I didn't see this as a DAP fail, is normal to have out because of network
configuration, but, how you can make your own Server to be detected as a
mirror of the file. I mean if you could do this is that a fact nut by know
for me is not a flaw.

What do you think?

-----Mensaje original-----
De: visi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This email is intended to provide contact information for reporting
vulnerabilities in Symantec products. If you believe that you have
discovered a vulnerability in one of Symantec supported products, we
encourage you to contact secure (at) symantec (dot) com. [email concealed]

I

[ more ]  [ reply ]

I'm passing this on for Patrice Fournier who is not around today.
------------------------------------------------------------------------
------

HylaFAX security advisory
4 Jan 2006

Subject: HylaFAX hfaxd and notify/faxrcvd vulnerabilities

Introduction:

HylaFAX is a mature (est. 1991) enterpri

[ more ]  [ reply ]

SYSCP WEBFTP LOCAL FILE INCLUSION VULNERABILITY

Thomas Henlich

DESCRIPTION

Thomas Henlich has discovered a vulnerability in WebFTP, which can be
used by remote attackers to disclose potentially sensitive information
and to compromise a vulnerable system.

Input passed to the "webftp_language" par

[ more ]  [ reply ]

I've seen graphs on the sans.org site indicating that traffic on this
port has seen a major rise. It sounds like something linux might be
vulnerable to. I've tried finding out what gives, but neither Google
nor the major security sites I've tried show any hits for "sbininitd",
other than to note

[ more ]  [ reply ]

Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability

iDefense Security Advisory 01.05.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364
January 05, 2006

I. BACKGROUND

BlueCoat WinProxy is an Internet sharing proxy server designed for small
to medium busines

[ more ]  [ reply ]

##Night_Warrior<Kurdihs Hacker>
##night_warrior771[at]hotmail.com
##CyberShop User Login Sql Injection
##Site:http://www.gencbeyin.gen.tr/cybershop/test

Code For User Login :

Username : ' or ''='
Password: ' or ''='

Contact :night_warrior771[at]hotmail.com
Night_Warrior<Kurdihs Hacker>

[ more ]  [ reply ]

____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | /_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/

.OR.ID
ECHO_ADV_25$2006

--------------

[ more ]  [ reply ]

On 01 February 2006 Frame4 Security Systems will launch their Malware Distribution Project (MD:Pro) service, which will offer developers of security systems and anti-malware products a vast collection of downloadable malware from a secure and reliable source, exclusively for the purposes of analysis

[ more ]  [ reply ]

Nice, seems to crash the intel graphics controller.

Here's a zip for your perusal.

Mario Contestabile
Developer , RadialPoint
marioc (at) computer (dot) org [email concealed]
Profile: https://www.linkedin.com/e/fps/3704298/

-----Original Message-----
From: 8ux1fpd02 (at) sneakemail (dot) com [email concealed] [mailto:8ux1fpd02 (at) sneakemail (dot) com [email concealed]]
Sent:

[ more ]  [ reply ]

Open Letter on the Interpretation of "Vulnerability Statistics"
---------------------------------------------------------------
Author: Steve Christey, CVE Editor
Date: January 4, 2006

All,

As the new year begins, there will be many temptations to generate,
comment, or report on vulnerability st

[ more ]  [ reply ]

What we really learn from this all WMF "thingie", is that when Microsoft
wants to, it can.

Microsoft released the WMF patch ahead of schedule
( http://blogs.securiteam.com/index.php/archives/181 )

Yep, THEY released the PATCH ahead of schedule.

What does that teach us?

There are a few options:

[ more ]  [ reply ]

New eVuln Advisory:
TinyPHPForum Multiple Vulnerabilities

--------------------Summary----------------

Software: TinyPHPForum
Sowtware's Web Site: http://www.ralpharama.co.uk/tpf/
Versions: 3.6 and earlier
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
Explo

[ more ]  [ reply ]

8ux1fpd02 (at) sneakemail (dot) com [email concealed] a écrit sur 2005-12-31 13:13:12 :

> Wow, a simple big jpeg completely crashes (and reboots) Windows XP
> SP2 with all the latest patches when viewed in IE6.
>
> -> DON'T GO with Internet Explorer if you don't want to crash: http:
> //www.geocities.com/teh_kids/index.html

[ more ]  [ reply ]

Blue Coat WinProxy Remote DoS Vulnerability

iDefense Security Advisory 01.05.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363
January 05, 2006

I. BACKGROUND

BlueCoat WinProxy is an Internet sharing proxy server designed for small
to medium businesses. In addition to Inte

