[Full-disclosure] tools: patch for thc hydra v5.4

: -add a dependency checks for openssl needed for SIP module -modify checks for libpq.so for Postgresql module -new module for Netware NCP -new module for Firebird database if you have comments, ideas or patches to exchange, please contact me off list cheers, david maciejak dma-hydra-5.4

[Full-disclosure] Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability

. cheers, David Maciejak ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability

David Maciejak wrote: Hi, Playing around with privilege escalation I found that WLM 8.0, 8.1 and probably newer (since live call feature in fact) are vulnerable to a local privilege escalation issue. It's not a critical flaw. The problem occurs when livecall.exe process is launch

Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass

I should have detect this! Find enclosed an nasl file to use with nessus scanner. david What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This

Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9

Also available in Metasploit framework: http://metasploit.com/projects/Framework/modules/exploits/freesshd_key_exchange.pm david maciejak Hi all, Attachment is the POC exploit for freeSSHd version 1.0.9 Advisories: http://www.securityfocus.com/bid/17958 http://www.frsirt.com/english

[Full-disclosure] Ipswitch WhatsUp Professional multiple flaws

on an opensource project: http://gnms.rubyforge.org David Maciejak ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Re: WebCalendar User Account Enumeration Weakness

/user.php' can be Invalid login Invalid login: incorrect password Invalid login: no such user The weakness has been confirmed in version 1.0.1, 1.0.2, 1.0.3. Other versions may also be affected. David Maciejak ___ Full-Disclosure - We believe

[Full-disclosure] WebCalendar User Account Enumeration Weakness

confirmed in version 1.0.1, 1.0.2, 1.0.3. Other versions may also be affected. David Maciejak ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Juniper NSM remote Denial Of Service

(the test is about every 5 min). Proof of Concept: I am not intent to publicly disclose the PoC. Workaround: Upgrade at least to NSM FP4r1 also known as 2005.1 Thanks to quick responses from Juniper Security Team. David Maciejak

[Full-disclosure] Edgewall Trac SQL Injection Vulnerability

/TracDownload Thanks for the quick fix of the Trac Team ! David Maciejak KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] Apache Tomcat 5.5.x remote Denial Of Service

request to be long) -Thread many listing access on this directory Workaround: Upgrade to version 5.5.12 David Maciejak KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr