Quick update on the winamp issue.
A new version 5.07 has been released and includes a fix for
the buffer overflow in the IN_CDDA.dll module.
Change Log
http://www.winamp.com/player/version_history.php
New Release
http://www.winamp.com/player/
Regards
Brett Moore
Network Intrusion Specialist,
I lost a college roommate in the the WTC and my brother is in Iraq
now. I don't care if the terrorists go by the Geneva Convention. We should,
we are a civilized people and should remain that way. If we decided who is
covered and who isn't during times of war we run the risk of becoming
Hi,
I'm posting it here, the Mozilla guys didn't want to answer or even
confirm this bug. No idea whether this one is exploitable or not, I'll
leave that over to the readers of these lists.
Bye,
Niek van der Maas
MaasOnline
http://maas-online.nl/
Mozilla Products Remote Crash Vulnerability
[EMAIL PROTECTED] wrote on 12/03/2004
07:50:36 PM:
And if the spammers don't like my packets being sent to their
system,
all they have to do is send me a polite e-mail asking to be removed
from my flood-list. It is really quite simple!
Wow. Obviously you are not responsible for
Excuse me, but could this discussion (now completely OT) be taken off this
list and continued elsewhere (alt.soc.politics for instance) ?
Thank you kindly.
Greg Seither
From: Dave D. Cawley [EMAIL PROTECTED]
I lost a college roommate in the the WTC and my brother is in Iraq
now. I don't
The exploit list (10 most recent) is now available as a RSS feed. See
http://exploitwatch.org for details.
Best regards,
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Hi,
Bob Smith wrote:
The Internet has always been about vigilante justice. Aside from
exceptionally egregious cases of wrongdoing, like sexually explicit
material with children, fraud, or flagrant piracy, the Internet
exists and operates beyond the boundaries of any one nation's laws.
It is up
On Fri, 03 Dec 2004 21:52:30 GMT, n3td3v said:
I think heads should roll over this. I think its the worst act a
corporation has ever undertaken in the history of the internet.
Hmm.. I don't know. Verisign's hijacking of *.com wildcards and several
different Microsoft stunts may very well
On Sat, 04 Dec 2004 19:55:31 PST, Michael R. Schmidt said:
Have you read the Geneva Convention? Or better yet The United Nations
International Covenant on Civil and Political Rights. Read it, the whole
thing, and then bitch and moan. Do you really think Terrorists live by it?
Has it occurred
Well they've removed the Stay Tuned under the logo. I wonder if this
means anything.
Thanks,
n3td3v
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Mon, 6 Dec 2004, Giovanni Delvecchio wrote:
PoC:
===
Read a local file by inner.HTML method:
HTML
BODY onLoad=ReadFileContent()
iframe name=local_file src=file:///etc/passwd height=0
width=0/iframe
form name=module
NEW: http://news.zdnet.com/2100-1009_22-5474963.html
TITLE: Antispam screensaver downs two sites in China
--
pub 1024D/553A49A5 2004/09/22 vigilaro (der wachter) [EMAIL PROTECTED]
Key fingerprint = DD07 4DC8 C434 8FD3 C0F3 5A6C 2376 B26C 553A 49A5
sig 553A49A5 vigilaro (der
(gdb) c
Continuing.
[New Thread 147461 (LWP 10836)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 10810)]
0x4a8b in GlobalWindowImpl::MakeScriptDialogTitle () from
/usr/lib/mozilla/components/libgklayout.so
(gdb) bt
#0 0x4a8b in
Michael R. Schmidt wrote:
Is putting a murderer in jail too much for you too?
Cause that is the end justifying the means
Are you saying that a murderer going to jail justifies the murder?!? Or
are you saying that the murderer being in jail justifies the
trial/investigation? Or are you
Self regulate is NOT self retaliate.
Why not? Why can't retaliation be a form of regulation? Is your
objection in general, or is there a specific to this case?
To go back to a previous message; in attacking spammers, I see the end
result as being the greater good. Despite what another
Okay, so I asked about this in another thread, but it wasn't really
picked up, and I don't want to let it go.
There is a fairly serious (and obvious) risk of Denial of Service in
many web applications that rely on back-end databases. As a previous
message stated, on many web apps, small HTTP
Jason wrote:
It is an effective method to make your voice heard using a different
form and it is not only acceptable it is a form of peaceful protest IMHO.
My question is how effective at stopping spam can it actually be?
For this to work, you not only have to DDoS dedicated SPAM systems, you
http://news.netcraft.com/archives/2004/12/06/lycos_ends_antispam_effort_denies_downing_spam_sites.html
OK folks, its over.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Well, its now officialy offline; the project has been stopped.
On Mon, 6 Dec 2004 17:19:33 +, n3td3v [EMAIL PROTECTED] wrote:
Well they've removed the Stay Tuned under the logo. I wonder if this
means anything.
Thanks,
n3td3v
___
This is not a vulnerability, it is expected behavior.
Mozilla shares the same zone design as IE which means that a file from the
local file zone can read any other file from the local file zone. You cannot
use this approach to read a local file from another zone such as the Internet
zone. From
This crash was fixed today.
FYI - simple unexploitable crashes are generally not considered security
issues by mozilla.org. With unexploitable crash I mean something that
will only allow you to crash the product. An example of exploitable
crash would be a buffer overflow, which often causes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: nfs-utils
Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: lvm
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: ImageMagick
Advisory
Thank god we have dumb monkeys to paste output from gdb regarding
issues they don't understand. Oh, when I say monkey, I mean it as a
racial slur. I would hate to be vague here :D
PERFECT.MATERIAL
___
Full-Disclosure - We believe in it.
Charter:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
These days, its rare to see a windows BOX without an
AV. But, there are still lot of windows boxes without
Proper critical security patches and will be... I'd
compare see those computers as a castle with security
guards at front door but a open hole in the back door.
Here I see a similar
On 06 Dec 2004, at 12:54, james edwards wrote:
http://news.netcraft.com/archives/2004/12/06/
lycos_ends_antispam_effort_denies_downing_spam_sites.html
OK folks, its over.
Ended a couple days ago, actually.
PGP.sig
Description: This is a digitally signed message part
28 matches
Mail list logo
