[Full-Disclosure] Kayako eSupport v2.3.1 Support Tracker XSS Vulnerability

http://www.google.com/search?q=%22Powered+By+kayako+eSupport%22+%22search+the+entire+knowledgebase%22 1290 customers according to Google. http://support.kayako.com/index.php?_a=knowledgebase_j=questiondetails_i=2nav=[XSS]nav2=General%20eSupport%20QA Vendor notified by their access log files

Re: [Full-Disclosure] Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185

On Mon, Feb 14, 2005 at 11:24:00AM -0700, James Lay wrote: Subject line says it alljust did a fresh install of WinXP SP2was using MBSAFU to make sure it would patch...which it did. However Windows Update shows still needing KB887742 and KB886185. MBSA shows no critical patches need

[Full-Disclosure] [USN-82-1] Linux kernel vulnerabilities

=== Ubuntu Security Notice USN-82-1 February 15, 2005 linux-source-2.6.8.1 vulnerabilities CAN-2005-0176, CAN-2005-0177, CAN-2005-0178 http://oss.sgi.com/archives/netdev/2005-01/msg01036.html

[Full-Disclosure] [HAT-SQUAD] Findjmp2

Findjmp is a tiny tool originally released by Eeye, it's used to scan for call/jmp/pushret offsets. Findjmp2 additions by Hat-Squad : pop/pop/ret scanner , logging to file. Im temporaly fixing my new domain, here is a second domain to my website get sources and binaryat

[Full-Disclosure] [ZALUPA] POC - IE Flash Remote Command Exec

Yet still guninski much poor than bill gates Tested on fully patched IE on XPSP2, FireFox/Mozilla just crashes. The POC is trying to start notepad.exe ( turn your audio-system ON ) POC: http://img220.exs.cx/my.php?loc=img220image=amovie7vw.swf

RE: [Full-Disclosure] Re: [Mailman-Developers] mailman emailharvester

But cutting off 82% even before the DATA command is not too shabby. OTOH it is a sign on how bad mail has become if more than 80% are plain junk even without looking at the content. Amd it is going to get worse from here!

[Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185

Hi James, I have the same problem, also anothers.The command line mbsacli has different functionality problems.To resolve this problem I use GFI Lan Guard Scanner 6.0.Until now it resolve patch problems(detection and distributions of these). Regards, Ionut Stanescu BRD - Groupe Société

RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185

KB887742: A computer that is running Microsoft Windows XP Service Pack 2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft Windows Server 2003 unexpectedly stops. Additionally, the following Stop error message appears on a blue screen: Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT).

[Full-Disclosure] linux kernel 2.6 fun. windoze is a joke

Georgi Guninski security advisory #73, 2004 linux kernel 2.6 fun. windoze is a joke Systems affected: linux kernel 2.6.10, probably earlier 2.6. 2.4 not tested Date: 15 February 2005 Legal Notice: This Advisory is Copyright (c) 2004 Georgi Guninski. You may not modify it and

[Full-Disclosure] harddisk encryption

hi, sorry for my late answer and for breaking the thread. below you can find the original post: i'm evaluating a software that performs harddisk encryption for deploying in my company. the software in question is utimaco safeguard easy v4.10 (www.utimaco.com) running on w2k. i am interested in

[Full-Disclosure] ASPjar Guestbook login.asp not official patch

..::x0n3-h4ck.org Italian Security Team::.. ASPjar Guestbook login.asp not official patch Application: Aspjar Guestbook Version: 1.0 Bug: Sqj injection Vendor : not attainable DETAILS Supply in the password field ' or ''=', this should allow you to bypass the authentication process used by

RE: [Full-Disclosure] harddisk encryption

Comments on hard drive encryptors: 1. If the encryptor encrypts your boot disk, it has to be involved early in the boot process and may be broken by anything that changes the system boot sequence. On the whole such a product would likely need two different drivers, one of which would change

[Full-Disclosure] Harddisk encryption

Title: Harddisk encryption I have been looking at harddisk encryption and the question I have is: How does one enter the password on a Tablet without a keyboard, on hard disk encryption software that has Pre-Boot Authentication. One company I found to have a good selection of OS's and data

Re: [Full-Disclosure] Harddisk encryption

On Tue, 15 Feb 2005 10:42:01 PST, Dyke, Tim said: I have been looking at harddisk encryption and the question I have is: How does one enter the password on a Tablet without a keyboard, on hard disk encryption software that has Pre-Boot Authentication. That's easy, you take the stylus and

[Full-Disclosure] [ GLSA 200502-20 ] Emacs, XEmacs: Format string vulnerabilities in movemail

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200502-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[Full-Disclosure] [ GLSA 200502-21 ] lighttpd: Script source disclosure

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200502-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

Re: [Full-Disclosure] the fun continues with milw0rm.com

milw0rm will not go quietly into the night!!! That sucks... any idea who's DOSing you, and why? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] New Internet Explorer Beta

This new beta that Gates unveiled today looks like it will include the AntiSpyware software free. Gates claims improved security in this new version, yet just days ago a new virus that attacks AntiSpyware was released. I think MS needs to rework its security department and go back to the

Re: [Full-Disclosure] harddisk encryption

I've not looked at utimaco. I've been evaluating PC Guardian http://www.pcguardian.com/ to deploy within our enterprise. It has performed better than other we have tested. - Original Message - From: Lentila de Vultur [EMAIL PROTECTED] To: full-disclosure@lists.netsys.com Sent: Tuesday,

Re: [Full-Disclosure] New Internet Explorer Beta

danjr wrote: SNIP initiative. If IE is ever to regain some of the share it has lost to Firefox, these simulanteous announcements from Microsoft and the news about continuing security vulnerabilities needs to stop. On a related topic Microsoft's whole Anti-Spyware suite running on top of a new

[Full-Disclosure] MDKSA-2005:038 - Updated emacs/xemacs packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandrakelinux Security Update Advisory ___ Package name: emacs Advisory ID:

[Full-Disclosure] In case y'all didn't catch it yet...

SHA-1 is showing it's age: http://www.schneier.com/blog/archives/2005/02/sha1_broken.html tim ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] New Internet Explorer Beta

The growth in usage of Mozilla Foundation's Firefox browser is driven by factors that are not inherently sustainable. Gartner has warned firms considering migrating to Firefox, an open-source browser from Mozilla, to think carefully. Additionally, now that Firefox and other non-Microsoft browsers

Re: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185

Ping Microsoft.. they were not classified as Security patches [not assigned 05-### numbers ergo they aren't on MBSA] As Richard stated, they aren't security bulletins. Heck I'd LOVE to get 835734 for the SBS 2003 platform merely on Windows Update and honestly I can't wait for WUS or whatever.