===
Ubuntu Security Notice USN-940-2 July 21, 2010
krb5 vulnerability
CVE-2010-1321
===
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This
I figured some of you would be interested in this since the ISC (and a lot
of others) are really making a huge deal about it..
http://www.attackvector.org/lnk-exploit-demonstration/
- matt
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2073-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
July 20, 2010
Interesting article and video on the modification and use of Spirit
jailbreak software to bypass the iphone passcode login and gain access
WITHOUT wiping out data stored on the iphone :
http://securitystartshere.org/page-vulns-jailpassing.htm
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2074-1 secur...@debian.org
http://www.debian.org/security/Giuseppe Iuculano
July 21, 2010
P.S.
If your site will be DDoSed from Google's servers or you will receive spam
from IBM's servers, than you will be knowing what type of botnets it is.
Pjear bitches.
Sent from my iPhone
On 20 Jul 2010, at 19:50, MustLive mustl...@websecurity.com.ua wrote:
Hello participants of
POC?
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of MustLive
Sent: 20 July 2010 19:51
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Sending spam via sites and creating spam-botnets
Yeah except that the same sort of technique was discussed, including
step by step guides, in the iphone forensics book.
On 21 July 2010 14:24, hmmrj...@gmail.com hmmrj...@gmail.com wrote:
Interesting article and video on the modification and use of Spirit
jailbreak software to bypass the iphone
You mean this book :
http://www.amazon.com/iPhone-Forensics-ebook/dp/B0026OR3BW ?
From what i gathered, this book was published in 2008 and Spirit jailbreak
was released in 2010.
So how can it contain the step-by-step of using the Spirit software to
bypass the passcode when Spirit didn't even
Well, for those of us who didn't buy the iPhone forensics book, it's nice that
someone shared the link.
t
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-
boun...@lists.grok.org.uk] On Behalf Of Fionnbharr
Sent: Wednesday, July 21, 2010 6:17 AM
He didn't really say they used spirit -- he said, the same technique.
Which, I presume means, taking advantage of the same flaw. Same
methodology. Not necessarily same tools.
I personally don't consider the same tool, the same 'technique'. It's what
the tool does. But if you do, then it's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: CDS Internet Streamer: Web Server Directory
Traversal Vulnerability
Advisory ID: cisco-sa-20100721-spcdn
http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
Revision 1.0
For Public Release 2010 July 21 1600
Yes, same exact story with different software. Pretty much, the only
difference is the tool they chose to modify. There are a few webcasts
in which I saw when they came out, where that iPhone forensics book
guy does a good hour webcasts on what he did and what more is
possible. Two different
Yeah, i second that - more videos = more helpful to everyone.
What i found interesting about this one though is that it didn't stop at
bypassing the code-lock but also alludes to what you can do to the phone
from a non-forensic standpoint, e.g. load in real-spyware (as in bugging
or some other
Hello Full-Disclosure!
I want to warn you about security vulnerability in coWiki.
Earlier I already wrote about XSS vulnerability in coWiki -
SecurityVulns ID:8005 (http://securityvulns.ru/Rdocument692.html).
-
Advisory: SQL Injection vulnerability in coWiki
Am 2010-07-16 20:06, schrieb Dimitry Andric:
That is definitely not the only reason. The longer a certificate (or
actually, any 'secret key') is being used, the larger the probability
that it will be compromised, either by an opponent brute-forcing it, or
by good ole' human error.
The
ZDI-10-136: Novell Teaming ajaxUploadImageFile Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-136
July 21, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Novell
-- Affected Products:
Novell Access Manager
-- TippingPoint(TM) IPS
ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-137
July 21, 2010
-- CVE ID:
CVE-2010-2703
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Hewlett-Packard
-- Affected
As everyone said more information is great, but I don't really like it
when sock puppets for companies mail to fd with a 'new technique'. I
say he's a sock puppet as hmmrjmm has only posted to the list twice
(or anywhere else on the internet with that address), both times about
ThinkSECURE.
From
This is in reply to all those emails which were sent to me privately. I felt
another full-disclosure is needed to make few things clear. I do not have
time to write back to each one of the critics.
--- My conversation with SMU (you will enjoy it) ---
1. Searched google found
20 matches
Mail list logo