|
|
Colapse all |
Post message
Advisory: Dark Age of Camelot - Weak encryption of network traffic exposed personal information. 2003-12-13 Todd Chapman (tchapman leoninedev com) ---------------------------------------- Security Advisory Full advisory available in HTML, PDF and TXT formats at http://capnbry.net/daoc/advisory.html Certain sections omitted from email to keep the length down. ---------------------------------------- Software: Dark Age of Camelot from Myth [ more ] [ reply ] UPDATED UnixWare 7.1.1 : Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2 2003-12-12 security sco com To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.1 : Bind: cache poisoning BIND 8 [ more ] [ reply ] Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, 2003-12-13 Thor Lancelot Simon (tls rek tjls com) [Another list response, with permission, to an off-list response to my original message. I think this one will be generally interesting, thus the carbon to the list...] On Fri, Dec 12, 2003 at 07:34:31PM -0500, Gary Flynn wrote: > > > Thor Lancelot Simon wrote: > > > > ISSUE 2: USE OF THE IE [ more ] [ reply ] Re: Insecure IKE Implementations Clarification 2003-12-12 Thor Lancelot Simon (tls rek tjls com) (1 replies) On Fri, Dec 12, 2003 at 09:55:30AM -0700, Aaron Adams wrote: > Hey Thor, > > I was just reading over your paper and noticed that you have not really > included any specific implementations, aside from the "Windows 2000 SP2+ > and XP", that are vulnerable to these issues. > > Would it be possible f [ more ] [ reply ] Re: Insecure IKE Implementations Clarification 2003-12-12 Florian Weimer (fw deneb enyo de) (1 replies) Re: Insecure IKE Implementations Clarification 2003-12-12 Thor Lancelot Simon (tls rek tjls com) (1 replies) Re: Insecure IKE Implementations Clarification 2003-12-12 Florian Weimer (fw deneb enyo de) (1 replies) Re: Insecure IKE Implementations Clarification 2003-12-12 Thor Lancelot Simon (tls rek tjls com) (1 replies) Re: Insecure IKE Implementations Clarification 2003-12-12 Florian Weimer (fw deneb enyo de) (1 replies) SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) 2003-12-12 Thor Lancelot Simon (tls rek tjls com) (1 replies) Re: SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) 2003-12-13 Florian Weimer (fw deneb enyo de) [slackware-security] lftp security update (SSA:2003-346-01) 2003-12-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lftp security update (SSA:2003-346-01) lftp is a file transfer program that connects to other hosts using FTP, HTTP, and other protocols. A security problem with lftp has been corrected with the release of lftp-2.6.10. New pack [ more ] [ reply ] MDKSA-2003:115 - Updated net-snmp packages fix vulnerability 2003-12-12 Mandrake Linux Security Team (security linux-mandrake com) Re: A .NET class bug that can hang a machine instantly 2003-12-11 Mickey Williams (miwilliams2 fnf com) In-Reply-To: <20031211035302.3545.qmail (at) sf-www1-symnsj.securityfocus (dot) com [email concealed]> Works fine and as expected for me (with framework 1.1 anyway). Are you suggesting that simply reading an XML file in an overriden OnLoad method somehow deadlocks the OS? There is a known deadlock issue for mixed-mode assemb [ more ] [ reply ] Multiple vulnerabilites in vendor IKE implementations, including Cisco, 2003-12-12 Thor Lancelot Simon (tls rek tjls com) (1 replies) Nortel, and Microsoft Reply-To: tls (at) rek.tjls (dot) com [email concealed] INTRODUCTION This message will describe two serious vulnerabilities in the default configurations of IKE implementations. They are particularly common in so called "VPN client" implementations. Both allow easy session stealing and man-in-the-midd [ more ] [ reply ] Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, 2003-12-13 Sharad Ahlawat (sha cisco com) (1 replies) Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, 2003-12-13 Thor Lancelot Simon (tls rek tjls com) Re: A new TCP/IP blind data injection technique? 2003-12-12 Michal Zalewski (lcamtuf ghettot org) (2 replies) I would like to quickly summarise some of the responses I have received to my original message to BUGTRAQ and Full-Disclosure: 1. Checksum brute-force and attack feasibility After actually giving it some thought, I do agree the ability to successfully attack the checksumming algorithm in pr [ more ] [ reply ] Re: A new TCP/IP blind data injection technique? 2003-12-12 Barney Wolff (barney databus com) (1 replies) [slackware-security] cvs security update (SSA:2003-345-01) 2003-12-11 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] cvs security update (SSA:2003-345-01) CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory deals with the u [ more ] [ reply ] eZ and eZphotoshare fixes 2003-12-11 Peter Winter-Smith (peter4020 hotmail com) Dear All, Recently I had found and released details regarding several flaws which existed in the eZnetwork suite, packages which I have associated with this particular flaw, or other names used when mentioning the products in question were: + eZ + eZnetwork + eZphotoshare + eZshare + eZm [ more ] [ reply ] GLSA: gnupg (200312-05) 2003-12-12 Rajiv Aaron Manglani (rajiv gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-05 - ------------------------------------------------------------------------ -- GLSA: 200312-05 Package: app-crypt/gnupg [ more ] [ reply ] Secunia Advisory: URL Spoofing 2003-12-12 http-equiv (at) excite (dot) com [email concealed] (1 malware com) While Secunia is doing a fantastic job [truly] of compiling advisories as soon as issues are discovered by others, they do need to make it absolutely clear to the media that they appear to have to talk to and in the information that they release just who found these flaws. This particular url [ more ] [ reply ] Multiple vendor SOAP server (XML parser) denial of service (DTD parameter entities) 2003-12-11 Amit Klein (Amit Klein SanctumInc com) //////////////////////////////////////////////////////////////////////// /////// //==========================>> Security Advisory <<==========================// //////////////////////////////////////////////////////////////////////// /////// ---------------------------------------------------------- [ more ] [ reply ] |
|
Privacy Statement |
Several Things about IE bugs:
1st, i coded a stable demo of 1stCleanRc:
http://www.safecenter.net/UMBRELLAWEBV4/1stCleanRc/1stCleanRc-Xp/index.h
tml
some anti-Virus firewall tools may detect this exploit as a virus, but most of these tools will fail if the exploit *files* are changed.(malware
[ more ] [ reply ]