|
|
Prev week |
Colapse all |
Post message
Re: Vulnerabilites in new laws on computer hacking 2006-02-16 Max Ashton (maxashton eml cc) Here here, Paul. Worried your test network isn't "real" enough? Make it better! Throw in IDS, patch management, whatever. As Paul suggested, get your buddies involved. I've seen workshops where people are designated "attacker" and "defender", objectives are obvious. If kids / pro's aren't smar [ more ] [ reply ] Vulnerability in WinRAR - Phishing based 2006-02-16 preben watchcom no Phishing through WinRAR 3.51 ---------------------------- Credit to: Preben Nyløkken Tested on version: 3.51 Vendors site: www.rarlabs.com Vendor status: Tried contacting without luck. Description: Due to the build-up of WinRAR, some vital parts of the programs functions and url's are visible [ more ] [ reply ] Re: Vulnerabilites in new laws on computer hacking 2006-02-16 Jon Gucinski (Jgucinski midwestbank com) Wow...this is definitely a big can of worms to open... I both agree and disagree with your stance. Hopefully I'm caffeinated enough to express my reasoning clearly. While I don't feel like elaborating too much, my drive to become an InfoSec professional was driven mostly by the hacker scene/cultu [ more ] [ reply ] RE: Vulnerabilites in new laws on computer hacking 2006-02-15 Anthony Cicalla (Anthony Cicalla BankServ com) I would have to say that I agree with you in what you have said. I am a young security professional with a cissp, but growing up I did not have the $ to be able to purchase vmware and all the software to setup a test environment. I also bet that most of you between ages 12 - 16 had the minimum 500. [ more ] [ reply ] Malware that breaks SSL via Pharming {Emerging Threat} 2006-02-15 Lance James (bugtraq securescience net) [operational update] Looking behind the smoke screen of the Internet 2006-02-18 Gadi Evron (ge linuxbox org) In the following (quick & dirty) write-up (which is too big for sending into bugtraq) I start by discussing some recent threats network operators should be aware of, such as recursive DNS attacks. Also, a bit on the state of the Internet, cooperation across different fields and how these latest th [ more ] [ reply ] [FLSA-2006:175406] Updated Apache httpd packages fix security issues 2006-02-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2006:152809] Updated squid package fixes security issues 2006-02-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2006:168935] Updated openssh packages fix security issues 2006-02-18 Marc Deslauriers (marcdeslauriers videotron ca) [ GLSA 200602-10 ] GnuPG: Incorrect signature verification 2006-02-18 Thierry Carrez (koon gentoo org) SLQ Injection vulnerability in WPCeasy 2006-02-18 murfie gmail com My first vulnerability report :) Description: "WPC.easy" is a database generated website with a dynamic on-line administration suite which allows for product updates, editing, deleting, image upload and price changes. "WPC.easy" is powered by a Secure Database. vendor: http://www.webpagecity.com/ [ more ] [ reply ] ADOdb Library Cross Site Scripting 2006-02-18 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research February 18, 2006 ########################################################## # Vendor : John Lim # URL : http://adodb.sourceforge.net/ # Version : ADOdb <= 4.71 # Risk : Cross Site Scripting ########## [ more ] [ reply ] RCblog exploit [fun] 2006-02-18 hessam hessamx net #!/usr/bin/perl # # RCBlog 1.0.3 / 1.0.2 # Exploit by Hessam-x (www.hessamx.net) # Name : RCBlog (www.fluffington.com # version : 1.0.3 / 1.0.2 # manual exploiting: # index.php?