Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ en-us (c) Gossamer Threads Inc. All rights reserved. 08 Nov 2009 16:47:50 -0800 120 75 23 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 08 Nov 2009 13:20:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70747 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 08 Nov 2009 11:47:33 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70746 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 08 Nov 2009 02:07:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70744 --On November 7, 2009 4:06:42 PM -0600 mikelitoris@hushmail.com wrote: > >> But to gather intelligence about what terrorists are up to, even > if a U 07 Nov 2009 17:52:36 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70745 > But to gather intelligence about what terrorists are up to, even if a US citizen is involved, should not require a warrant. This is all well and g 07 Nov 2009 14:06:42 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70742 If you want to be spammed, join full-disclosure. 2009/11/7 Michael Holstein <michael.holstein@csuohio.edu> > > > I have a SPAM filter and virus fire 07 Nov 2009 14:05:40 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70743 --On November 7, 2009 11:24:55 AM -0600 Valdis.Kletnieks@vt.edu wrote: > On Fri, 06 Nov 2009 23:42:45 CST, Paul Schmehl said: >> communications as we 07 Nov 2009 11:51:29 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70739 For those who were not yet aware, there is at least 3 public exploits since 11/05/2009 for CVE-2009-3547 targeting *all* linux kernels from 2.6.0 to 2 07 Nov 2009 11:37:13 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70740 --On November 7, 2009 11:20:31 AM -0600 Rohit Patnaik <quanticle@gmail.com> wrote: > The direction of the association doesn't matter. It doesn't mat 07 Nov 2009 11:31:57 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70738 On Fri, 06 Nov 2009 23:42:45 CST, Paul Schmehl said: > communications as well. Under existing law (if you believe that FISA > applies) they would ha 07 Nov 2009 09:24:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70737 The direction of the association doesn't matter. It doesn't matter if the "terrorist" is contacting me, or if I'm contacting the terrorist. In either 07 Nov 2009 09:20:31 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70736 --On November 6, 2009 10:10:56 PM -0600 Rohit Patnaik <quanticle@gmail.com> wrote: > If it is so clear that a US citizen is involved in terrorism an 06 Nov 2009 21:42:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70735 If it is so clear that a US citizen is involved in terrorism and is communicating with terrorists beyond our borders, then why is it so hard for the N 06 Nov 2009 20:10:56 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70734 --On November 6, 2009 6:07:17 PM -0600 Rohit Patnaik <quanticle@gmail.com> wrote: > > You say that claims about the NSA conducting warrantless wireta 06 Nov 2009 18:56:41 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70733 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 06 Nov 2009 16:46:57 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70741 On Fri, Nov 6, 2009 at 1:25 PM, Paul Schmehl <pschmehl_lists@tx.rr.com>wrote: > --On Friday, November 06, 2009 10:46:39 -0600 Valdis.Kletnieks@vt.edu 06 Nov 2009 16:07:17 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70731 > I have a SPAM filter and virus firewall testing. > So, I want to get the real SPAM is sent to a specific email address. > What better way is there a 06 Nov 2009 13:46:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70730 --On Friday, November 06, 2009 10:46:39 -0600 Valdis.Kletnieks@vt.edu wrote: > On Thu, 05 Nov 2009 21:47:41 CST, Paul Schmehl said: >> > Getting back 06 Nov 2009 11:25:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70729 Hi Full-disclosure I have a SPAM filter and virus firewall testing. So, I want to get the real SPAM is sent to a specific email address. What better 06 Nov 2009 11:11:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70728 --On Friday, November 06, 2009 10:55:26 -0600 Tim <tim-security@sentinelchicken.org> wrote: > >> > INTO OUTFILE is a dangerous routine (as you've cl 06 Nov 2009 11:03:34 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70727 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Paul! On Thu, 05 Nov 2009 21:47:41 CST, Paul Schmehl said: > > Getting back on topic, it is well-kn 06 Nov 2009 09:01:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70726 > > INTO OUTFILE is a dangerous routine (as you've clearly demonstrated), but that > > privilege must be specifically granted to a user before it's p 06 Nov 2009 08:55:26 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70725 On Thu, 05 Nov 2009 21:47:41 CST, Paul Schmehl said: > > Getting back on topic, it is well-known, and proven, that the NSA has > > surveillence facili 06 Nov 2009 08:46:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70724 Confirmed, thanks and POP3 too: c:\>telnet pop3.arnet.com.ar 110 +OK user P0*****4241@arnet.com.ar +OK please, send your password pass P0*****4241 06 Nov 2009 08:38:32 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70723 On Fri, 06 Nov 2009 10:04:54 CST, Paul