«
Expand/Collapse
121 items tagged "issue"
Related tags:
security notice [+],
yourself [+],
null [+],
certificate [+],
advisory [+],
denial of service [+],
x 509 [+],
web application security [+],
validation [+],
security advisory [+],
safari [+],
owasp [+],
magazine issue [+],
certificate chains [+],
certificate chain [+],
x lion [+],
vulnerabilities [+],
BackTrack [+],
zine issue [+],
security issue [+],
mdvsa [+],
forensics [+],
crawler [+],
vulnerability issues [+],
txt [+],
sophos [+],
shell scripts [+],
quicktime [+],
pdf [+],
munin [+],
memory access [+],
mac os x [+],
mac os [+],
lts [+],
kerberos [+],
kdc [+],
handling [+],
hacker [+],
gnyzine [+],
glen eustace [+],
gain privileges [+],
file permissions [+],
file names [+],
expiration times [+],
dwayne litzenberger [+],
dhcp [+],
dan rosenberg [+],
code execution [+],
buffer overflow [+],
brute force [+],
attacker [+],
arbitrary files [+],
arbitrary code execution [+],
arbitrary code [+],
magazine [+],
clubhack [+],
zine [+],
wpa wpa2 [+],
wi fi [+],
who wants to be a millionaire [+],
web application [+],
vulnerability exploitation [+],
violation of privacy [+],
unauthorized access [+],
timeclock software [+],
thread execution [+],
system processes [+],
system [+],
ssl3 [+],
ssl servers [+],
ssl 3 [+],
solidarity [+],
social networking [+],
shells [+],
security coverage [+],
secure [+],
safeguard [+],
rop [+],
rng [+],
reverse engineering [+],
realplayer [+],
real networks inc [+],
read [+],
public key encryption [+],
pirate bay [+],
phishing [+],
penetration [+],
patent law [+],
password [+],
ostinato [+],
openssl [+],
numbers stations [+],
network security [+],
name [+],
mobile warfare [+],
microsoft [+],
metasploit [+],
mandriva linux [+],
management center [+],
malwares [+],
maldroid [+],
magazine volume [+],
lattice [+],
issue 32 [+],
iridium satellite network [+],
ios [+],
internals [+],
integer overflow vulnerability [+],
integer overflow [+],
initialization routine [+],
information technology act [+],
idefense [+],
htz [+],
hp hash [+],
hitb ezine issue [+],
heap corruption [+],
hacks [+],
hack [+],
guardian project [+],
fraud [+],
floating point numbers [+],
false messages [+],
ezine issue [+],
exposed [+],
exchange function [+],
enterprise [+],
employee timeclock [+],
echo mirage [+],
digital signature [+],
denial of service attack [+],
database password [+],
credit cards [+],
countermeasure [+],
corporate desktop [+],
computer technology [+],
bzip [+],
bugtraq [+],
bridge [+],
botnets [+],
best practices [+],
attack strategies [+],
application security [+],
apple ios [+],
android [+],
alternate data streams [+],
General [+],
zombie [+],
wireless chip [+],
weather balloon [+],
weather [+],
vista [+],
virtual box [+],
underworld [+],
tsunami warning [+],
tsunami [+],
tor hideout [+],
time microsoft [+],
sum [+],
ssl [+],
single group [+],
short period [+],
sensor [+],
security vulnerability [+],
security firms [+],
screen [+],
reader [+],
professional pen [+],
print [+],
php 5 [+],
pentest [+],
pc herders [+],
payload [+],
patches [+],
patch [+],
owned [+],
no prob [+],
news [+],
new security [+],
new [+],
mold [+],
misc [+],
mechanical engineering degree [+],
manages [+],
linkedin [+],
leaves [+],
lastpass [+],
java [+],
jacky [+],
issue tracking system [+],
issue patch [+],
humidity [+],
hijacking [+],
hideout [+],
hey guys [+],
herders [+],
group [+],
google [+],
function [+],
free hack [+],
firefox [+],
fine [+],
financial institutions [+],
eventum [+],
error messages [+],
envronment [+],
emergency patch [+],
emergency [+],
dehumidifier [+],
day [+],
darknet [+],
critical security [+],
consumer privacy [+],
connection [+],
commands [+],
center server [+],
box [+],
balloon payload [+],
arduino [+],
apartment [+],
angus [+],
adobe [+],
acrobat [+],
Support [+],
Software [+],
Related [+],
Newbie [+],
Issues [+],
Area [+],
apple security [+],
ubuntu [+],
security [+],
e zine [+]
-
-
13:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1634-1 - Dwayne Litzenberger discovered that Python Keyring's CryptedFileKeyring file format used weak cryptography. A local attacker may use this issue to brute-force CryptedFileKeyring keyring files. This issue only affected Ubuntu 11.10 and Ubuntu 12.04 LTS. It was discovered that Python Keyring created keyring files with insecure permissions. A local attacker could use this issue to access keyring files belonging to other users. Various other issues were also addressed.