%20post=../config/password # use LWP::Simple; print "-------------------------------------------\n"; print "= [ more ] [ reply ] [OpenPKG-SA-2006.003] OpenPKG Security Advisory (openssh) 2006-02-18 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [OpenPKG-SA-2006.002] OpenPKG Security Advisory (sudo) 2006-02-18 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Coppermine Photo Gallery <=1.4.3 remote code execution 2006-02-18 rgod autistici org - Coppermine Photo Gallery <= 1.4.3 arbitrary local/remote inclusion: --------- - 18/02/2006 5.09.55 ----------------------------------------------------------- ------------------------------------------------------------------------ -------- software: site: http://coppermine-gallery.net/index.php d [ more ] [ reply ] Re: Internet Explorer Phishing mouseover issue 2006-02-18 Paul Szabo (psz maths usyd edu au) Ken Hollis (aka Gandalf) wrote: > Has anybody seen this before? I know that the mouseover issues ... > > [FORM action=http://malicious/stuff] > [a href="https://trusted/site"] > [INPUT ...][/a] Does not seem to be a mouseover issue, but seems identical to Internet Explorer/Outlook Express Res [ more ] [ reply ] [ MDKSA-2006:043 ] - Updated gnupg packages fix signature file verification vulnerability 2006-02-17 security mandriva com [ MDKSA-2006:041 ] - Updated bluez-hcidump packages fix buffer overflow vulnerability 2006-02-17 security mandriva com Re: dotproject <= 2.0.1 remote code execution 2006-02-17 milw0rm Inc. (milw0rm gmail com) "With register_globals turned off none of these attacks are possible." So is there going to be a update to fix the insecure code or is your fix going to remain as so: (register globals must be off to run dotproject) /str0ke On 2/15/06, Adam Donnison <adam (at) saki.com (dot) au [email concealed]> wrote: > I responded to thi [ more ] [ reply ] Re: Java script exploit 2006-02-18 Jose Nazario (jose monkey org) ps, this decodes to the following HTML snippet (i have deliberately obfuscated the tags): [iframe src=http://63.134.215.88/a/ height=0 width=0][/iframe] here's how i arrived at that. there's a free command line JavaScript interpreter that can help with evaluating malicious javascript. i did the po [ more ] [ reply ] Re: Java script exploit 2006-02-18 Jose Nazario (jose monkey org) On Fri, 17 Feb 2006 gandalf (at) digital (dot) net [email concealed] wrote: > I just receieved this exploit, I have looked around and all I could find > lately are the following Java issues: Gentoo Linux Security Advisory > GLSA 200601-10 - Sun and Blackdown Java: Applet privilege escalation > I don't have the Java knowledge [ more ] [ reply ] Re: Java script exploit 2006-02-18 3APA3A (3APA3A SECURITY NNOV RU) Dear gandalf (at) digital (dot) net [email concealed], This piece of HTML has nothing to do with java. It has javascript. Javascript generates equivalent of <IFRAME SRC="http://63.134.215.88/a/" height="0" width="0">. It will not work for patched Outlook Express because e-mail works in restricted hosts zone. --Frid [ more ] [ reply ] Re: Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines. 2006-02-18 3APA3A (3APA3A SECURITY NNOV RU) Dear porkythepig (at) anspi (dot) pl [email concealed], This is a case of 'real' stack structure overflow, not stack buffer overflow (stack overrun) as you maybe think. The process' stack is exhausted because of recursive call. Exploitation of this situation to execute code may be hard, if possible. -- ~/ZARAZA [ more ] [ reply ] [eVuln] CALimba Authentication Bypass Vulnerability 2006-02-17 alex evuln com New eVuln Advisory: CALimba Authentication Bypass Vulnerability http://evuln.com/vulns/68/summary.html --------------------Summary---------------- eVuln ID: EV0068 CVE: CVE-2006-0693 Software: CALimba Sowtware's Web Site: http://www.errebit.com/opensource/index.php?rb=calimba Versions: 0.99.2, 0.99 [ more ] [ reply ] |
|
Privacy Statement |
You use the analogy of trespassing to describe unauthorized access to a
computer system or it's resources. I agree with you but I think a point
was missed...
The laws being passed today against *cyber crime* far exceed the basic
property laws. If someone gains access to a system he does
[ more ] [ reply ]