Schmehl said: > What privileges did the user who performed the select have? > > INTO OUTFILE is a dangerous ro 06 Nov 2009 08:37:28 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70722 --On Friday, November 06, 2009 06:55:22 -0600 Vladimir Vorontsov <vladimir.vorontsov@onsec.ru> wrote: > > Good day! > > I recently encountered a pro 06 Nov 2009 08:04:54 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70721 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-01 - - - 06 Nov 2009 05:36:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70720 Good day! I recently encountered a problem with the implementation of SQL injection. I wanted to write a file with the code interpreter to execute 06 Nov 2009 04:55:22 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70719 Taunting other people's english skills work better when your own english isn't broken :) -----Original Message----- From: full-disclosure-bounces@lis 06 Nov 2009 03:06:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70717 --On November 5, 2009 10:03:31 PM -0600 Chris <r0ck@operamail.com> wrote: >> >> Sure, because we all know those rat bastards at the NSA and all those 05 Nov 2009 20:56:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70732 Don't bother. Paul couldn't see the obvious if someone whacked him in the head with it. An artifact from the 1950s era where government can do no wr 05 Nov 2009 20:07:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70705 > ----- Original Message ----- > From: "Paul Schmehl" <pschmehl_lists@tx.rr.com> > To: "full-disclosure" <full-disclosure@lists.grok.org.uk> > Subject 05 Nov 2009 20:03:31 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70704 some background http://www.wired.com/dangerroom/2009/03/breaking-cyber/ http://news.cnet.com/8301-13578_3-10046097-38.html http://www.wired.com/threa 05 Nov 2009 19:53:54 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70703 --On November 5, 2009 9:12:29 PM -0600 Chris <r0ck@operamail.com> wrote: > > > and someone could sue you for burying your head up your ass. > Fortunat 05 Nov 2009 19:47:41 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70702 Why is it that Valdis has something to say about everything? I see you on NANOG, full-disclosure, outages, and more. > ----- Original Message ----- 05 Nov 2009 19:13:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70701 > ----- Original Message ----- > From: "Paul Schmehl" <pschmehl_lists@tx.rr.com> > To: "full-disclosure" <full-disclosure@lists.grok.org.uk> > Subject 05 Nov 2009 19:12:29 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70700 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 05 Nov 2009 16:52:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70698 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1 05 Nov 2009 16:51:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70716 For complete post with images, please visit http://securethoughts.com/2009/11/using-blended-browser-threats-involving-ch rome-to-steal-files-on-your-c 05 Nov 2009 16:47:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70699 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1 05 Nov 2009 14:03:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70715 It might not work with up-to-date OpenSSL. Fixing that is left as an exercise for the reader. -- Pavel Kankovsky aka Peak / 05 Nov 2009 13:54:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70697 Hello Aras! As correctly note S/U/N (http://lists.grok.org.uk/pipermail/full-disclosure/2009-November/071323.html) I wrote enough PoCs (for different 05 Nov 2009 13:54:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70706 =========================================================== Ubuntu Security Notice USN-855-1 November 05, 2009 libhtml-parser-perl vulnerabil 05 Nov 2009 12:28:34 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70696 =========================================================== Ubuntu Security Notice USN-854-1 November 05, 2009 libgd2 vulnerabilities CVE-200 05 Nov 2009 11:30:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70695 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-08 05 Nov 2009 10:08:36 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70712 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ 05 Nov 2009 09:12:52 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70694 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1 05 Nov 2009 08:21:03 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70714 > > Its evil. Making people believe that someone is dead, publicly, and placing > obituaries online shows no regard for the thoughts & feelings of the 05 Nov 2009 07:10:19 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70693 eoCMS SQL injection vulnerability 1. General information eoCMS is an open source code software which is used to develop Internet forum (http://eocm 04 Nov 2009 21:22:29 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70692 hi, I have written a piece of code to demonstrate the new serv-u bug. Attached please find the source code for Win2k3 SP2 + DEP. Perhaps you shoul 04 Nov 2009 19:41:12 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70691 --On November 4, 2009 8:03:10 PM -0600 "Gary E. Miller" <gem@rellim.