[ more ]  [ reply ]

This is probably due to M$ thumbnail generation. You can disable that
and see if it fixes the problem...

grasshopa (at) securityfocus (dot) com [email concealed] wrote:

>I've tested the exploit on XP home and I've found that it does not even need a single click on my machine. Once the folder containing the file is open (this

[ more ]  [ reply ]

Evans, Arian wrote in
news:8654C851B1DAFA4FA18A9F150145F92502C16D7A (at) fnex01.fishnetsecurity (dot) com [email concealed]

> Here, let's make the rendering issue simple:
>
> Due to IE being so content help-happy there are a
> myriad of IE-friend file types (e.g.-.jpg) that one
> can simply rename a metafile to for purpose of

[ more ]  [ reply ]

Can someone *please* remove this post? The service this posting is referring to is not ready yet & I am guessing it has been leaked either via somebody working for us or as a result of the "interest" we have been getting in certain circles.

This service is not active until February 01, 2006, and we

[ more ]  [ reply ]

We just released a new version of the Metasploit Framework exploit module
for the Escape/SetAbortFunc code execution flaw. This module now pads the
Escape() call with random WMF records. You may want to double check your
IDS signatures -- most of the ones I saw today could be easily bypassed
or

[ more ]  [ reply ]

Greetings and Salutations:

I am requesting discussion on the below idea. I have seen this (in a very
crude way, see bottom) work. I suspect, however, that this idea could be
fine tuned to produce specific results.

Abstract:
As company partnerships increase, networking, databases and information

[ more ]  [ reply ]

veil_of_darkness (at) yahoo (dot) com [email concealed] wrote:

> Anyone know anything about:
> http://www.frame4.net/mdpro

It appears to be a "pay for" VX site.

There've been a couple already that, AFAICT, just faded away.

I mean, why pay for it when the bad guys shovel it at you faster than
most folk can keep up??

Regar

[ more ]  [ reply ]

Evans, Arian wrote:

> Due to IE being so content help-happy there are a
> myriad of IE-friend file types (e.g.-.jpg) that one
> can simply rename a metafile to for purpose of web
> exploitation, and IE will pull out the wonderful hey;
> you're-not-a-jpeg-you're-a-something-else-that-I-can-
> -autom

[ more ]  [ reply ]

All,
I think I was able to get the SAFER mechanism to block this for IE, and
any program covered under it. I know that there are other workarounds,
but I have found the SAFER approach has stopped every one of these sorts
of attacks. I have a vbscript that activates SAFER for IE, and various
other

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:239
http://www.mandriva.com/security/
_____________________________________________________________________

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Response
==============

This is the Cisco Product Security Incident Response Team (PSIRT)'s
response to the statements made by Oleg Tipisov in his message with
subject "Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
posted to Bugtra

[ more ]  [ reply ]

Wow, a simple big jpeg completely crashes (and reboots) Windows XP SP2 with all the latest patches when viewed in IE6.

-> DON'T GO with Internet Explorer if you don't want to crash: http://www.geocities.com/teh_kids/index.html (no problems whatsoever in Firefox or Opera).

Is this a known unpatched

[ more ]  [ reply ]

Good Day,

Tuesday, January 3, 2006, 12:59:22 PM, you wrote:

GE>> The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows.
PV>> I wouldn't say it does that. If you really want to simplify it in the
LS> extreme, it hides the vulnerable function.

LS> Think of it as a "White Hat Roo

[ more ]  [ reply ]

*What's Microsoft's response to the availability of third party patches for
the WMF vulnerability?

Microsoft recommends that customers download and deploy the security update
for the WMF vulnerability that we are targeting for release on January 10,
2006.

As a general rule, it is a best practice t

[ more ]  [ reply ]

On Tue, 3 Jan 2006, Sam Munro wrote:

> I haven't seen this mentioned yet so I thought I would give you guys a
> heads-up a very good patch has been written by Ilfak
> Guilfanov<http://www.hexblog.com/2005/12/wmf_vuln.html> as
> a tempory solution until ms get their act together.
>
> Can be downloa

[ more ]  [ reply ]

Product(ONLY TESTED ON): Download Accelerator Plus 7.4.0.2 (unregistered)
Test Environment: Winxp Pro sp2 (patch level latest)
Risk Type: Rare exception
Threat Level: High
Vendor website:www.speedbit.com

POC screenshots: http://img482.imageshack.us/img482/4205/31uk.jpg
http://img425.imageshack.us/

[ more ]  [ reply ]