-
13:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1634-1 - Dwayne Litzenberger discovered that Python Keyring's CryptedFileKeyring file format used weak cryptography. A local attacker may use this issue to brute-force CryptedFileKeyring keyring files. This issue only affected Ubuntu 11.10 and Ubuntu 12.04 LTS. It was discovered that Python Keyring created keyring files with insecure permissions. A local attacker could use this issue to access keyring files belonging to other users. Various other issues were also addressed.
-
13:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1634-1 - Dwayne Litzenberger discovered that Python Keyring's CryptedFileKeyring file format used weak cryptography. A local attacker may use this issue to brute-force CryptedFileKeyring keyring files. This issue only affected Ubuntu 11.10 and Ubuntu 12.04 LTS. It was discovered that Python Keyring created keyring files with insecure permissions. A local attacker could use this issue to access keyring files belonging to other users. Various other issues were also addressed.
-
-
19:29
»
Packet Storm Security Advisories
Ubuntu Security Notice 1622-1 - It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10, and Ubuntu 12.04 LTS. It was discovered that Munin incorrectly handled plugin state file permissions. An attacker obtaining privileges of the munin user could use this issue to escalate privileges to root. Various other issues were also addressed.
-
19:29
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1622-1 - It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10, and Ubuntu 12.04 LTS. It was discovered that Munin incorrectly handled plugin state file permissions. An attacker obtaining privileges of the munin user could use this issue to escalate privileges to root. Various other issues were also addressed.
-
19:29
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1622-1 - It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10, and Ubuntu 12.04 LTS. It was discovered that Munin incorrectly handled plugin state file permissions. An attacker obtaining privileges of the munin user could use this issue to escalate privileges to root. Various other issues were also addressed.
-
-
12:01
»
Hack a Day
The apartment [Angus] lives in must be sealed up pretty tight. It was so humid during the winter that there was a mold issue. We usually have the opposite problem, needing to add humidity to the air in the colder months. To combat the issue he bought a small dehumidifier, but wanted to automate the [...]
-
-
16:01
»
Hack a Day
The biggest issue with sending expensive electronics into near space is trying to recover them. [Lhiggs] set out to solve this issue with his Senior project for a Mechanical Engineering degree. He figured that a payload dropped from 100,000 feet should be able to glide its way back to some predefined coordinates. Here you can [...]
-
-
0:38
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 32 - Topics covered include The Compliance Storm on the Horizon, Digital Signature in Mom's Guide, Cracking WPA/WPA2, and more.
-
0:38
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 32 - Topics covered include The Compliance Storm on the Horizon, Digital Signature in Mom's Guide, Cracking WPA/WPA2, and more.
-
-
0:24
»
Packet Storm Security Advisories
Ubuntu Security Notice 1571-1 - Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. This issue only affected Ubuntu 11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped by using environment variables. This update mitigates the issue by sanitizing certain variables in the DHCP shell scripts. Various other issues were also addressed.
-
0:24
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1571-1 - Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. This issue only affected Ubuntu 11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped by using environment variables. This update mitigates the issue by sanitizing certain variables in the DHCP shell scripts. Various other issues were also addressed.
