[Full-disclosure] Release of webshag 1.00!

Webshag is a free, multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. It also provides innovative functionalities like the capability of retrieving the

[Full-disclosure] [SECURITY] [DSA 1525-1] New asterisk packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1525-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2008

Re: [Full-disclosure] agile hacking?

What's the Negative Public Relations Industry? On Wed, Mar 19, 2008 at 10:36 PM, Fionnbharr [EMAIL PROTECTED] wrote: PDP, I don't really need backing up, I think my stuff stands but it seems you haven't looked at it still. Reckon you could spell my name correctly though? I get enough typo's

[Full-disclosure] Vonage denial of service through noise packet injection.

Vonage service is being disrupted by injecting noise packet filtering into received calls for VOIP customers. This is service disruption by a major Corporation and anyone else experiencing this disruption, static noise on in-coming calls, should contact Vonage Customer service. As this is a

Re: [Full-disclosure] agile hacking?

The world does NOT need another Hacking Exposed. But it does need (and always will need) a modern book of Computer Security Fundamentals. There should be little to NO focus on tools (as these change quite often), the bulk of the focus should be on the Fundamentals and Standards; (I am mainly

Re: [Full-disclosure] Vonage denial of service through noise packet injection.

Who is the Corporation injecting noise? I would have assumed that there would be some kind of packet athentication in the vonage application stack . . . So assuming that this is a network based attack, and assuming that Vonage DOES somehow authenticate the incoming packets. Wouldn't this level

Re: [Full-disclosure] volatile hacking?

Odd, since I stayed on topic and called no one a troll at all. By us I meant what you read, If you don't like it, feel free to unsubscribe rather than whine about it. I don't care who you are. Read the thread next time before getting upset at random people and doing the same thing you decry. PS:

[Full-disclosure] When standards attack...

The WebKit folks just added client-side SQL database support: http://webkit.org/blog/126/webkit-does-html5-client-side-database-storage/ http://glazkov.com/blog/html5-gears-wrapper/ In addition to all of the existing attacks through a web browser, we can now take into account SQLite

Re: [Full-disclosure] volatile hacking?

Michael Krymson wrote: Odd, since I stayed on topic and called no one a troll at all. By us I meant what you read, If you don't like it, feel free to unsubscribe rather than whine about it. Michael only the first line of my previous mail was directed to you (before In general:). It's my

[Full-disclosure] Note about recently publicized CA BrightStor ActiveX exploit code

CA is reviewing exploit code that was posted on 2008-03-16 to the Milw0rm exploit archive web site. This exploit code is potentially associated with vulnerabilities that may exist in CA BrightStor ARCserve Backup for Laptops and Desktops and/or related products. CA will issue an advisory

Re: [Full-disclosure] agile hacking?

Can emails like the one below be sent to the person not the entire list... for the benefit of all list members? Thanks. - G - Original Message - From: reepex To: Petko D. Petkov ; full-disclosure@lists.grok.org.uk Sent: Tuesday, March 18, 2008 11:26 PM Subject: Re: [Full-disclosure]

Re: [Full-disclosure] When standards attack...

H D Moore ha scritto: ...because letting developers choose to bind their query parameters has worked so well before ;-) HDM, why don't join the HTML5 working group? you or GNUcitizen? With your experience and credentials, you should have no problem getting your opinions heeded

[Full-disclosure] [ MDVSA-2008:072 ] - Updated kernel packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:072 http://www.mandriva.com/security/

[Full-disclosure] [SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1526-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp March 20, 2008

[Full-disclosure] (no subject)

test ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Multiple heap overflows in xine-lib 1.1.11

### Luigi Auriemma Application: xine-lib http://xinehq.de Versions: = 1.1.11 Platforms:Linux, *BSD, Solaris, Irix, MacOSX, Windows and others Bugs: A] heap-overflow in

[Full-disclosure] [USN-589-1] unzip vulnerability

=== Ubuntu Security Notice USN-589-1 March 20, 2008 unzip vulnerability CVE-2008-0888 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu

[Full-disclosure] [ MDVSA-2008:073 ] - Updated perl-Net-DNS packages fix DoS vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:073 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2008:074 ] - Updated audacity package fixes insecure temporary directory creation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:074 http://www.mandriva.com/security/

[Full-disclosure] CanSecWest 2008 PWN2OWN - Mar 26-28

Calendar Notes: === PacSec 2008 will be on November 12/13 in Tokyo at Aoyama Diamond Hall. EUSecWest 2008 will be on May 21/22 at a fun new venue in central London. (We cooked this schedule up so it will enable people to fly to Berlin on the 23rd and make FX's ph-neutral on Saturday