|
|
Colapse all |
Post message
Re: On product vulnerability history and vulnerability complexity 2006-04-04 Steven M. Christey (coley linus mitre org) On Tue, 4 Apr 2006, Javor Ninov wrote: > So you mean that XSS is not trivial and difficult to spot ? > For today code XSS is unacceptable and speaks very [poorly] for the > author. A lot of XSS might be "lame," but some of it is rather interesting and complex. Our terminology might not be preci [ more ] [ reply ] Black Hat Call for Papers and Registration now open 2006-04-03 Jeff Moss (jmoss blackhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey BugTraq readers, This is just a quick note to let you know that Black Hat USA 2006 registration and Call for Papers is now open. We expect another outstanding program, and with the addition of more floor space at Caesars Palace we are able to bri [ more ] [ reply ] RE: recursive DNS servers DDoS as a growing DDoS problem 2006-04-04 Geo. (geoincidents nls net) > We have done just this (block inbound udp/53) to certain subnets due to a > rash of CPEs that happily proxy DNS, including recursive queries, > from their WAN side. What devices? Is this a default or something customers are configuring? > Ingress/Egress filtering did not help because the traffic [ more ] [ reply ] Re: recursive DNS servers DDoS as a growing DDoS problem 2006-04-04 Anton Ivanov (arivanov sigsegv cx) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim wrote: >> All it takes is to throttle traffic from the resovers to outside >> the ISP network to a reasonably low value. Depending on the ISP >> this is usually in the low Kbits. All it takes is a moderate >> amount of competence in the ISP: > > > [ more ] [ reply ] RUXCON 2006 Call for Papers 2006-04-04 cfp ruxcon org au RUXCON 2006 CALL FOR PAPERS RuxCon would like to announce the call for papers for the fourth annual RuxCon conference. This year the conference will commence during the 30th of September and the 1st of October, over the long weekend. As with previous years, RuxCon will be held at the University [ more ] [ reply ] Bypassing ISA Server 2004 with IPv6 2006-04-03 Romain Le Guen romainl com (1 replies) When IPv6 is active on an interface of an ISA Server 2004, it seems that IPv6 packets are not filtered and bypass the firewall. I try to send an ICMP IPv4 packet through the network to ISA Server, this packet was dropped, then i try an ICMP IPv6 packet which successfully works ! The same kind of t [ more ] [ reply ] SYMSA-2006-002: McAfee WebShield SMTP Format String Vulnerability 2006-04-04 CS_Advisories Mailbox (CS_Advisories_Mailbox symantec com) [ MDKSA-2006:062 ] - Updated dia packages fix buffer overflow vulnerabilities 2006-04-03 security mandriva com [ MDKSA-2006:064 ] - Updated MySQL packages fix logging bypass vulnerability 2006-04-03 security mandriva com Re: recursive DNS servers DDoS as a growing DDoS problem 2006-04-02 Geo. (geoincidents nls net) (1 replies) > 1. Resolvers and Authoritative nameservers must be separate and > authoritative nameservers must have recursion turned off. Otherwise > there is no way to throttle only recursive queries. Great, for small ISP's you just doubled the number of machines they need to dedicate to DNS. > 2. In a small [ more ] [ reply ] Re: recursive DNS servers DDoS as a growing DDoS problem 2006-04-04 Anton Ivanov (arivanov sigsegv cx) SQL Injection in Softbiz Image Gallery 2006-03-31 xx_hack_xx_2004 hotmail com Hello Vulnerable: Softbiz Image Gallery http://www.softbizscripts.com Exploit : http://example.com/imagegallery/image_desc.php?id=[SQL] http://example.com/imagegallery/template.php?provided=[SQL] http://example.com/imagegallery/suggest_image.php?cid=[SQL] http://example.com/imagegallery/insert_r [ more ] [ reply ] Re: On product vulnerability history and vulnerability complexity 2006-04-03 Steven M. Christey (coley linus mitre org) On Mon, 3 Apr 2006, Gadi Evron wrote: > Looking at Microsoft's software of today, it is extremely well-written > and professional. Far beyond that of most others. Finding > vulnerabilities in them is extremely difficult. Most vulnerabilities you > will find will be logical in nature and not easy. [ more ] [ reply ] |
|
Privacy Statement |
Ubuntu Security Notice USN-267-1 April 03, 2006
mailman vulnerability
CVE-2006-0052
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubunt
[ more ] [ reply ]