-
0:24
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1571-1 - Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. This issue only affected Ubuntu 11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped by using environment variables. This update mitigates the issue by sanitizing certain variables in the DHCP shell scripts. Various other issues were also addressed.
-
-
16:01
»
Packet Storm Security Advisories
Apple Security Advisory 2012-07-25-1 - A cross-site scripting issue existed in the handling of feed:// URLs in Safari. An autocomplete flaw was also fixed in Safari. Various other Safari issues have also been addressed. Webkit had code execution, cross origin, access control, and various other vulnerability issues addressed.
-
16:01
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-07-25-1 - A cross-site scripting issue existed in the handling of feed:// URLs in Safari. An autocomplete flaw was also fixed in Safari. Various other Safari issues have also been addressed. Webkit had code execution, cross origin, access control, and various other vulnerability issues addressed.
-
16:01
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-07-25-1 - A cross-site scripting issue existed in the handling of feed:// URLs in Safari. An autocomplete flaw was also fixed in Safari. Various other Safari issues have also been addressed. Webkit had code execution, cross origin, access control, and various other vulnerability issues addressed.
-
-
16:16
»
Packet Storm Security Advisories
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
16:16
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
16:16
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
-
-
8:19
»
Packet Storm Security Advisories
Apple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.
-
8:19
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.
-
-
12:53
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 27 - Topics covered include Sysinternals Suite, The Burning issue in Web Application, and more.
-
-
5:12
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 26 - Topics covered include Network Security, Who wants to be a Millionaire, Section 66A - Sending offensive or false messages, and more.
-
5:12
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 26 - Topics covered include Network Security, Who wants to be a Millionaire, Section 66A - Sending offensive or false messages, and more.
-
-
13:43
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 25 - Topics covered include Exploiting Remote Systems Without Being Online, Firewall 101, Introduction To Skipfish, and more.
-
13:43
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 25 - Topics covered include Exploiting Remote Systems Without Being Online, Firewall 101, Introduction To Skipfish, and more.
-
-
16:38
»
Packet Storm Security Recent Files
Go Null Yourself E-zine Issue 6 - Topics in this issue include Floating Point Numbers Suck, How Skynet Works, Defeating NX/DEP With return-to-libc and ROP, and more.
-
16:38
»
Packet Storm Security Misc. Files
Go Null Yourself E-zine Issue 6 - Topics in this issue include Floating Point Numbers Suck, How Skynet Works, Defeating NX/DEP With return-to-libc and ROP, and more.
-
-
11:16
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.
-
11:16
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.
-
11:16
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.
-
11:16
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.
-
-
19:39
»
Packet Storm Security Advisories
Apple Security Advisory 2011-10-12-4 - Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vulnerabilities.
-
19:39
»
Packet Storm Security Recent Files
Apple Security Advisory 2011-10-12-4 - Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vulnerabilities.
-
19:39
»
Packet Storm Security Misc. Files
Apple Security Advisory 2011-10-12-4 - Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vulnerabilities.
-
-
11:45
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 20 - Topics covered include rootkits with boot infection, reverse engineering and malware analysis, ostinato, angry malwares, and more.
-
11:45
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 20 - Topics covered include rootkits with boot infection, reverse engineering and malware analysis, ostinato, angry malwares, and more.
-
-
8:11
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 19 - Topics covered include SniffJoke - Defeating Interception Framework, RSA Security, Patent Law and Computer Technology, and various other articles.
-
8:11
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 19 - Topics covered include SniffJoke - Defeating Interception Framework, RSA Security, Patent Law and Computer Technology, and various other articles.
-
-
12:58
»
Packet Storm Security Advisories
Apple Security Advisory 2011-07-25-1 - A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains. The iOS 4.3.5 software update addresses this issue.
-
12:58
»
Packet Storm Security Recent Files
Apple Security Advisory 2011-07-25-1 - A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains. The iOS 4.3.5 software update addresses this issue.
-
12:58
»
Packet Storm Security Misc. Files
Apple Security Advisory 2011-07-25-1 - A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains. The iOS 4.3.5 software update addresses this issue.
