- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

Where can I find the "how to" to get around the password protection? I have a form that I need to modify, but whoever created it is no longer with the company and as a result, the password is "gone"

Many Thanks

[ more ]  [ reply ]

remove
>>> Alexey Toptygin <alexeyt (at) freeshell (dot) org [email concealed]> 7/6/2005 7:37:00 AM >>>
On Tue, 5 Jul 2005, Jack Lloyd wrote:

> Assuming the PRNG is any good, it shouldn't matter if an attacker can
> manipulate such timings, because (by definition) a good PRNG will still

> behave correctly even if an attacke

[ more ]  [ reply ]

Hi Steve

On Wednesday 06 July 2005 11:57, Steve <St> wrote:
> Author: Stefan Lochbihler
> Date: 6. Juli 2005
> Affected Software: PHPXMAIL
> Software Version: 0.7 -> 1.1
> Software URL: http://phpxmail.sourceforge.net/
> Attack: Authentication Bypass

[...details snipped...]

> The probl

[ more ]  [ reply ]

/*
************************************************************************
*****************************************
$ An open security advisory #9 - eRoom v6.* Vulnerabilities
************************************************************************
*****************************************

[ more ]  [ reply ]

Correction: The update is not available on thier site yet. They are saying it will be there around the 13th

[ more ]  [ reply ]

/*
************************************************************************
*****************************************
$ An open security advisory #9 - eRoom v6.* Vulnerabilities
************************************************************************
*****************************************

[ more ]  [ reply ]

05.07.05 exploits (at) zataz (dot) net [email concealed] wrote:

> Vendor informed: yes

Hi,

What do you understand by "Vendor informed"? We haven't received any
email from you neither to private addresses nor ekg-users/ekg-devel
mailing lists. Please also note that the script you pointed at is
contributed by a third-party

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 739-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 6th, 2005

[ more ]  [ reply ]

When an HTML file attachment is opened in a lotus notes account via the web mail interface,
the user sees that there is an attachment.
Clicking the attachment does not prompt for saving or opening (like in Yahoo), but opens the malicious HTML immediately, allowing for stealing of the LTPA session c

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA 737-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
July 05, 2005

[ more ]  [ reply ]

On Tue, 5 Jul 2005, Jack Lloyd wrote:

> Assuming the PRNG is any good, it shouldn't matter if an attacker can
> manipulate such timings, because (by definition) a good PRNG will still
> behave correctly even if an attacker does feed it lots of deliberately
> bad data (as long as the PRNG also ha

[ more ]  [ reply ]

Am Mittwoch, 6. Juli 2005 09:14 schrieb Darren Reed:
> In some mail from Thomas, sie said:
^--- "sie"? :)

> > > Linux cited using keyboard interrupts. How many of those happen on
> > > a web server in a rack, in an air conditioned computer room somewh

[ more ]  [ reply ]

Author: Stefan Lochbihler
Date: 6. Juli 2005
Affected Software: PHPXMAIL
Software Version: 0.7 -> 1.1
Software URL: http://phpxmail.sourceforge.net/
Attack: Authentication Bypass

Overview:
PhpXmail is a web based management software for the Xmail mail server
written in php.
It's main u

[ more ]  [ reply ]

In some mail from Thomas, sie said:
>
> > Linux cited using keyboard interrupts. How many of those happen on
> > a web server in a rack, in an air conditioned computer room somewhere ?
> > How many happen when you open up your web browser and select your
> > internet banking web site from your boo

[ more ]  [ reply ]

> At the last place at which I worked, a few years ago, a "random
> number" was generated, and used in a FIPS 140-1 compliant
> encryption device, by capturing 128 ethernet frames in sequence
> from the local in-house network, gathering the LSB from the
> arrival time of each frame, and using those

[ more ]  [ reply ]

> Linux cited using keyboard interrupts. How many of those happen on
> a web server in a rack, in an air conditioned computer room somewhere ?
> How many happen when you open up your web browser and select your
> internet banking web site from your bookmarks?

To complete the list, Linux uses:
- b

[ more ]  [ reply ]

On 7/4/05, Robert Foxworth <rfoxwor1 (at) tampabay.rr (dot) com [email concealed]> wrote:
> At the last place at which I worked, a few years ago, a "random
> number" was generated, and used in a FIPS 140-1 compliant
> encryption device, by capturing 128 ethernet frames in sequence
> from the local in-house network, gathering th

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sintigan (at) insecure (dot) net [email concealed] wrote:
> Neither Regular or secure mode of Imail properly give out a hash on cookies leaving the cookies straight readable to any onlookers.
>
> No exploit is needed
> POC:
>
> "IMail_UserId
> 1006332dgd2@Someserver"
> ---------

[ more ]  [ reply ]

[The From: address is a bitbucket, to deflect the autoresponder hordes.
Use the address in the signature to reach me.]

> Why anyone is using the old entropy based RNG at all on modern
> commodity hardware?

Who said anything about "modern commodity hardware"? :)

Not all machines running most of th

[ more ]  [ reply ]

[The From: is a bitbucket, to deflect the hordes of broken
autoresponders. Use the address in the signature to reach me.]

> The original email pointed out that disk seek times may not be quite
> as random as previously thought, especially with compact flash and
> similar mediums.

According to the

[ more ]  [ reply ]

It's not necessarily the traffic itself, but aspects of the traffic.
Someone had mentioned that the timing between recieving the packets
was what's used, even if you see that it may change over the rest of
the wire and there's nothing to say that the system is using all the
traffic as the attacker s

[ more ]  [ reply ]

Tele-Consulting GmbH
security | networking | training

advisory 05/07/06

URL of this advisory:
http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt

Topic:
Weakness in implemenation of proccessing SIP-Notify-Messages
in VoIP-Phones.

Summary:
Due to ignoring

[ more ]  [ reply ]

Anything But Microsoft wrote:
> Do we conclude this is a Windows problem? Or are Windows programmers lazy, poorly trained or in general a bunch that don't care about security?

If you get it right the first time and disclose your engineering design
decisions and your source code then you can't sell

[ more ]  [ reply ]

Thanks you all for notifying the frsirt team of their credit/copyright missteps, they seem to have corrected this on their website. I would like to request any exploit archive to reflect their changes and warn any developers that the code is under GPL and any work based on it will therefore also be

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hardened-PHP Project
www.hardened-php.net

-= Security Advisory =-

Advisory: Jaws Multiple Remote Code Execution Vulnerabilities
Release Date: 2005/07/06
Last Modified: 200

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA 738-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
July 05, 2005

[ more ]  [ reply ]

/*
************************************************************************
*****************************************
$ An open security advisory #7 - SUN Solaris SO_REUSEADDR Local Socket Hijack Bug
************************************************************************
**********************

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA 740-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
July 06, 2005

[ more ]  [ reply ]