|
|
Colapse all |
Post message
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides 2005-10-04 Neil Dickey (neil geol niu edu) "L. Adrian Griffis" <agriffis (at) dstsystems (dot) com [email concealed]> wrote in part: >I think you are right that ultimately, the legal system needs to >handle this sort of case within its normal processes. But in the >sort term, my fear is that most people have no idea just how vulnerable >internet exposed MS Windows sy [ more ] [ reply ] [SECURITY] [DSA 842-1] New egroupware packages fix arbitrary code execution 2005-10-04 joey infodrom org (Martin Schulze) [SECURITY] [DSA 839-1] New apachetop packages fix insecure temporary file 2005-10-04 joey infodrom org (Martin Schulze) [SECURITY] [DSA 840-1] New drupal packages fix remote command execution 2005-10-04 joey infodrom org (Martin Schulze) MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities 2005-10-03 Mandriva Security Team (security mandriva com) Kaspersky Antivirus Remote Heap Overflow 2005-10-03 list rem0te com Date October 3, 2005 Vulnerability The Kaspersky Antivirus Library provides file format support for virus analysis. During analysis of cab files Kaspersky is vulnerable to a heap overflow allowing attackers complete control of the system(s) being protected. This vulnerability can be exploited remot [ more ] [ reply ] Trillian remote crashable 2005-10-03 philipp kolmann at Hi! I am using LICQ and when I want to establish a direct connection to Trillian using the ICQ protocol and a reverse connection is requested, Trillian crashes reproducable: 08:12:36: [TCP] Sending message to xxx (#1). 08:12:36: [PKT] Packet (SRVv0, 38 bytes) sent: (192.168.0.10:46 [ more ] [ reply ] Re: Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability 2005-10-02 security aewebworks com [SECURITY] [DSA 837-1] New Mozilla Firefox packages fix denial of service 2005-10-02 joey infodrom org (Martin Schulze) [SECURITY] [DSA 838-1] New mozilla-firefox packages fox multiple vulnerabilities 2005-10-03 Michael Stone (mstone klecker debian org) RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides 2005-10-02 Lachniet, Mark (mlachniet sequoianet com) (1 replies) Hi Jason, I've read your postings on this topic for the last few months on the lists and I am really trying to understand where you are coming from. I have no direct knowledge of any of these cases you cite. I am also not in law enforcement, just a security consultant. These views are my own, n [ more ] [ reply ] RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides 2005-10-03 L. Adrian Griffis (agriffis dstsystems com) Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides 2005-10-01 Jason Coombs (jasonc science org) 34 people have killed themselves in the U.K. after being accused of purchasing child pornography using their credit card numbers on the Web between 1996 and 1999; and thousands have been imprisoned around the world for allegedly doing the same. Two of the first, and still ongoing, large-scale in [ more ] [ reply ] Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21 2005-10-01 mkanat bugzilla org Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security bugs that have recently been discovered and fixed in the Bugzilla code: + config.cgi exposes information to users who aren't logged in, even when "requirel [ more ] [ reply ] [SECURITY] [DSA 833-1] New mysql-dfsg-4.1 packages fix arbitrary code execution 2005-10-01 joey infodrom org (Martin Schulze) [Information Disclosure] NetForce v4.02 Sends NIS Password Maps with passwords hashes over sendmail 2005-10-01 bambenek gmail com Vendor: Procom Technology, Inc. Product: NetFORCE 800, v 4.02 M10 (Build 20) Other Versions Vulnerable: unknown, vendor?s website sucks so I can?t tell Vulnerability type: Information disclosure Severity: Medium * Software Information -------------------- Model : NetFORCE 800 Version [ more ] [ reply ] [SECURITY] [DSA 834-1] New prozilla packages fix arbitrary code execution 2005-10-01 joey infodrom org (Martin Schulze) [SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting 2005-10-01 joey infodrom org (Martin Schulze) MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass 2005-10-01 retrogod aliceposta it MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass software: site: http://www.mywebland.com/ vulnerability: if magic quotes off -> SQL INJECTION look carefully this code in login.php, line 40-69 ... if (isset($_POST['username'])) { $username=$_POST['username']; } else $username=""; [ more ] [ reply ] [SECURITY] [DSA 836-1] New cfengine2 packages fix arbitrary file overwriting 2005-10-01 joey infodrom org (Martin Schulze) [SECURITY] [DSA 828-1] New squid packages fix denial of service 2005-09-30 joey infodrom org (Martin Schulze) [ GLSA 200509-20 ] AbiWord: RTF import stack-based buffer overflow 2005-09-30 Thierry Carrez (koon gentoo org) [SECURITY] [DSA 827-1] New backupninja packages fix insecure temporary file 2005-09-29 Michael Stone (mstone klecker debian org) [SECURITY] [DSA 809-2] New squid packages fix denial of service 2005-09-30 joey infodrom org (Martin Schulze) UPDATE: [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities 2005-09-30 Thierry Carrez (koon gentoo org) BID #14752 update 2005-09-30 Josh Zlatin-Amishav (josh tkos co il) BID 14752 is not only an XSS vulnerability, the real problem is a directory transversal flaw and affects Guppy versions less than 4.5.6a. PoC (works for versions <4.5.4): http://localhost/printfaq.php?lng=en&pg=/../../../../../../../etc/passwd %00 Explanation of the problem: The code in printfaq.p [ more ] [ reply ] [SECURITY] [DSA 829-1] New mysql packages fix arbitrary code execution 2005-09-30 joey infodrom org (Martin Schulze) Re: IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV 2005-09-30 inge henriksen booleansoft com ** Inge Henriksen Security Advisory - http://ingehenriksen.blogspot.com/ ** Microsoft say FAT/FAT32 is no longer supported with IIS. In a manouver that I suspect comes because of my WebDAV source displosure exploit, Microsoft has posted a KB article where they say FAT/FAT32 is not supported with I [ more ] [ reply ] |
|
Privacy Statement |
"The Wireless Zero Configuration system service enables automatic
configuration for IEEE 802.11 wireless adapters for wireless
communication."
There are two closely related vulnerabilities:
* Once the "View Available Wireless Networks" dialogue box is
opened the Pair-wise Master Keys
[ more ] [ reply ]