Affected Software/Device: IBM MRO MAXIMO
Tested Version: 4.1 , 5.2
Vulnerability: Cross Site Scripting Information Disclosure
Risk: Low / Medium
Description: MRO Maximo is a strategic asset and service management
system that runs on a number of databases including Oracle, SQL
[-]
_.-..__ .__.__
,'9 )\)`-.,.--. | | _|__|_ _ _|__| 2k8
`-.| `. | |/ / \ \/ \/ / |/ ___\/ _ \ /\
\, ,\)|| |\ /| \
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SUSE Security Announcement
Package:bind
Announcement ID:SUSE-SA:2008:033
Date:
On Fri, Jul 11, 2008 at 07:32:18AM +0200, Jeffrey Starck wrote:
Hello,
I am offering : 0day for Windows and UNIX to sell (Apache, PHP, some
daemons, and some windows applications).
I'll give you 50p and a bag of grapes. Post it here first, and I'll
check it works.
Or die in a big chemical
Riad,
Thanks for testing this. A number of other readers wrote me privately
confirming your result with linux ipchains. I'm not sure what ipchains does
when it encounters a collision, but in general I think this is a good
strategy. You'd have to have many thousands of simultaneous UDP
On Fri, 11 Jul 2008 11:01:33 EDT, Thomas Cross said:
Thanks for testing this. A number of other readers wrote me privately
confirming your result with linux ipchains. I'm not sure what ipchains does
when it encounters a collision, but in general I think this is a good
strategy. You'd have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1607-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
July 11, 2008
Vielen Dank fr Ihre E-Mail,
ich befinde mich vom 14.07.08 bis einschlielich 25.07.08 in Urlaub.
Ihre Mail wird nicht weitergeleitet, wenden Sie sich bei Anfragen oder
Problemen bitte direkt an Herrn Manuel Bschgens ([EMAIL PROTECTED]).
Mit freundlichen Gren
Jens Regel
Schneider Wulf
is your company a joke? i really hope so
On Thu, Jul 10, 2008 at 3:28 AM, Chandrashekhar B [EMAIL PROTECTED]
wrote:
We have a detailed advisory here,
http://www.secpod.org/advisories/Multiple_Vendor_DNS_Spoofing_Vulnerability_MS08_037.html
Thanks,
Chandra.
[EMAIL PROTECTED] wrote:
With 64K source ports, you'll have collisions over 1% of the time at only 1024
in use. With 8K in use, you're hitting collisions 12% of the time.
Good point. When collisions occur, as Thomas and I have pointed out,
the behavior of the NAT implementation is going to be
On Fri, Jul 11, 2008 at 5:54 PM, Robert Holgstad [EMAIL PROTECTED] wrote:
is your company a joke? i really hope so
It http://www.secpod.org/index.html looks like a http://secunia.com/
spoof off. Remember nobody uses secunia and are still wondering why
John Cartwright keeps them as a sponsor of
I'm still calling for Secunia to be dropped as a sponsor of
Full-Disclosure mailing list and it to be funded by public donations
instead.
If someone like SANS Internet Storm Center took over Full-Disclosure
mailing list that would make a lot of sense actually.
Full-Disclosure should be
I can confirm the same behavior on a Cisco PIX 501 running 6.3(5).
Port numbers are incremented sequentially by one...
On Fri, 11 Jul 2008 11:01:33 -0400 Thomas Cross [EMAIL PROTECTED]
wrote:
Riad,
Thanks for testing this. A number of other readers wrote me
privately
confirming your
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200807-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*** NETRAGARD ADVISORY ***
http://www.netragard.com
We make IT Safe
[Advisory Summary]
-
Please nominate Mr.DNS aka Dan Kaminsky for Most Overhyped Bug on the
Pwnie Awards 2008.
I have heard about the vulnerability and have concluded its just
clever marketing PR work to keep the profits rolling in for the
Blackhat conference.