-
12:55
»
Packet Storm Security Advisories
Apple Security Advisory 2011-07-25-2 - The iOS 4.2.10 software update addresses a certificate chain validation issue. The issue existed in the handling of X.509 certificates where an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
-
12:55
»
Packet Storm Security Recent Files
Apple Security Advisory 2011-07-25-2 - The iOS 4.2.10 software update addresses a certificate chain validation issue. The issue existed in the handling of X.509 certificates where an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
-
12:55
»
Packet Storm Security Misc. Files
Apple Security Advisory 2011-07-25-2 - The iOS 4.2.10 software update addresses a certificate chain validation issue. The issue existed in the handling of X.509 certificates where an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
-
7:25
»
Packet Storm Security Recent Files
Go Null Yourself E-zine Issue 5 - Topics in this issue include Public-Key Encryption and RSA, Iridium Satellite Network, An Introduction to x86 NASM, Hacking 15A Announcements, and more.
-
7:25
»
Packet Storm Security Misc. Files
Go Null Yourself E-zine Issue 5 - Topics in this issue include Public-Key Encryption and RSA, Iridium Satellite Network, An Introduction to x86 NASM, Hacking 15A Announcements, and more.
-
-
20:08
»
Packet Storm Security Advisories
Ubuntu Security Notice 1172-1 - It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. Various other issues were also addressed.
-
20:08
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1172-1 - It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. Various other issues were also addressed.
-
20:08
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1172-1 - It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. Various other issues were also addressed.
-
-
17:47
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 18 - Topics covered include using Metasploit with Nessus bridge on Ubuntu, Armitage, penetration testing with Metasploit, and various other articles.
-
17:47
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 18 - Topics covered include using Metasploit with Nessus bridge on Ubuntu, Armitage, penetration testing with Metasploit, and various other articles.
-
-
10:37
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 17 - Topics covered include pentesting your wireless, wi-fi tools, best practices for wi-fi networks, and forensics with Matriux.
-
10:37
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 17 - Topics covered include pentesting your wireless, wi-fi tools, best practices for wi-fi networks, and forensics with Matriux.
-
-
19:31
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 16 - Topics covered include the Browser Exploitation Framework, New Rules Under The Information Technology Act, Forensics With Matriux Part 1, and more.
-
19:31
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 16 - Topics covered include the Browser Exploitation Framework, New Rules Under The Information Technology Act, Forensics With Matriux Part 1, and more.
-
-
12:22
»
Packet Storm Security Recent Files
Go Null Yourself E-zine Issue 4 - Topics in this issue include Lattice-Based Cryptography, The Tech Behind Credit Cards, MapReduce Part 2, 303-833-00xx Scan, and more.
-
12:22
»
Packet Storm Security Misc. Files
Go Null Yourself E-zine Issue 4 - Topics in this issue include Lattice-Based Cryptography, The Tech Behind Credit Cards, MapReduce Part 2, 303-833-00xx Scan, and more.
-
-
8:14
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 15 - Topics covered include Mozilla Firefox Internals and Attack Strategies, FireCAT, Being Invisible on the Internet, and more.
-
8:14
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 15 - Topics covered include Mozilla Firefox Internals and Attack Strategies, FireCAT, Being Invisible on the Internet, and more.
-
-
12:48
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 14 - Topics covered include JS Recon, remote thread execution in system processes, laws related to unauthorized access, and more.
-
12:48
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 14 - Topics covered include JS Recon, remote thread execution in system processes, laws related to unauthorized access, and more.
-
-
20:29
»
Packet Storm Security Recent Files
Go Null Yourself E-zine Issue 3 - Topics in this issue include HP Hash Cracking with MapReduce, Port Knocking Primer, Abusing phpBB's Tell-A-Friend, Decoding Trillian Password Files, Numbers Stations FOIA, and more.
-
20:29
»
Packet Storm Security Misc. Files
Go Null Yourself E-zine Issue 3 - Topics in this issue include HP Hash Cracking with MapReduce, Port Knocking Primer, Abusing phpBB's Tell-A-Friend, Decoding Trillian Password Files, Numbers Stations FOIA, and more.
