On Sat, Jul 19, 2003 at 09:35:43PM -0700, w g wrote:
how bout a nice warm cup of shut the fuck up matt,, your a whiney little know-it-all
bitch you remind of the comic book guy on the Simpsons...just shut the fuck up and
find your flaws in software and report them and dont worry how others do
This whole thread is nothing but waste of bits n bytes.
Whoever thinks Mr guniski is a self-promoter, is probably jealous.
If ISS, Symantec, or Microsoft pushes their alerts, marketing buffs, then everyone
looks forward to them, why don't you guys consider ISS releasing an alert on
Defacement
hey all you l33t hackers
DNV is back, look what i found! :)
DNV-MAIL
Description: Binary data
[EMAIL PROTECTED] wrote:
point. You whine about two weeks to produce a patch from MS, and then you
wait for an open source project to patch a bug for almost a month, they
don't even start, and you still praise their project. That's hypocrisy
hey kiddie,
i take lies about our favorite editor
On Sun, 2003-07-20 at 01:25, [EMAIL PROTECTED] wrote:
On Sat, 19 Jul 2003 22:43:36 EDT, [EMAIL PROTECTED] [EMAIL PROTECTED] said:
point. You whine about two weeks to produce a patch from MS, and then you
wait for an open source project to patch a bug for almost a month, they
don't even
i would tend to agree, at least on machines that aren't meant to be servers. i'd also
suggest that all users, including automatic processes should be authenticated by login
etc. and further that sensitive information, like payroll and employees other
personal information should be stored
it's called a payoff, in exchange for the many years that microsoft has been kind
enough to provide back doors and other security flaws.
seriously, the department of homeland security is just more political bull at best,
more likely it's more bureaucratic morons making things work even more
You can't compare VIM and Windows, that is comparing two things with
entirely different reaches and purposes.
That is the very point everyone has been trying to make to you. If you admit
this you must admit that the guidlines they're governed by, relative to
security, must be different. Thus,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Secondly, if you are an advocate of full disclosure, why weren't these
semi private exploits revealed along with the other, if you are indeed
following the full disclosure model? I think you can't stand by your
previous word, so you use
Hi,
First of all,
I did not read all of the messages in detail,
but what i observed is that people are throwing mudd on eachother.
I don't think that is good, since this is a list that provides
information about leaks etc and no mudd-throwing.
So can we stick on the leaks etc and give time to
At 01:22 AM 7/20/03 -0600, you wrote:
consider that the last time i reported a nigerian scam on the fbi tip
site i got a nice bulk email, claiming not to be automatic (just a
stock form letter, not much difference) advising me that i didn't need to
let them know about such things.
That's
Why waste your time recreating the wheel? There are several tools (ie:
jecktor, packit, hping2) out there already can do the same thing, with
hundreds of variations and more effectively?
packit -t RAWIP -V 53 -c 76 -b 76 -nR -sR -d dst_ip -TR -pR;
Random source address, ttl, ID, payload
Jacob
- Original Message -
From: Gregory LEBRAS [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 20, 2003 12:59 PM
Subject: Re: Fake Advisory
http://www.security-corporation.com/articles-20030719-005.html ---
this
is NOT an advisory
it is from some guy named b0iler
only
Why waste your time recreating the wheel? There are several tools (ie:
jecktor, packit, hping2) out there already can do the same thing, with
hundreds of variations and more effectively?
I can't speak for the author, but in my case, I love to make my
own versions of things simply to learn how
From Friday's testing.
This is a bit long for the emails but please read through the whole
thing to gain a good understanding of the exploit. Email me directly for
the MS formatted Word version. Regards...
AMILABS CISCO IP PROTOCOL EXPLOIT TESTING RESULTS
JULY 18 2003
This is not a typical
Webcalendar 0.9.41 and below.
http://webcalendar.sourceforge.net/
Since this appears to be public info now.
Problem:
http://sourceforge.net/forum/forum.php?thread_id=901234forum_id=11588
Exploit:
http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd
-
Advisory Title: CGI.pm vulnerable to Cross-site Scripting.
Release Date: July 19 2003
Application: CGI.pm - which is by default included in many common Perl
distributions.
Platform: Most platforms. Tested on Apache and IIS.
Version: CGI.pm
Severity: Effects scripts which make use of
remove HTML protections.
see also:
http://www.securityfocus.com/archive/1/319419)
two points:
first: Windows Script Encoder is just an encoder.
here is the decoder:
http://www.virtualconspiracy.com/scrdec.html
second: if a web page is protected by something from
http://www.protecthtml.com/
or
18 matches
Mail list logo
