Dear Mr. Poehls,

I think Microsoft does not consider metadata attached to a document as part of the document and so they decided not to include it in the content protected by the certificate.

This fits the way we use attaching metadata during the process of categorization to enable retrieval of a

[ more ]  [ reply ]

: Discovery by: Sw33t h4cK3r

: POWERED BY: MKPortal M1.1

-----------

Exploit :

http://Example.com/index.php?ind=gallery&op=foto_show&ida=(sql)

[ more ]  [ reply ]

Affects: OpenOffice 2.3.0 and 2.2.0 and possibly older versions

I. Background

OpenOffice is a opensource suite containing several programs to

handle Office documents like text documents or spreadsheets.

The latest version uses an XML based document format (ODF).

OpenOffice allows docum

[ more ]  [ reply ]

Mr. HinkyDink would like to share the following with the Security Community...

---------- Forwarded message ----------
From: <dink (at) mrhinkydink (dot) com [email concealed]>
Date: Dec 12, 2007 6:05 PM
Subject: Websense 6.3.1 Filtering Bypass
To: thesecuritycommunity (at) gmail (dot) com [email concealed]

Please share this with your little friends..

[ more ]  [ reply ]

An added note on this...

Customers do not need to download nor install any new patch for this
fix. It was automatically updated and installed with our nightly
protocol signature updates.

-----Original Message-----
From: full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]
[mailto:full-disclosure-bounce

[ more ]  [ reply ]

Affects: Microsoft Office 2007 (12.0.6015.5000)

MSO (12.0.6017.5000)

possibly older versions

I. Background

Microsoft Office is a suite containing several programs to

handle Office documents like text documents or spreadsheets.

The latest version uses an XML based doc

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01299773
Version: 1

HPSBUX02296 SSRT071504 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as pos

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01294212
Version: 1

HPSBUX02294 SSRT071451 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

[ more ]  [ reply ]

Title: Multiple Security Bugs In Hosting Controller

Critical: Extremely critical

Impact: Full system administrator access

Vendor: Hosting Controller

Version: 6.1 Hot fix <= 3.3

Vendor URL: www.hostingcontroller.com

Solution: N/A From company - There is temporary solution in this report

Exploi

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-550-3 December 13, 2007
libcairo regression
https://launchpad.net/bugs/175573
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu

[ more ]  [ reply ]

Apparently this SMTP server crashes when creating a mail poorly trained causing a denial of service.

Proof-of-concept

HELO ../A/ * 950

MAIL FROM: ../A/ * 950

RCPT TO: ../A/ * 950

data

../A/ * 950

.

Juan Pablo Lopez Yacubian

http://fuzzertina.blogspot.com/

[ more ]  [ reply ]

iDefense Security Advisory 12.11.07
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 11, 2007

I. BACKGROUND

Microsoft DirectShow, part of Microsoft DirectX, is used for the capture
and playback of multimedia streams on Microsoft Windows systems.
Synchronized Accessible Media Interchange

[ more ]  [ reply ]

rPath Security Advisory: 2007-0264-1
Published: 2007-12-12
Products:
rPath Linux 1

Rating: Minor
Exposure Level Classification:
Remote User Deterministic Information Exposure
Updated Versions:
mod_dav_svn=conary.rpath.com@rpl:1/1.2.3-8.1-1
subversion=conary.rpath.com@rpl:1/1.2.3-8.1

[ more ]  [ reply ]

I would guess someone is trying to hide a phishing page in a frontpage looking folder rather than it actually being a frontpage issue.

[ more ]  [ reply ]

iDefense Security Advisory 12.11.07
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 11, 2007

I. BACKGROUND

Internet Explorer is a graphical web browser developed by Microsoft
Corp. and included as part of Microsoft Windows since 1995. The
setExpression method is commonly used to assign

[ more ]  [ reply ]

Just to rehash this for my own clarity, and perhaps that of others, this is not a defect in Media Player Classic so much as a defect in the 3ivx codec. If one were to use a different codec to decode MP4 content this defect would not exist.

This is similar to a defect in Adobe Acrobat Reader browser

[ more ]  [ reply ]

Trying this again since the lists apparently do not like me.

This would sound more like an issue in frontpage extensions than cpanel itself.

On Dec 12, 2007 8:16 AM, Francisco Pecorella <pecorelf (at) gmail (dot) com [email concealed]> wrote:
> Folks,
>
> I have been seen some phishings installed in servers with
> cPanel11/We

[ more ]  [ reply ]

Hello, Amit,

> However, it seems that your proposal only attempts to address one consequence of
> predictable TCP source ports, namely blind TCP attacks (in all fairness, it appears that the
> object of your proposal is to solve the blind TCP attacks, rather than the issue of predictable
> TCP sour

[ more ]  [ reply ]

Affects: Microsoft Office 2007 (12.0.6015.5000)

MSO (12.0.6017.5000)

possibly older versions

I. Background

Microsoft Office is a suite containing several programs to

handle Office documents like text documents or spreadsheets.

The latest version uses an XML based d

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1428-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ dann frazier
December 11th, 2007

[ more ]  [ reply ]

Folks,

I have been seen some phishings installed in servers with
cPanel11/WebHostManager but installed on folders like _vti_cnf,
_private, etc.

Do you know about a new exploit for cPanel 11/WHM or a new
vulnerability to gain control over those servers?

--
Regards,
FP

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:244
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1430-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
December 11, 2007

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1431-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
December 11, 2007

[ more ]  [ reply ]

ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow

Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-07-076.html

December 11, 2007

-- CVE ID:

CVE-2007-3039

-- Affected Vendor:

Microsoft

-- Affected Products:

Windows 2000 SP4

Windows XP SP2

-- Tipping

[ more ]  [ reply ]

ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-07-075.html

December 11, 2007

-- CVE ID:

CVE-2007-5344

-- Affected Vendor:

Microsoft

-- Affected Products:

Internet Explorer 6

Internet Explorer 7

-- TippingPoint(TM)

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1429-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steve Kemp
December 11, 2007

[ more ]  [ reply ]

ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory

Corruption Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-07-074.html

December 11, 2007

-- CVE ID:

CVE-2007-3903

-- Affected Vendor:

Microsoft

-- Affected Products:

Internet Explorer 6

Internet Explorer

[ more ]  [ reply ]

ZDI-07-073: Microsoft Internet Explorer setExpression Code Execution

Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-07-073.html

December 11, 2007

-- CVE ID:

CVE-2007-3902

-- Affected Vendor:

Microsoft

-- Affected Products:

Internet Explorer 5.01 SP4

Internet Explorer

[ more ]  [ reply ]

+Note: This is being released without Meridian or CERT approval.
Meridian has been dragging their feet and has shown no good intent
since I first tried to contact them. My guess is that they will be
following all of my releases claiming I was uncooperative. The only
information Meridian ever soug

[ more ]  [ reply ]