-
-
7:35
»
Packet Storm Security Misc. Files
Owned and Exposed Issue 2 - Known websites such as carders.cc, inj3ct0r, ettercap, exploit-db, backtrack and free-hack have all been compromised.
-
-
19:12
»
Packet Storm Security Advisories
Ubuntu Security Notice 1030-1 - It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.
-
19:12
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1030-1 - It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.
-
19:12
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1030-1 - It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.
-
-
12:03
»
Packet Storm Security Recent Files
Topics for this issue include database protocol exploits being explained, measuring web application security coverage, combating the changing nature of online fraud, and much more.
-
12:03
»
Packet Storm Security Misc. Files
Topics for this issue include database protocol exploits being explained, measuring web application security coverage, combating the changing nature of online fraud, and much more.
-
-
4:10
»
Sophos product advisories
The following issue was seen for a short period between 26/27 October 2010. It has now been resolved. Sophos Update Manager (SUM) failed to update from 'Sophos'. Errors were displayed in Enterprise Console.
-
-
20:01
»
Packet Storm Security Misc. Files
Go Null Yourself E-zine Issue 2 - Topics in this issue include DoSing Phone Lines with Asterisk, Practical DLL Hijacking, Exploring Tieline Networks and more.
-
-
23:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-185 - An integer overflow has been found and corrected in bzip2 which could be exploited by using a specially crafted bz2 file and cause a denial of service attack. Additionally clamav has been upgraded to 0.96.2 and has been patched for this issue. perl-Compress-Bzip2 in MES5 has been linked against the system bzip2 library to resolve this issue.
-
23:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-185 - An integer overflow has been found and corrected in bzip2 which could be exploited by using a specially crafted bz2 file and cause a denial of service attack. Additionally clamav has been upgraded to 0.96.2 and has been patched for this issue. perl-Compress-Bzip2 in MES5 has been linked against the system bzip2 library to resolve this issue.
-
-
14:02
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-168 - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly execute some sources refer to this as a use-after-free issue. The updated packages have been patched to correct this issue.
-
14:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-168 - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly execute some sources refer to this as a use-after-free issue. The updated packages have been patched to correct this issue.
-
-
15:20
»
remote-exploit & backtrack
Hey guys,
I installed my backtrack 4 final on my laptop and it was containing windows vista , in vista i was able to connect to my wireless connection easily , but when i removed vista and installed backtrack , i couldn't connect to any because it didn't even find any wireless !
I googled for that and found a lot of commands , like ifconfig wlan0 up and dhcpcd and so on , but when i enter ifconfig wlan0 up , it says that there isn't wlan0 network to up it ! ( im also using wicd manager and every time i click on Refresh it says that there isn't any wireless connection , so this issue - as i think - is about finding the wireless connection and then i think it's easy to connect if i found it )
This is my issue about the wireless , my question is how can i scan and find the wireless connection and connect to it .
Regards
Jacky
-
-
22:03
»
Packet Storm Security Misc. Files
Go Null Yourself E-zine Issue 1 - Topics in this issue include RTLO Spoofing, Alternate Data Streams, Derandomizing Perl's RNG, Trojaning OpenSSH and more.
-
22:03
»
Packet Storm Security Recent Files
Go Null Yourself E-zine Issue 1 - Topics in this issue include RTLO Spoofing, Alternate Data Streams, Derandomizing Perl's RNG, Trojaning OpenSSH and more.
-
-
1:35
»
Sophos product advisories
SafeGuard Enterprise - Sophos has released a patch for an API synchronization issue that may cause the wrong domain NetBIOS name to be entered in the database. This issue has been seen in SafeGuard Enterprise 5.50.0.116 Management Center/Server.
-
-
23:01
»
Packet Storm Security Misc. Files
HITB Magazine Volume 1 Issue 2 -This issue covers automated malware analysis, windows objects in kernel vulnerability exploitation, and more.
