
Have you considered the possibility that it's actually the RBN or similar,
making it *look* like a government is involved?
ah, so you're not denying it does look like a government is
involved?;) you've just made my day,week, year etc.
Just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security AdvisoryGLSA 200803-24:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Pat, thanks for your comments.
I do want to point out that this was a false alarm, triggered in one
of my monitoring systems. The threat was analyzed and no real
compromise was found. Please disregard my previous comment and accept
my apologies.
But the scenario is , nonetheless, scary.
BL
On
*.adrevolver.com is part of the BlueLithium network, which is a premier
behavioral targeting ad network which was acquired by Yahoo in mid-2007 - I
wouldn't say malware or use the word attack (especially considering it's
now a sister company), however unethical or intrusive this sort of thing may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- ---
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server,
Airscanner Mobile Security Advisory #08031201:
FlexiSPY Victim/User Email/SMS/Call Log Spoofing and Flawed Encryption
Scheme
Product:
FlexiSPY Product and Website
Platform:
NA
Requirements:
NA
Credits:
Seth Fogie
Airscanner Mobile Security
http://www.airscanner.com
March 12, 2008
Risk
16 matches
Mail list logo
