-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2005-0015

Package name: postgresql
Summary: Buffer overflows
Date: 2005-04-25
Affected versions: Trustix Se

[ more ]  [ reply ]

On Sat, 2005-04-23 at 09:02 -0400, Stephen Frost wrote:
> * Antoine Martin (antoine (at) nagafix.co (dot) uk [email concealed]) wrote:
> > Basically, multiple input data that have the same output hash, which is
> > of no use when what you are trying to find is the input.
> > Finding collisions quicker for a known input is one t

[ more ]  [ reply ]

* Antoine Martin (antoine (at) nagafix.co (dot) uk [email concealed]) wrote:
> Basically, multiple input data that have the same output hash, which is
> of no use when what you are trying to find is the input.
> Finding collisions quicker for a known input is one thing, but that is
> not going to reduce the search space, not ev

[ more ]  [ reply ]

Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

Severity: High
Title: Multiple Sql injection and

[ more ]  [ reply ]

============================================================
Title: E-Cart v1.1 Remote Command Execution
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 20/04/2005
Severity: High. Remote Users Can Execute Arbitrary Code.
Affected version: <= E-Cart 2004 v1.1
Ve

[ more ]  [ reply ]

Hyperdose Security Advisory

Name: Local file detection found through Adobe Reader ActiveX control
Systems Affected: Adobe Reader 7.0 and earlier
Severity: Low
Author: Robert Fly - robfly (at) hyperdose (dot) com [email concealed]
Advisory URL: http://www.hyperdose.com/advisories/H2005-06.txt

--Adobe Description--
From Adobe

[ more ]  [ reply ]

You can read details of this vulnerability here: http://www.securityfocus.com/archive/1/367144

Very simple source of exploit, enjoy.

/*
* artmedic_links5 remote file access exploit
* Adam Simuntis <n30n (at) o2 (dot) pl [email concealed]>
*/

#include <stdio.h>
#include <stdlib.h>
#include <arpa/inet.h>
#include <sys/

[ more ]  [ reply ]

*/ WWW.BAHADORLOVER.COM \*

ACSblog :
A asp weblog with manageable code blocks and logical structure make it easy for the novice to get into the code and customize it to your site. Full-featured enough for expert bloggers

vendor:www.asppress.com

Where is the bug ?

inc_login_check.asp

<% if re

[ more ]  [ reply ]

/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® - Advisory #14 - 17/04/05
--------------------------------------------------------
Program: phpBB 2.0.14
Homepage: http://www.phpbb.com
Vulnerable Versions: phpBB 2.0.14 & Lower versions
Risk: Low Risk!!
I

[ more ]  [ reply ]

Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

Severity: High
Title: Multiple Sql injection vuln

[ more ]  [ reply ]

Greetings and Salutations:

Just received the attached e-mail with the below suspicious URL. I did a
fetch on the URL and received the item after the part labeled:
------ Fetched URL

FYI. Looks like possibly a Microsoft Media player exploit?

Someone want to take the time to decode?

Ken

-------

[ more ]  [ reply ]

[SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05)

Vendor: WoltLab
URL: http://www.woltlab.de/
Version: <= 2.3.1
Type: XSS

Discovered by deluxe89

Description:
--------------------------------
The WoltLab Burning Board is a high customisable forum softw

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-05:05.cvs Security Advisory
The FreeBSD Project

Topic: Mu

[ more ]  [ reply ]

-----------------------------
Product: BitDefender
Version: 8
Tested on: Windows 2000 SP4
Vulnerability: Race condition
-----------------------------

BACKGROUND
----------
BitDefender ensures the most advanced antivirus protection, as well as data
confidentiality, active content control and Inte

[ more ]  [ reply ]

On Thu, 2005-04-21 at 17:27 -0500, Bruno Wolff III wrote:
> On Wed, Apr 20, 2005 at 22:27:01 -0400,
> Stephen Frost <sfrost (at) snowman (dot) net [email concealed]> wrote:
> >
> > SHA2 would also be nice.
>
> I think the new hash functions are called SHA256 and SHA512.
> For Postgres' purposes the recent weaknesses found i

[ more ]  [ reply ]

Hi,

Does this overflow affect versions of RealPlayer installable on mobile
platforms too (like Windows PocketPC, CE, mobile et cetera)?

Regards
Göran Sandahl

On Wednesday 20 April 2005 07:08, Piotr Bania wrote:
> RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap
> Overflow
> b

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was using Firefox 1.0.2 when I first tried it, and I upgraded to
Firefox 1.0.3 the day I tried to recreate it myself. Maybe someone threw
a quick fix in before 1.0.3 was released? The vulnerability isn't
mentioned on the vulnerabilities page though.

[ more ]  [ reply ]

Mmm i don`t know, i test it and my pc crashed, it looks that get all my windows virtual memory, and any key didn´t works fine, so I have to make ?button reboot?. If someone knows how to make something with the flaw I hope comments..

I seen source code, for me looks that ypu have to put a lot

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

* Mike Fratto (mfratto (at) nwc (dot) com [email concealed]) wrote:
> Since the salt is known, it has no effect on the "keyspace" because you
> don't have to guess it. If there was no salt, then pre-computing a
> dictionary is a much smaller task.

That's the whole point of the discussion- the way Postgres's pg_shadow
stuff w

[ more ]  [ reply ]

Circa 2005-04-21 dixit Mike Fratto:

:
: > I thought the idea of the salt was to aid in expanding the
: > keyspace. Even though the salt is known (in traditional Unix
: > passwd/shadow/master.passwd databases,
:
: I am pretty sure the intent the salt is to make pre-computation of a
: dictionar

[ more ]  [ reply ]

------------------------------------------------------------------------
---
Peachtree Linux Security Notice PLSN-0003
April 20, 2005

Remote buffer overflow and possible code execution in mplayer
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.

[ more ]  [ reply ]

On Wed, Apr 20, 2005 at 22:27:01 -0400,
Stephen Frost <sfrost (at) snowman (dot) net [email concealed]> wrote:
>
> SHA2 would also be nice.

I think the new hash functions are called SHA256 and SHA512.
For Postgres' purposes the recent weaknesses found in SHA1 and MD5
aren't a big deal.

[ more ]  [ reply ]

> The salt isn't always known... I don't know how an
> unprivledged user on a system w/ /etc/shadow could get at it
> anyway. I'm sure alot of people would be very anxious to
> know if you know of a way to do that...

The salt is known, just not by an unpriveledged user. But if you can access

[ more ]  [ reply ]

> That's the whole point of the discussion- the way Postgres's
> pg_shadow stuff works the salt is known and *because* of that
> it might as well not exist since it means that you can
> pre-compute the keyspace.

I see your point. I don't know anything about postgres. I don't use it. But
if so

[ more ]  [ reply ]

It also slows down cracking numerous passwords in parallel using a
dictionary/heuristic approach a la john the ripper - without a salt, you
can calculate the hash of each password guess once, and then scan
through an entire shadow file for the hash. With salts, you have to
hash each guess once per

[ more ]  [ reply ]

ShineShadow Security Report 22042005-04

TITLE: Multiple vulnerabilities in Argosoft Mail Server Pro 1.8.7.6.

BACKGROUND

ArGoSoft Mail Server is fully functional SMTP/POP3/Finger (Pro version also has IMAP module) server for Windows 95/98/NT/2000, which will let you turn your computer into the

[ more ]  [ reply ]

On Thu, 21 Apr 2005 11:32 pm, Rod Taylor wrote:
> On Thu, 2005-04-21 at 11:06 +0200, Tino Wildenhain wrote:
>
> One advantage of a random salt would be that the username can be changed
> without having to reset the password at the same time.

And the main advantage is that if you have an account wit

[ more ]  [ reply ]