This will recursively call a function again and again untill you've used up all
stack space: It's a stackoverflow DoS (NOT a bufferoverflow) it cannot be
exploited to elevate privilages.
Cheers,
SkyLined
- Original Message -
From: "Joseph Stone" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECT
Berend-Jan Wever wrote:
> I hope they fixed it by accident, seeing what the other option would
imply.
Certainly puts all that jive they've been spewing to the press in a
different perspective.
Microsoft has begun to investigate the Iframe vulnerability and has not
been made aware of any progra
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 586-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 8th, 2004
another ebay phish
http://www.ebay-verifications.biz/ws2/
header
X-Apparently-To: [EMAIL PROTECTED] via
216.109.119.82; Sun, 07 Nov 2004 14:17:22 -0800
X-YahooFilteredBulk:66.139.79.218
X-Originating-IP: [66.139.79.218]
Return-Path:<[EMAIL PROTECTED]>
Received: from
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Not a very good one..
Submitting with an empty field displayed the raw PHP code..
Seems to send to
mail("[EMAIL PROTECTED]","$userid","$userid $pass");
Below..
--8<---
$value) {
$str .= (strlen($str) < 1) ? '' : '&';
$s
See also.
http://www.commondreams.org/headlines04/1106-30.htm
> -Original Message-
> From: J.A. Terranson [mailto:[EMAIL PROTECTED]
> Sent: Monday, 8 November 2004 9:09 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: [Full-Disclosure] Blackbox: Elections f
Dear list,
I am currently working on the upcoming release 3.0 of my Attack Tool Kit
(ATK), an open vulnerability scanner and exploiting framework for
Windows.[1]
In this case I try to increase the accuracy of the pattern matching
based plugins to detect successfull web server vulnerability dete
Hi all,
In response to statements found at
http://news.com.com/Exploit+code+makes+IE+flaw+more+dangerous/2100-1002_3-5439370.html
"Microsoft is concerned that this new report of a vulnerability in
Internet Explorer was not disclosed responsibly, potentially putting
computer users at risk," the co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 587-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 8th, 2004
On Mon, 8 Nov 2004, Berend-Jan Wever wrote:
> In response to statements found at
> http://news.com.com/Exploit+code+makes+IE+flaw+more+dangerous/2100-1002_3-5439370.html
Yup.
But what amuses me most, is the following bit:
"Microsoft has begun to investigate the Iframe vulnerability and has no
huh!
Reviewing all the latest IE advisories, i believe they
are in a way attacking M$. So that its coutomers are
forced to choose another browser... due to the
security risks involved.
I will rate it as a birth of "E" - GORILLA WAR
stratigy? (o; of the minorities.
Can a company sue a pers
HP Tryed...
-KF
Can a company sue a person, for publishing
irresponsible sec. advisories as such? No offence. I
just wanna know your views. Afterall, the haxor is
reverse engineering the software. I don't know if M$
will ever fire a case against such ppl. in future with
a propaganda, TO PROTECT ITS
Can a company sue a person, for publishing irresponsible sec. ...
>> Don't know; Internet law is still very unclear in so many areas.
I found a shitty security issue in CyberGuard Firewall/Proxy some time ago; they were pretty upset about it. Went to the top as far as I understand it, to Pau
Michal Zalewski wrote:
On Mon, 8 Nov 2004, Berend-Jan Wever wrote:
In response to statements found at
http://news.com.com/Exploit+code+makes+IE+flaw+more+dangerous/2100-1002_3-5439370.html
Yup.
But what amuses me most, is the following bit:
"Microsoft has begun to investigate the Iframe vu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 588-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 8th, 2004
0wning the windoze population is not enough for m$.
they also want to 0wn the intellectual property of bugs and exploits in their
warez.
as much as i love them, i must admit they are lamers.
--
where do you want bill gates to go today?
