Program: Postnuke Rogue release (0.72) (Latest).
HomePage: www.Postnuke.com/.org
Description:
PostNuke is a weblog/Content Management System (CMS). Whilst PostNuke is a fork of
PHP-Nuke, the entire core of the product has been replaced, making it far more secure
and stable, and able to work in
There are three different places in the directory index of LiteServe where
unsanitized user input is returned to the browser. The first is yet another
wildcard DNS vulnerability, the second centers around query strings.
Write-Up: http://www.techie.hopto.org/vulns/2002-37.txt
* DNS Wildcard XSS
On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security
Team wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
_
Mandrake Linux Security Update Advisory
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: Potential Denial of Service Vulnerability in RPC-based libc
Number : 20021103-01-P
Date : November 7, 2002
Reference:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: perl-MailTools
Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: nss_ldap
Advisory ID:
The main point behind the rants of these lame kids is that once their
little hacks and sploit tools are well known and defended against theres
far less havoc they can raise on other peoples systems and networks. Tis
the whole crux of their foundation. Pisses em off to have their "trade
secrets"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just received an email with some virus components
from kaspersky-labs.com. .o)
PossibleExploit.IFrame.FileDownload
and a README.EXE with I-Worm.Bridex
Here are the headers:
- - BEGIN HEADERS --
If anyone is interested the king of the stack contest is still going on.
you can check it out at http://www.bia-security.com/kots/
we are sill have not chose when the game should be declared finished but
until then it is open to anyone who wants to play
A LaMantia
--
-BEGIN PGP PUBLIC KEY
"Steven M. Christey" wrote:
>
> Very few vendor home pages (open/closed source, freeware or not) seem
> to make it easy to find a security contact, or advisory page, from the
> home page.
>
> Here's a quick look I just did from the home pages of various software
> providers. Your Mileage May V
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 191-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2002
>> my clients' computers. They also help better
>
> This isn't a shot at the author of this reply but his comment about the
> existance of tools help him help his clients helps illustrate something
> that lately has been making me sick enough to start rethinking things.
>
[...]
No offense taken. I
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated kerberos packages available
Advisory ID: RHSA-2002:242-06
Issue date:2002-11-07
Updated on:2002-11-06
Product:
I get flamed everytime I post to this list but here it goes anyways.
> > * security advisories are rarely based on original concepts
>
> Agreed.
There has been a lot of "XYZ found a vuln simular to this blah blah blah"
type advisories lately. But, a vuln is a vuln is a vuln is it not?
> And som
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
FYI starting today, Linksys has created the address
[EMAIL PROTECTED] to receive information on vulnerabilities within
any of their products.
Additionally the iDEFENSE advisory, 10.31.02a: Denial of Service
Vulnerability in Linksys BEFSR41 EtherFast C
> * security advisories are rarely based on original concepts
Agreed.
> * most of them are filled with lots of crap used to build up the
> reputation of
> the whitehat.
And sometimes enough information for me to repeat the test and check if
I'm also vulnerable.
> * whitehats should contact ve
Let's also not forget the systems people who would rather know about problems
so they can at least mitigate the situation by finding work-arounds, apply firewall
or router filters, and/or disable services.
It's unacceptable to be left in the dark, no matter what the cost because the people
who a
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-190-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
November 7, 2002
-
sockz loves you wrote:
* whitehats should contact vendors and not public forums as only the vendors can
release an update.
This is false. In open source, everyone has the chance to produce a patch, and I
have done it a few times, not being a vendor.
Why contact vendors if you don't like them
> or the ppl who change the expiry date on meat products in supermarkets so they
> can still be sold.
I thought the only people that did this were Australian Uni students
wanting to get top notch steaks at dogmeat prices?
The security industry too?
Point taken.
...
___
- Original Message -
From: [EMAIL PROTECTED]
Date: Thu, 7 Nov 2002 11:01:48 -
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Security Industry Under Scrutiny: Part One
> > -Original Message-
> > From: sockz loves you [mailto:sockz@;email.com]
> > Sen
> -Original Message-
> From: sockz loves you [mailto:sockz@;email.com]
> Sent: 07 November 2002 10:13
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: [Full-Disclosure] Security Industry Under Scrutiny: Part One
>
>
> Hello Full-Disclosure
Stefan Esser wrote:
On Wed, Nov 06, 2002 at 08:15:48PM +0200, Georgi Guninski wrote:
I. Apache and php were notified on Tue, 15 Oct 2002 18:16:40 +0300
The Apache guys seem to prepare a fix. The php guys replied this is known
for ages but did not provide reference for the claims.
It is know
Hello Full-Disclosure.
It has been some time since I last posted here. Please forgive my neglect. I
see that in my absense this whitehat shit has grown, those few of you who had
seen the errors of your ways have been replaced by morons who still don't
understand what is wrong with the securit
I recall a movie plot where the hacker/cracker/whatever installed a trojan
program via a computer game an administrator was playing, which was just as
believable at the time as it is now (unlike some of the hacking movies). I
can't remember the exact name, I think it started with s (but not
"sneake
25 matches
Mail list logo