[Full-disclosure] ZDI-12-101 : IBM Cognos tm1admsd.exe Multiple Operations Remote Code Execution Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-101 : IBM Cognos tm1admsd.exe Multiple Operations Remote Code Execution Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-12-101 June 27, 2012 - -- CVE ID: CVE-2012-0202 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Ve

[Full-disclosure] ZDI-12-102 : Novell iPrint Client nipplib.dll GetDriverSettings realm Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-102 : Novell iPrint Client nipplib.dll GetDriverSettings realm Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-102 June 27, 2012 - -- CVE ID: CVE-2011-4187 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- A

[Full-disclosure] ZDI-12-103 : Apple Quicktime Dataref URI Buffer Remote Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Correcting Subject line - -Original Message- From: ZDI Disclosures Sent: Wednesday, June 27, 2012 10:38 AM To: 'full-disclosure@lists.grok.org.uk'; 'bugt...@securityfocus.com' Cc: ZDI Disclosures Subject: -BEGIN PGP SIGNED MESSAGE- -

[Full-disclosure] ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-104 June 27, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: SA

[Full-disclosure] -----BEGIN PGP SIGNED MESSAGE-----

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-103 : Apple Quicktime Dataref URI Buffer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-103 June 27, 2012 - -- CVE ID: CVE-2011-3459 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: App

[Full-disclosure] ZDI-12-105 : Apple Quicktime Text Track Descriptor Parsing Remote Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-105 : Apple Quicktime Text Track Descriptor Parsing Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-12-105 June 27, 2012 - -- CVE ID: CVE-2012-0664 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Apple

[Full-disclosure] A new research about next gen crawling in pen test scanners

A pretty good one. Wish I had a working version.. http://blog.watchfire.com/wfblog/2012/06/automated-blackbox-crawling-the-next-generation.html -Bobo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

As has been stated, this won't work on co-hosted sites. The more reliable way to do this is to fake the DNS on your own machine by adding the IP address to the HOSTS file (/etc/hosts on UNIX/Linux/Mac, C:\Windows\System32\Drivers\Etc\hosts on most Windows boxes): # Comment describing why you're d

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

On Mon, Jun 25, 2012 at 2:49 PM, Jardel Weyrich wrote: > And you're trying to impersonate someone by using my email address as > sender? I don't get it. If you're whitelisted on full-disclosure, perhaps your email address was used to get past the moderation queue to post some spam (which is what

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

Hi, > Do you know? Even in DNS take down you can youcan access your > favourite sites. The More interesting question is: how possible is a complete "DNS takedown"? I don't feel that this is a real danger to the internet. >From technical Site, DNS is decentral. All the Rootservers are designe

Re: [Full-disclosure] [SE-2012-01] Security weakness in Apple QuickTime Java extensions (details released)

> The more surprising it is to see a vendor's > response downplaying the importance of the issue found in its code that can > actually contribute to the full blown attack against the users of its > software. This is apple you're talking about, are you really that surprised? Cheers Ramo On Jun 2

[Full-disclosure] OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components

Hi @ll, the OpenLimit reader ( and ), an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, su

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

And of course: HTTPS://2915183139 On 25 June 2012 16:27, Nate Theis wrote: > And don't forget > > lists.grok.org.uk 127.0.0.1 > > On Jun 25, 2012 11:15 AM, "Jardel" wrote: >> >> Do you know? Even in DNS take down you can youcan access your favourite >> sites. >> >> People may think that in DNS s

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lol, in fact, if you search that IP in DuckDuckGo one of the first results is a tutorial about how to "fake" your email address: http://howdysam.info/2012/05/how-to-sent-the-fake-mail-to-any-email-id-via-any-email-id/ And the most fun part is that in

Re: [Full-disclosure] www.LEORAT.com is scam

Hey all He is such a bloody cheat.. Now they are trying to gain faith of people by displaying their fake professionalism. But cheaters are always cheaters. All mentioned addresses are fake and even everyone knows that anyone can have virtual numbers of mentioned countries. Who cares..!! There is n

[Full-disclosure] Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Advisory ID: cisco-sa-20120627-webex Revision 1.0 For Public Release 2012 June 27 16:00 UTC (GMT

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

I think he was referring to a DNS blockade ala SOPA. Though the suggestion was painfully obvious (and that I pointed out the HOSTS file a few days back) it does show the level of complete ignorance on the part of any legislator who thinks a DNS blockade will, in any way, affect access to pirate