-
-
13:55
»
Packet Storm Security Misc. Files
Hack This Zine Issue 9 - This issue touches on the Pirate Bay launching VPN services, social networking, German fleshmobs, social change within the hacker movement, the Guardian project, and much more.
-
13:55
»
Packet Storm Security Misc. Files
Hack This Zine Issue 9 - This issue touches on the Pirate Bay launching VPN services, social networking, German fleshmobs, social change within the hacker movement, the Guardian project, and much more. Print version.
-
-
8:22
»
Packet Storm Security Recent Files
Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the mysqldump utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected.
-
8:22
»
Packet Storm Security Advisories
Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the mysqldump utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected.
-
-
13:42
»
remote-exploit & backtrack
Not sure if this is a VB issue or a BT issue. I have BT2 and 3 iso's in VB running just fine except one small problem. I have searched the newbie forum for issues close to mine and dont seem to see any. My issue is that whn i start BT2 and 3 in a VB machine, the window used to autosize to fit the 1024x768 resolution. But then i updated from 3.08 to 3.14. Now what is happening is that the screen of bt2 and 3 are not auto fitted any more so i have to use the scroll bars on the right and bottom sides to move the bt screen around so i can see the task bar. This is anoying since i have to hit the right ctrl button continually to move the envronment to see any of the windows or task bar. I have posted in VB forums but no one has posted back and its been 3 days. Like i mentioned earlier in the post, it used to auto fit the bt screen in the box so i would not have to use the scroll bars. i have tried to look for an option in VB but cant seem to find one. Also i try to change the res of bt3 or 2 to 800x600 but it does not like that. haha.
thanks for the help. I am using bt2 for my labs from the professional pen test book by tom welhelm.
-
-
19:00
»
Packet Storm Security Recent Files
iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in Real Networks Inc.'s RealPlayer version 11 could allow an attacker to execute arbitrary code. iDefense Labs has confirmed the existence of an integer overflow issue within RealPlayer when handling compressed GIF files. The vulnerability occurs in the CGIFCodec::InitDecompress() function, which does not properly validate a field in the GIF file before using it in an arithmetic operation that calculates the size of a heap buffer. This issue leads to heap corruption, which can result in the execution of arbitrary code. iDefense confirmed RealPlayer version 11 is vulnerable to this issue.
-
19:00
»
Packet Storm Security Advisories
iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in Real Networks Inc.'s RealPlayer version 11 could allow an attacker to execute arbitrary code. iDefense Labs has confirmed the existence of an integer overflow issue within RealPlayer when handling compressed GIF files. The vulnerability occurs in the CGIFCodec::InitDecompress() function, which does not properly validate a field in the GIF file before using it in an arithmetic operation that calculates the size of a heap buffer. This issue leads to heap corruption, which can result in the execution of arbitrary code. iDefense confirmed RealPlayer version 11 is vulnerable to this issue.
-
-
18:18
»
remote-exploit & backtrack
issue 1)
hi i downloaded Backtrack 4 Final (very nice) it all works just fine with no prob's except my wlan connection keeps dropping every 30 sec or so and i can't understand why ?
So for the time being ive switched back to the Pre-final version so i can access the internet.
my wireless chip-set is RTL8187 (monitor-mode/injection works just fine)
but just wount keep the connection.
================================================== ====
issue 2)
On the old Backtrack 4 Pre-final, the install process always auto detected my xp installation and sorted out grub menu accordingly.
However in the New "Backtrack 4 Final" it will never detect the xp installation and it just boots BT4 with no sign of xp
any ideas ? thnkx
-
-
7:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-026 - libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \\'\\\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
-
7:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-026 - libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \\'\\\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
-
-
1:45
»
Sophos product advisories
Sophos has released a hotfix for the issue described below which has been found in SafeGuard Enterprise 5.40.0.152 Management Center and SafeGuard Enterprise 5.40.0.152 Server. It is recommended that you apply this as soon as possible in order to prevent this issue from occurring.
0day.today (was: 1337day, Inj3ct0r, 1337db) (159 unread)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution