> Date: Thu, 17 Feb 2005 12:20:30 -0500
> From: "iDEFENSE Labs" <[EMAIL PROTECTED]>
> Subject: [Full-Disclosure] iDEFENSE Labs Website Launch
> To: ,
> <[EMAIL PROTECTED]>,
>
> Message-ID:
> <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="us-ascii"
>
> iDEFENSE Labs i
==
Secunia Research 18/02/2005
- Yahoo! Messenger Audio Setup Wizard Privilege Escalation -
==
Table of Contents
Affected Software.
==
Secunia Research 18/02/2005
- Yahoo! Messenger File Transfer Filename Spoofing -
==
Table of Contents
Affected Software
Hi there,
Did you guys spot this? Three vulnerabilities in IE that lead to remote code
execution when combined. Discovered by Andreas Sandblad, apparently fixed by
the latest cumulative IE patch (MS05-014), but not confirmed by MS.
http://secunia.com/secunia_research/2004-8/advisory/
I do miss h
On Fri, Feb 18, 2005 at 07:53:29AM -0500, Edge, Ronald D wrote:
> > Date: Thu, 17 Feb 2005 12:20:30 -0500
> > From: "iDEFENSE Labs" <[EMAIL PROTECTED]>
> > Subject: [Full-Disclosure] iDEFENSE Labs Website Launch
> > To: ,
> > <[EMAIL PROTECTED]>,
> >
> > Message-ID:
> > <[EMAIL PROTECT
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200502-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Hat-Squad.com set a proper on that 5years old
hole.
Clean code class101.org,
class101.hat-squad.com
Here it is for a quick view on the
list:
/*3com 3CDaemon FTP Unauthorized "USER" Remote
BOverflow
The particularity of this exploit is to exploits a
FTP serverwithout the need of any auth
==
Secunia Research 18/02/2005
- Yahoo! Messenger File Transfer Filename Spoofing -
==
Table of Contents
Affected Software
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200502-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
==
Secunia Research 18/02/2005
- Yahoo! Messenger Audio Setup Wizard Privilege Escalation -
==
Table of Contents
Affected Software.
Can someone provide me a link to the classic (short) essay,
of 1400s I think; that explains full disclosure in the art
of lock making?
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED]
_
###
Luigi Auriemma
Application: TrackerCam
http://www.trackercam.com
Versions: <= 5.12
Platforms:Windows
Bugs: A] User-Agent buffer-overflow
B] PHP argume
Rudimentary Treatise on the Construction of Locks, Charles Tomlinson,
1853.
http://www.deter.com/unix/papers/treatise_locks.html
My favorite line is as follows:
"Rogues are very keen in their profession, and already know much more than
we can teach them respecting their several kinds of roguery."
great job...
this had been discovered by myself over a year ago,
but was only released as a internal to a project
i was under an NDA when i discovered it
cheers,
Donnie
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclos
On Fri, Feb 18, 2005 at 01:17:49PM -0600, James Longstreet wrote:
>Rudimentary Treatise on the Construction of Locks, Charles Tomlinson,
>1853.
>
>http://www.deter.com/unix/papers/treatise_locks.html
>
>My favorite line is as follows:
>"Rogues are very keen in their profession, and already know muc
Hello,
Is this adviso or all other adviso related to the status bar spoofing a
joke
If not then Mozilla, Firefox and some other's browsers are vulnerable
to this kind off spoofing .
Take a look :
http://www.zataz.net/dev/lol-browser-spoofing.html
Vulnerable :
Mozilla (all versions)
I
Edge, Ronald D wrote:
> Funny. All I get is a blank white page. Could it be you are expecting me
> to trust your site, turn off all my defenses, turn on scripting, to view
> the page? You're kidding right, this is just a joke to test participants
> gullibility, right?
Sarcasm noted, but that _is_
Joachim Schipper to "Edge, Ronald D":
> > Funny. All I get is a blank white page. Could it be you are expecting me
> > to trust your site, turn off all my defenses, turn on scripting, to view
> > the page? You're kidding right, this is just a joke to test participants
> > gullibility, right?
>
>
[EMAIL PROTECTED]
Secunia Research 18/02/2005
- Yahoo! Messenger Audio Setup Wizard Privilege Escalation -
==
Table of Contents
Affected Software.
Nick FitzGerald wrote:
Seems you need to upgrade to Wetware/1.01. With that Wetware will
quickly note that the "trick" to navigating iDEFENSE's site is to add
"&flashstatus=true" or "&flashstatus=false" (the latter is probably
more generally preferable) to the end of its internal links, and tha
Ill will wrote:
just like just about every other webserver gets hacked, they use third
party server software that hasnt gone through enough rigorous testing
to make sure its not vulnerable to any flaws.. simple search on google
will give you the answer
I don't doubt the concept of what you're sa
0day cuz i'm bored
/*
* Knox Arkeia Server Backup
* arkeiad local/remote root exploit
* Targets for Redhat 7.2/8.0, Win2k SP2/SP3/SP4, WinXP SP1, Win 2003 EE
* Works up to current version 5.3.x
*
* ---
*
* Linux x86:
* ./arksink2
*
* Exports an xterm to the box of your choosing. Mak
On Fri, 18 Feb 2005 16:04:52 EST, bkfsec said:
> Are you aware of any server software that has been so rigorously tested
> that it has no flaws at all?
>
> That would be one hell of a find...
"Testing can reveal the presence of flaws, but not their absence" -- E. Dijkstra
So yeah, it *would*
Hi!everyone
I'm looking for a book capable of helping someone
inovate in the art of hacking my hint is book titled
Shellcode of shell word.I'm pretty sure it begins with
the word shell.plse send more info and location of
possible buy.
Thanks
Jack
> Hi!everyone
> I'm looking for a book capable of helping someone
> inovate in the art of hacking my hint is book titled
> Shellcode of shell word.I'm pretty sure it begins with
> the word shell.plse send more info and location of
> possible buy.
perhaps your referring to the shellcoders handbook?
A joke ? ;-)
Secunia says,
"It is by default possible for script code to manipulate information
displayed in the status bar. However, an error allows manipulation of the
status bar without using any script code (e.g. in the "Restricted sites"
zone)."
It is important that Outlook Express users m
On Fri, 2005-02-18 at 14:57, morning_wood wrote:
> great job...
> this had been discovered by myself over a year ago,
> but was only released as a internal to a project
> i was under an NDA when i discovered it
And they did nothing about it for a full year?
--
404 <[EMAIL PROTECTED]>
Textbox Net
27 matches
Mail list logo