Infact, the vulnerability is old, and has been around for
n3td3v wrote:
Please nominate Mr.DNS aka Dan Kaminsky for Most Overhyped Bug on the
Pwnie Awards 2008.
Perhaps if you bothered to read anywhere close to as much as you
write, you would have seen that Dino, one of the judges, specifically
disqualified this bug from the Pwnies for being too
n3td3v wrote:
I'm still calling for Secunia to be dropped as a sponsor of
Full-Disclosure mailing list and it to be funded by public donations
instead.
How much have you donated so far?
If someone like SANS Internet Storm Center took over Full-Disclosure
mailing list that would make a lot
On Fri, 11 Jul 2008 13:22:31 PDT, Sandy Vagina said:
People should ignore this and post the exploit to Full-Disclosure
before Blackhat conference to fuck up the Blackhat profits and show
everyone how lame the exploit actually is.
Turned down your talk submission on secret stuff I do with
On Fri, Jul 11, 2008 at 9:22 PM, Sandy Vagina [EMAIL PROTECTED] wrote:
n3td3v wrote:
Please nominate Mr.DNS aka Dan Kaminsky for Most Overhyped Bug on the
Pwnie Awards 2008.
Perhaps if you bothered to read anywhere close to as much as you
write, you would have seen that Dino, one of the
thongs.
http://www.iloveanything.com/order/w5.asp?custom=n3td3vI1.x=74I1.y=20
On 7/11/08, n3td3v [EMAIL PROTECTED] wrote:
I'm still calling for Secunia to be dropped as a sponsor of
Full-Disclosure mailing list and it to be funded by public donations
instead.
..snipped
--On Friday, July 11, 2008 15:27:25 -0600 Shawn Merdinger [EMAIL PROTECTED]
wrote:
thongs.
http://www.iloveanything.com/order/w5.asp?custom=n3td3vI1.x=74I1.y=20
Who's going to thing them?
--
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.
Hi,
I noticed an interesting side-effect of the co-ordinated DNS patching after the
news broke out on Tues July 8th. Some DNS servers started seeing more than
normal amount of query traffic, most likely due to the fact that the patched
DNS clients and resolvers had their caches reset and hence
Well quite clearly Dino is a faggot then.
Earlier, you wanted people to submit this to Dino to vote on. Now that
it has been pointed out to you that it doesn't qualify, he's not
worthwhile. Nice flip-flop.
I want Dino whoever he is to come on Full-Disclosure and explain
what's awesome about
On Fri, Jul 11, 2008 at 10:54 PM, Supranamaya Ranjan [EMAIL PROTECTED] wrote:
Hi,
I noticed an interesting side-effect of the co-ordinated DNS patching after
the news broke out on Tues July 8th. Some DNS servers started seeing more
than normal amount of query traffic, most likely due to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:138-1
http://www.mandriva.com/security/
On Fri, Jul 11, 2008 at 11:27 PM, Sandy Vagina [EMAIL PROTECTED] wrote:
Well quite clearly Dino is a faggot then.
Earlier, you wanted people to submit this to Dino to vote on. Now that
it has been pointed out to you that it doesn't qualify, he's not
worthwhile. Nice flip-flop.
I want Dino
n3td3v escreveu:
On Fri, Jul 11, 2008 at 11:27 PM, Sandy Vagina [EMAIL PROTECTED] wrote:
Well quite clearly Dino is a faggot then.
Earlier, you wanted people to submit this to Dino to vote on. Now that
it has been pointed out to you that it doesn't qualify, he's not
worthwhile.
On Jul 11, 2008, at 7:58 PM, n3td3v wrote:
No wonder your name is Sandy Vagina, you're probably one of the whores
getting fucked by one of these researchers on a beach after Blackhat
and will be invited back to the yacht for an orgy fest of bullshit,
yes these faggots are laughing all the
29 matches
Mail list logo
