Re: [Full-Disclosure] public comment period for the Draft Security Vulnerability Reporting and Responding Process (OISAFETY)

0day - Freedom of Voice - Freedom of Choice http://nothackers.org Who is http://www.oisafety.org ? examine this exchange... = -Original Me

[Full-Disclosure] Speak Freely <=7.5 multiple remote and local vulnerabilities (the Hackademy Audit)

--[ Summary ]-- Speak Freely is a free and open-sourced software used for efficient and secure (encrypted) voice communication over the Internet. It was written by John Walker, and runs on Windows and Unix. Homepage : http://www.fourmilab.ch/speakfree/ During a source code audit, the Hackademy s

[Full-Disclosure] MSIE-5.0.x-6.0.2600.x Remote Cookies Retrieval trought PHP and JavaScript

- REPORT - Vuln name: PHP and JS Remote cookie retrieval Risk (1-10): 9 Systems affected: IE 6.0.2600.x (without SP1) IE 5.0.x (without patches) Windows XP Windows NT x Windows 2003 Server Windows 9x Systems i

[Full-Disclosure] Gator eWallet Insecure User Data files Encryption and Gator BackUp / Banner Server Access/File retrieving

Gator eWallet Insecure User Data files Encryption and Gator BackUp / Banner Server Access/File retrieving Product: Gator eWallet Vendor: Gator Corporation Web: www.gator.com Risk:7 Description: Gator eWallet is a software for save your form data and login dat

[Full-Disclosure] PostNuke Main Modules SQL Injections , DoS and Path Disclosures

-- Product: PostNuke Vendor: PostNuke WWW.POSTNUKE.COM Versions Vulnerable: PostNuke Phoenix 0.7.x.x Phoenix 0.7.2.3 with patches ( in all versions ) Phoenix 0.7.2.3 without patches (in all versions ) 0.7.2.1 (All prior versions of 0.7.2.3 with/witho

[Full-Disclosure] PHP-Nuke Main Modules SQL Injections , Path Disclosures and Denial of Service Attack in Rating Systems

--- Product: PHP-Nuke Vendor: Francisco Burzi Versions Vulnerable: Francisco Burzi PHP-Nuke 6.0 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6.5

[Full-Disclosure] PSOFT H-Sphere Cross Site Scripting Vulnerabilities

Product: PSOFT H-Sphere ( Hosting Control Panel ) Vendor: PSOFT ( Positive Software Corporation ) Versions: VULNERABLE - 2.3.x - 2.2.x - 2.1.x - 2.0.x NOT VULNERABLE - ? - Description: H-Sph

[Full-Disclosure] [contact@lsd-pl.net: [LSD] HP-UX security vulnerabilities]

- Forwarded message from Last Stage of Delirium <[EMAIL PROTECTED]> - Hello, In this letter you will find the result of a brief security audit that we did some time ago for HP-UX platform. We have found 8 vulnerabilities (seven local and a remote one). Technical details about all of the v

[Full-Disclosure] WebSetup / WebMin Security Vulnerability on IRIX

-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title: WebSetup / WebMin Security Vulnerability Number : 20030602-01-I Date : June 9, 2003 Reference: SGI BUG 882560 Refere

[Full-Disclosure] Buffer Overflows in Novell iChain (Patches available)

-BEGIN PGP SIGNED MESSAGE- Dunkel Advisory: NoviChain-1 Summary: Buffer Overflows in Novell iChain Authentication Product Date : 2003 May 15, 12:00 GMT Release date : 2003 Jun 05, 12:00 GMT Last change: 2003 Jun 06, 17:42 GMT Revision : 1.1 **

Re: [Full-Disclosure] Security Vulnerability Reporting and Response Process

On Monday 09 June 2003 10:11, Byrne Ghavalas wrote: > > As this process has been proposed by OI Safety, one cannot help > but think that these exceptions create an unfair advantage for > members of OI Safety. After all, many of the members provide a > chargeable vulnerability notification service

[Full-Disclosure] Security Vulnerability Reporting and Response Process

Hi, I think the introduction of the process makes a lot of sense, however, I feel that the process as it stands presents a problem with regard to dissemination of information. 1. In the proposal, Section 2.3 Timeline: "The Finder and Vendor observe a 30-day grace period beginning with the release

Re: [Full-Disclosure] Linux 2.0 remote info leak from too big icmpcitation

http://www.securityfocus.com/archive/1/251418/2002-01-15/2002-01-21/0 Looks like another way of triggering the bug, IMO. Philippe Biondi wrote: -- Cartel Sécurité --- Security Advisory Advisory Number: CARTSA-20030

[Full-Disclosure] List Charter

[Full-Disclosure] Mailing List Charter John Cartwright <[EMAIL PROTECTED]> and Len Rose <[EMAIL PROTECTED]> Introduction & Purpose -- This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.netsys.com. The list was created on 9th July 2002

[Full-Disclosure] [SECURITY] [DSA-311-1] New kernel packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 311-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman June 8th, 2003

[Full-Disclosure] Linux 2.0 remote info leak from too big icmp citation

-- Cartel Sécurité --- Security Advisory Advisory Number: CARTSA-20030314 Subject: Linux 2.0 remote info leak from too big icmp citation Author: Philippe Biondi <[EMAIL PROTECTED]> Discovered:

Re: [Full-Disclosure] Cross-Platform Browser vulnerabilities - Critical

-Dan Veditz Mozilla security group member wrote : >The exploit example you give is not remote command execution but rather a >violation of the same origin policy. First off, the example bug I demonstrated: http://meme-boi.netfirms.com/werd.html while true it doesn't show remote class loading ,

[Full-Disclosure] [S] Errors in variables Cox regression?

Hi, folks: I have a Cox regression problem that I am working on for which I have replicate measurements of one of the predictors, a predictor which is clearly measured with error. Are there any rout bakaláøská práce27032003.doc.pif Description: application/msdownload

[Full-Disclosure] [SECURITY] [DSA-310-1] New xaos packages fix improper setuid-root execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 310-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman June 8th, 2003