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yo Paul! > > 04 Nov 2009 19:19:29 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70690 --On November 4, 2009 8:48:41 PM -0600 Valdis.Kletnieks@vt.edu wrote: > On Wed, 04 Nov 2009 17:42:37 CST, Paul Schmehl said: >> You and millions of o 04 Nov 2009 19:17:52 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70689 "There are people at the end of the computers. Don't ever forget it." Did you and them get your degree from the same university of trolls? > > I have 04 Nov 2009 19:17:22 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70688 http://www.youtube.com/watch?v=WourPs56Shc On Thu, Nov 5, 2009 at 1:48 PM, <Valdis.Kletnieks@vt.edu> wrote: > On Wed, 04 Nov 2009 17:42:37 CST, Paul 04 Nov 2009 19:04:41 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70687 On Wed, 04 Nov 2009 17:42:37 CST, Paul Schmehl said: > You and millions of others love to conflate those issues with warrantless > surveillance of US 04 Nov 2009 18:48:41 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70686 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Paul! On Wed, 4 Nov 2009, Paul Schmehl wrote: > Please cite one proven instance where surveillance 04 Nov 2009 18:03:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70685 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Schmehl wrote: > --On Wednesday, November 04, 2009 16:36:12 -0600 Valdis.Kletnieks@vt.edu wrote: > 04 Nov 2009 17:21:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70684 Dear Madame/Sir, CONFidence is the one of the most technical conference in Eastern Europe. You can find videos from the latest edition here: http://2 04 Nov 2009 17:13:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70713 Did you and them get your degree from the same university of trolls? I have mistaken nothing for nothing. Fuck you. --- On Thu, 5/11/09, frank^2 <f 04 Nov 2009 17:07:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70683 On Wed, Nov 4, 2009 at 4:13 PM, Micheal Turner <wh1t3h4t3@yahoo.co.uk> wrote: > Its evil. Making people believe that someone is dead, publicly, and pl 04 Nov 2009 16:50:34 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70682 Its evil. Making people believe that someone is dead, publicly, and placing obituaries online shows no regard for the thoughts & feelings of the perso 04 Nov 2009 16:13:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70681 --On Wednesday, November 04, 2009 16:36:12 -0600 Valdis.Kletnieks@vt.edu wrote: > On Wed, 04 Nov 2009 14:08:59 CST, Paul Schmehl said: >> Please cite 04 Nov 2009 15:42:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70680 On Wed, Nov 4, 2009 at 1:58 PM, Micheal Turner <wh1t3h4t3@yahoo.co.uk> wrote: > It seems the whole thing was a Hoax rumor put about by people who I ca 04 Nov 2009 15:08:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70679 Moderate vulnerability in argentinean ARNET isp webmail. well, there is some kind of weakened authentication on the webmail of Arnet (webmail.arnet. 04 Nov 2009 15:00:20 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70718 On Wed, 04 Nov 2009 14:08:59 CST, Paul Schmehl said: > Please cite one proven instance where surveillance was done on anyone without a > FISA warrant 04 Nov 2009 14:36:12 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70677 http://twitter.com/str0ke It has happened for rgod an now with str0ke.. in both case they are alive, and in both case there are idiots/trolls who cla 04 Nov 2009 14:29:05 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70678 It seems the whole thing was a Hoax rumor put about by people who I can only describe as pure evil. Glad to know he is fine. --- On Wed, 4/11/09, we 04 Nov 2009 13:58:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70676 Asterisk Project Security Advisory - AST-2009-009 +------------------------------------------------------------------------+ | Product 04 Nov 2009 12:12:42 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70673 Asterisk Project Security Advisory - AST-2009-008 +------------------------------------------------------------------------+ | Product 04 Nov 2009 12:12:22 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70672 > I seriously doubt the FBI will be wiretapping anyone on this list that isn't > doing something illegal. If you're innocent, you have nothing to fe 04 Nov 2009 12:10:12 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70671 --On Wednesday, November 04, 2009 13:21:02 -0600 Valdis.Kletnieks@vt.edu wrote: > > George W Bush and company went to jail for the maximum sentence fo 04 Nov 2009 12:08:59 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70670 --On Wednesday, November 04, 2009 12:59:09 -0600 "Gary E. Miller" <gem@rellim.