Pavuk Digest Authentication Buffer Overflow Vulnerabilities
I. Synopsis
Pavuk is a package designed for mass document retreival. Pavuk is
scriptable, and supports several advanced features, including several
classes of authentication. NTLM, Basic, and Digest, are among those
supported.
II. Vul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: mod_ssl
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: webmin
Advisory ID:
On Tue, 27 Jul 2004 23:40:32 +0100
"The Central Scroutinizer" <[EMAIL PROTECTED]> wrote:
> Presumably they are a variant Beagle itself on someones system who has
> Full Disclosure in their address book ? Or someone is playing lame
> hoping to infect a Full Disclosure reader ?
Wich shouldn't be so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: postgresql
Advisory ID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: XFree86
Advisory ID:
Presumably they are a variant Beagle itself on
someones system who has Full Disclosure in their address book ? Or someone
is playing lame hoping to infect a Full Disclosure reader ?
- Original Message -
From:
Todd Towles
To: 'The Central Scroutinizer' ; [EMAIL PROTECTED]
Todd,
Err, I do not follow your English, the
meaning or your reasoning to your repeated posting ?
TCS
- Original Message -
From:
Todd Towles
To: 'The Central Scroutinizer' ; [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 9:24
PM
Subject: RE: [Full-Disclosure] Da
On Jul 26, 2004, at 11:26 AM, Joshua J. Berry wrote:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hey FD,
I have seen some information about the file I received on Friday. It is
malware for sure.
I was the only person in the company to receive it. It isn't detectable by
my up-to-date AV as of yet. Plus as we all saw this weekend it appeared to
grab news headlines.
Some of us found this har
I don’t know but I know the Netsky
team has some work to do. I had the Netsky team and I am going to lose a RED
BULL - if Beagle keeps going like it does. lol
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of The Central Scroutinizer
Sent: Tue
> I have sent it to a couple of people, maybe
> it was just someone messing with
> me.
Yo, Jones, thanks for the update. I was waiting for you guys to speculate
up whether or not that thing was a virus. Let us know what the experts
say. It's fun being on the cutting edge.
Do you have an analy
Where are these damb Beagles coming from
?
The Central Scroutinizer
I've noticed some issues with respect to the way some of defensivethinking's web pages handle and validate (or rather not validate) scripts.
Link: http://defensivethinking.com/contact/submit.php
Parameter: strFirstName=admin -> strFirstName=>"'>alert('Look mummy I'm on Big Kev's web site')Param
Made a mistake. I just tried with Mozilla Firefox 0.9 again and it's works
fine. The symbol in the URL window is from E-CQURITY. It's obviously their
logo. Didn't visit that site before. --ST
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Arjun
Pednekar
Sen
> I recently saw a posting on FocusIDS regarding the high cost
> of the most commercial solutions. The one mentioned was the
> QRadar product from Q1Labs. Don't get me wrong, we have a
> budget, we just don't have a Fortune 500 budget. :)
That would be me.. And I don’t have a fortune 500 budget
We have a corporate anti-virus system (AV company based out of Europe) that
I have access too and it is update to date. We normally see viruses before
IDEs are out and are used to handling them in that manner. Most of the time
we hold these unknown files until they are detectable. This file was sen
It doesn't seem to me that Adam said or did anything in asking his
question that should provoke such rude and condescending
responses. It was after all a pretty simple question. I think unless
you have something constructive to say you ought just ignore a
post instead of acting like you've somehow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 532-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 27th, 2004
Hello Trowel
I totally agree with you that (one of) the major problem(s) with security is
one of attitude and responsibility.
At the end of day these companies are business whose focus is on their
bottom line. Not on the security of their applications neither on the
security of their customers.
On Tuesday 27 July 2004 14:28, Todd Towles might have typed:
> Hey guys,
>
> I was able to finally get the file out of Outlook via add-on. The add-on
> moves file types from Level 1 to Level 2. Anyways, it wasn't detected as a
> virus and it is only 35 KBs in size. Kinda small.
35K is large enough
> Any body got an idea as to what is this.
Sure... another lost soul wandering through the valley. Did you perhaps
miss the warning signs at the gate?
