Re: [Full-Disclosure] ExploitLabs - URGENT 0day Alert!!

Roy S. Rapoport wrote: On Tue, Jun 17, 2003 at 03:31:25AM +, Donnie Weiner wrote: -- EXPL-NOTHCKR-A1-31337-2003-00010 exploitlabs.com Advisory 0010 --

Re: [Full-Disclosure] ExploitLabs - URGENT 0day Alert!!

wow youre so cool, can i fuck your mom in the ass raw dog with no lube?Donnie Weiner <[EMAIL PROTECTED]> wrote: --EXPL-NOTHCKR-A1-31337-2003-00010 exploitlabs.com Advisory 0010---

Re: [Full-Disclosure] Infobot-backdoor

im sure we know the difference between kiddies and such... kiddies are ones who use others tools and have no knowledge whatsoever on how they work... me on the other hand have crafted these tools from assembly (masm a.k.a. assembly) so tell me now that im till a kiddie bitch...or couse we can all m

Re: [Full-Disclosure] ExploitLabs - URGENT 0day Alert!!

On Tue, Jun 17, 2003 at 03:31:25AM +, Donnie Weiner wrote: > -- > EXPL-NOTHCKR-A1-31337-2003-00010 exploitlabs.com Advisory 0010 > -- > -= How To M

[Full-Disclosure] ExploitLabs - URGENT 0day Alert!!

-- EXPL-NOTHCKR-A1-31337-2003-00010 exploitlabs.com Advisory 0010 -- -= How To Make A mIRC Bot =- morning_wood June 16, 2003 exploitlabs.com Vunerabi

[Full-Disclosure] [SECURITY] [DSA-322-1] New typespeed packages fix buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 322-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman June 16th, 2003

[Full-Disclosure] weasel32

Hi All --I have recently created a new project on SF called weasel32. It will be the open-source Win32 equivalent of nessus orSAINT (SATAN) on *nix boxes. Now.. here comes the pitch.. would anyone be interested on helping in the development pro

[Full-Disclosure] [SECURITY] [DSA-323-1] New noweb packages fix insecure temporary file creation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 323-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman June 16th, 2003

[Full-Disclosure] weasel32

Hi All -- I have recently created a new project on SF called weasel32. It will be the open-source Win32 equivalent of nessus or SAINT (SATAN) on *nix boxes. Now.. here comes the pitch .. would anyone be interested on helping in the development proce

Re: [Full-Disclosure] Infobot-backdoor

Since when do lamers with no security knowledge whatsoever get permission to flame? Everybody check out http://www.illmob.org to see "w g" a.k.a. Illwill's level of "skill". If you can't be bothered to look, I've pasted some of the "tools" made by this moron below: trILLian rape: by: illwill -

[Full-Disclosure] STG Security Advisory: JEUS Web Application Server Cross Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 STG Security Advisory: JEUS Web Application Server Cross Site Scripting Vulnerability Revision: 1.0 Date Published: 2003-06-17 (KST) Last Update: 2003-06-17 Product Description = JEUS (Java Enterprise User Solution) is a J2EE compatible web a

[Full-Disclosure] Re: Re: Morning Wood Poll

also sprach Shawn McMahon <[EMAIL PROTECTED]> [2003.06.16.1704 +0200]: > > > This would break both RFC-standard forms of digital signatures. > > > > Only one, no? > > Nope; S/MIME uses attachments too. Ah, I was thinking of inline PGP. -- martin; (greetings from the heart of the s

[Full-Disclosure] MDKSA-2003:067 - Updated ethereal packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: ethereal Advisory ID:

[Full-Disclosure] MDKSA-2003:068 - Updated gzip packages fix insecure temporary file creation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: gzip Advisory ID:

[Full-Disclosure] iDEFENSE Security Advisory 06.16.03: Linux-PAM getlogin() Spoofing Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 06.16.03: http://www.idefense.com/advisory/06.16.03.txt Linux-PAM getlogin() Spoofing Vulnerability June 16, 2003 I. BACKGROUND The Pluggable Authentication Module (PAM) is a flexible mechanism for authenticating users. Mor

Re: [Full-Disclosure] Re: Morning Wood Poll

On Fri, Jun 13, 2003 at 10:30:52PM +0200, martin f krafft said: > > > > This would break both RFC-standard forms of digital signatures. > > Only one, no? Nope; S/MIME uses attachments too. -- Shawn McMahon | Let every nation know, whether it wishes us well or ill, EIV Consulting| that

Re: [Full-Disclosure] Re: Administrivia: Poll

On Fri, Jun 13, 2003 at 06:54:56PM +0200, Andreas Gietl said: > > But i wonder if this may raise to legal problems for the moderators. Maybe > sometimes a vendor comes to the solution the disclosure of a security vuln > lead to damage. He may not get the "poster", but he will get the moderators.

Re: [Full-Disclosure] SRT2003-06-12-0853 - ike-scan local root format string issue

easctun wrote: > Just out of curiosity, is the below considered Full Disclosure? When > a user has to write the auther for PoC code or further information? Yes, it is. we may not like it - but it is the absolute right of the finder to release as much or as little of the exploit and/or advisory as t

[Full-Disclosure] Asp Chat - .ASP XSS / JS Injection

-- - EXPL-A-2003-008 exploitlabs.com Advisory 008 -- -= Asp Chat ( chat.asp ) =- morning_wood June 16, 2003 exploitlabs.com Vunerability(s)

[Full-Disclosure] Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal)

Summary: Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful mailing list server". The product suffeed from multiple vulnerabilities that range from access to files that reside outside the bounding HTML root directory (through dnying access to the server by causing the s

Re: [Full-Disclosure] Zone Alarm

On Fri, Jun 13, 2003 at 04:45:03PM +0100, Dave Howe wrote: > >> network access for programs. A HW firewall can only block a whole > >> machine but can't denied access for one software and allow access > >> for another software on the same machine. > > Never heard about proxies, did you? :-) > If p