On Mon, Nov 08, 2004 at 12:40:08PM +0100, Berend-Jan Wever
Is this list of URLs an answer to someone else's question, or just a
general list topics?
-Michael
On Fri, 5 Nov 2004 07:21:57 + (GMT), Richard Tan
<[EMAIL PROTECTED]> wrote:
>
> http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis/
> http://www.elcomsoft.com/aw2000pr.html
> http:/
Website: http://truste.org
Background:
TRUSTe® is an independent, nonprofit organization dedicated to
enabling individuals and organizations to establish trusting
relationships based on respect for personal identity and information
in the evolving networked world.
Through extensive consumer and We
Common laws in IT-security:
I° Micro$oft bugs law :
"a bug is a bug only if found in competitor's software (or if it
could be used in any commercial report to show Windoze
better&stronger than other OSes)."
II° Micro$oft bugs law :
"Windoze has only bugs that M$ said it has; every other bug, foun
On Mon, 08 Nov 2004 09:00:03 +0100, patryn said:
> "Microsoft is concerned that this new report of a vulnerability in
> Internet Explorer was not disclosed responsibly, potentially putting
> computer users at risk"
Is a black hat who plays by the rules still a black hat? :)
pgpH3HziocL8q.pgp
--On Monday, November 08, 2004 03:13:57 PM +0100 Michal Zalewski
<[EMAIL PROTECTED]> wrote:
Several days later, this statement surfaces in an article, showing beyond
any doubt that they are, quite simply, lying to the public to save face
and gain time.
As much as I am not a rabid Microsoft hater,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: ruby
Advisory ID:
Samba SMBD Remote Denial of Service Vulnerability
iDEFENSE Security Advisory 11.08.04
www.idefense.com/application/poi/display?id=156&type=vulnerabilities
November 08, 2004
I. BACKGROUND
Samba is an Open Source/Free Software suite that provides seamless file
and print services to SMB/CIFS clie
On Mon, Nov 08, 2004 at 01:33:17PM -0600, Paul Schmehl wrote:
> Never attribute to malice what can be explained by incompetence. Most
> likely what happened is the left hand (PR) didn't know what the right hand
> (secure@) was doing.
>
suppose your logic were right.
so, when m$ pr talk, they d
On Mon, 8 Nov 2004, Paul Schmehl wrote:
[ Moderators - feel free to kill this ]
> Never attribute to malice what can be explained by incompetence. Most
> likely what happened is the left hand (PR) didn't know what the right
> hand (secure@) was doing.
Highly unlikely; Microsoft Security Respo
===
Ubuntu Security Notice USN-20-1 November 08, 2004
ruby1.8 vulnerability
CAN-2004-0983
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Wartho
Dave Aitel wrote:
> This is another reason why studies comparing Microsoft's security to
Open Source security are always bizzare. They compare the entire set of
Linux vulnerabilities to a tiny subset of the bugs Microsoft knows
about, but pretends other people don't. WINS is a classic example.
Hi all,
In the past, the best way to bypass Windows File Protection (WFP) was
to attempt to set it to the known registry value that would shut it
down completely. This was the vector used by Code Red II and other
forms of malware. This technique was effective until Microsoft
changed this value t
Hello,
I am looking for a security contact within the USA wing of T-Mobile. All
attempts to contact the team via telephone are seemingly futile.
Does anyone have this information?
--
Jake Appelbaum <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
[Full-Disclosure] Mailing List Charter
John Cartwright <[EMAIL PROTECTED]> and Len Rose <[EMAIL PROTECTED]>
Introduction & Purpose
--
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.netsys.com.
The list was created on 9th July 2002
Anyone know how to convince the MPAA that they have received incorrect
information from ARIN ?
Telling them over and over again doesn't seem to work, and now their litigation
spam is getting tiresome.
Jason Coombs
-Original Message-
From: MPAACopyright <[EMAIL PROTECTED]>
Date: Mon,
32 matches
Mail list logo