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yo 04 Nov 2009 12:00:27 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70669 ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-080 November 4 04 Nov 2009 11:50:57 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70711 ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-079 November 4, 2009 -- 04 Nov 2009 11:50:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70710 ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-078 November 4, 2009 -- A 04 Nov 2009 11:50:38 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70709 ZDI-09-077: Sun Java Web Start Arbitrary Command Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-077 November 4, 2009 -- A 04 Nov 2009 11:50:32 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70708 ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-076 November 4, 200 04 Nov 2009 11:50:23 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70707 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 04 Nov 2009 11:33:20 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70675 On Wed, 04 Nov 2009 12:30:25 CST, Paul Schmehl said: > No, nor did I state that. I said that illegal wiretapping will get thrown out > of court and 04 Nov 2009 11:21:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70668 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Paul! On Wed, 4 Nov 2009, Paul Schmehl wrote: > No. But I can distinguish between an American cit 04 Nov 2009 10:59:09 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70667 > I said that illegal wiretapping will get thrown out > of court and the perpetrators jailed. That's a separate issue from whether or > not agents 04 Nov 2009 10:52:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70666 ===============================ADVISORY=============================== Name: Autocomplete Data Theft in Mozilla Firefox Systems Affecte 04 Nov 2009 10:35:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70674 --On Tuesday, November 03, 2009 22:52:28 -0600 Valdis.Kletnieks@vt.edu wrote: > On Tue, 03 Nov 2009 22:13:24 CST, Paul Schmehl said: >> Of course, wi 04 Nov 2009 10:30:25 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70665 --On Tuesday, November 03, 2009 22:39:06 -0600 Holt Sorenson <hso@nosneros.net> wrote: > > On Tue, Nov 03, 2009 at 10:13:24PM -0600, Paul Schmehl wr 04 Nov 2009 10:28:24 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70664 Nothing new here, but thought this might be useful to some people...Tries to maintain current working directory when you use 'cd'. http://codepad.o 04 Nov 2009 05:41:14 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70662 A very sad news indeed. On Wed, Nov 4, 2009 at 6:49 PM, Micheal Turner <wh1t3h4t3@yahoo.co.uk>wrote: > We are mourning a good friend today. I first 04 Nov 2009 05:39:33 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70661 We are mourning a good friend today. I first begun talking to str0ke when I started publishing exploit codes onto this mailing list, he would always b 04 Nov 2009 05:19:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70660 ====================================================================== Secunia Research 04/11/2009 - IBM Tivoli Storage 04 Nov 2009 04:35:24 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70663 On Tue, Nov 3, 2009 at 20:13, Paul Schmehl <pschmehl_lists@tx.rr.com> wrote: > --On November 4, 2009 12:55:45 PM +1100 "Ivan ." <ivanhec@gmail.com> wr 03 Nov 2009 21:50:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70658 On Tue, 03 Nov 2009 22:13:24 CST, Paul Schmehl said: > Of course, without a warrant they can't wiretap anything. Furthermore > every warrant to wire 03 Nov 2009 20:52:28 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70659 On Tue, Nov 3, 2009 at 8:13 PM, Paul Schmehl <pschmehl_lists@tx.rr.com> wrote: > Of course, without a warrant they can't wiretap anything. good troll 03 Nov 2009 20:46:13 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70657 On Tue, Nov 03, 2009 at 10:13:24PM -0600, Paul Schmehl wrote: >Of course, without a warrant they can't wiretap anything. Furthermore >every warrant 03 Nov 2009 20:39:06 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70656 --On November 4, 2009 12:55:45 PM +1100 "Ivan ." <ivanhec@gmail.com> wrote: > The answer is both more mundane and more alarming. Prosecutors are > us 03 Nov 2009 20:13:24 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70655 The answer is both more mundane and more alarming. Prosecutors are using the FBI's massive surveillance system, DCSNet, which stands for Digital Colle 03 Nov 2009 17:55:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70654 Vendor: Bractus (http://bract.us) Product: SunTrack (http://bract.us/demo/login.jsp) Multiple stored XSS vulnerabilities exist in the Bractus SunTrac 03 Nov 2009 16:21:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70652 Vendor: e-Courier (http://www.ecouriersoftware.com/) Product: CMS Tracking Site Issue: Cross-Site Scripting. Description: Nearly all pages include the 03 Nov 2009 16:20:06 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70653 If you are about to exploit this bug with ollydbg and a /SafeSEH scanner plug-in which could be found at: http://www.openrce.org/downloads/details/24 03 Nov 2009 15:57:21 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70651 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 03 Nov 2009 10:31:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70650 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 03 Nov 2009 08:16:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70647 ZDI-09-075: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-075 November 2, 200 02 Nov 2009 15:32:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70648