Here are some appropriate places to start:
http://groups.google.com/groups?group=microsoft.public.win2000.dns
http://support.microsoft.com/search
hi,
On Tuesday 27 July 2004 14:01, Verma, Sachin wrote:
> Hi,
>
> I have a secondary dns server,which is internal to LAN and on windows 2000
> that is generating a lot of queiries for all the 13 root dns servers.The
> traffic is blocked by the firewall.But the strange thing that I have
> noticed is
But I really like good coffee. Is that so wrong? lol
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Willem Koenings
Sent: Monday, July 26, 2004 8:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [ok] [Full-Disclosure] Possible Virus/Trojan
hi,
Hi,
i would like to know from all ie auditing folks if there is a simple way to understand
in which zone a scripts (vbscript,jscript,hta) are executed.
I can't find online any resource about that.
-anon
___
Full-Disclosure - We believe in it.
Charte
Hey guys,
I was able to finally get the file out of Outlook via add-on. The add-on
moves file types from Level 1 to Level 2. Anyways, it wasn't detected as a
virus and it is only 35 KBs in size. Kinda small.
I planned on breaking it apart..but I went to the bar last night.
I have sent it to a
Hi,
I have a secondary dns server,which is internal to LAN and on windows 2000
that is generating a lot of queiries for all the 13 root dns servers.The
traffic is blocked by the firewall.But the strange thing that I have noticed
is that the source and destination port being the same i.e 53.Also th
hi fd,
got that too, starting at the 15.07. from these two addresses:
212.89.103.132
and 66.250.111.33
i have some ssh debug level 3 output from these attempts and tcpdupmp and
sebek
packets logged. but as the users are not existent on the systems, i don't
think it
would provide new info.
--On Monday, July 26, 2004 03:29:56 PM -0400 RBabb
<[EMAIL PROTECTED]> wrote:
This makes me feel better. I thought it odd that so many machines were
hitting my ssh server. I even blocked it at the firewall for a day or so.
Is anyone talking on what the bot system was that allowed them to
automate
Paul Schmehl wrote:
--On Thursday, July 22, 2004 10:47 AM -0400 Jay Libove
<[EMAIL PROTECTED]> wrote:
Here are some log entries from my system:
Jul 15 10:01:34 panther6 sshd[8267]: Illegal user test from 62.67.45.4
Jul 15 10:01:34 panther6 sshd[8267]: Failed password for illegal user
We've been
Hello,
> > The machine sending the queries is probably configured to use
> > your server as a complete DNS resolver and transfer all its queries
> > to your server.
> >
> Umm...I don't *have* a server at that address. In fact,
> there is no live
> host at all at that address. *That*, after all
--
ASPRunner Multiple Vulnerabilities
--
Online URL : http://ferruh.mavituna.com/article/?574
1) SQL Injection;
Severity : Moderatly Critical
2) Information Disclosure;
Severity : Low Critical
>>> "lsi" <[EMAIL PROTECTED]> 27/07/2004 11:14:20 >>>
> My current thoughts are something like this:
> U.*E.*s.*D.*B.*A.*o.*A.*A.*
> Still got newline prob though.
Careful -- that (corrected) regexp will overoptimistically match strings like: 'United
Arab Emirates branch seeks Data Base Administr
http://www.zone-h.org/en/defacements/filter/filter_defacer=Red_X/
click on mirror underneath view. is that the same picture? if the person
didnt access information, they probably did it for the "fame" of the script
kiddie community. zone-h.org hosts a defacement mirror like attrition.org
(RIP) use
how does this work? the starter script doesnt seem to do a thing in me? XP
SP1 IE6.0 SP1
~ praveen
- Original Message -
From: "Ben Lambrey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 25, 2004 1:04 AM
Subject: Re: [Full-Disclosure] one new trojan
> On Saturday July 24
Since the first MyDoom (which appeared almost six months ago, to the
day) I have been nice and snug behind my executable attachment
filter. And my zipfile attachment filter. But then MyDoom-M slips
past
The reason is because it puts spaces or newlines into its MIME. Very
smart. Appare
Hi,
>> I heard about a small thing going around about Bin Laden hanging himself
>> and some CNN reporters had pictures. But it was a virus. I didn’t hear
>> much about it, maybe it is a small time thing and they are just picking
>> people to spread the virus around.
Was posted to many newsgroups
Todd Towles wrote:
I heard about a small thing going around about Bin Laden hanging himself
and some CNN reporters had pictures. But it was a virus. I didn’t hear
much about it, maybe it is a small time thing and they are just picking
people to spread the virus around.
I've seen that with both b
38 matches
Mail list logo
