Next Page >>
security community
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of The
Security Community
Sent: Wednesday, December 12, 2007 3:32 PM
To: bugtraq@securityfocus.com; Full-Disclosure
Subject: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass
Mr. HinkyDink would like to share the following with the Security
we still insist on that it is a security issue or not should accord to
root cause of this bug instead of is it exploitable or not. because you
think it is unexploitable, someone can exploit it via deeply research.
So if most people of Security Community think this is a security issue,
please assign to a CVE number.
3 Analysis
=========
Mr. HinkyDink would like to share the following with the Security Community...
---------- Forwarded message ----------
From: <dink@mrhinkydink.com>
Date: Dec 12, 2007 6:05 PM
Subject: Websense 6.3.1 Filtering Bypass
To: thesecuritycommunity@gmail.com
*About SyScan'08*
The Symposium on Security for Asia Network aims to be a very different
security conference from the rest of the security conferences that the
information security community in Asia has come to be so familiar and
frustrated with.
SyScan is a non-product, non-vendor biased security conference. It is
the aspiration of SyScan to congregate in Asia the best security experts
in their various fields, to share their research, discovery and
experience with all security enthusiasts in Asia.
* (HKEY_CURRENT_USER\Software\Microsoft\Windows\QualityControl) without proper encryption.
* This can be exploited to disclose the encrypted _pack password of the user which is ROT-25 and reversed.
*
* Sample Output:
*
* ASTALAVISTA the hacking & security community
* Folder Lock <= 5.9.5 Decrypter v2.0
* ---------------------------------
* Encrypted Password: :3<k_^62`4T-
* Decrypted Password: ,S3_15]^j;29
*
This is the call for presenters for the inaugural Kiwicon.
[WTF?]
Kiwicon '07 will be a largely informal conference, organised by the
security community for the security community. It will be held in
Wellington, New Zealand, on the weekend of the 17th and 18th of
November, 2007.
It will focus on sharing information; ideas, code, and catching up with
other like-minded people from around New Zealand (and further abroad).
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
INTRODUCTION
you sh0t the Sheriff is a very unique event dedicated to bringing cutting
edge topics to the top-notch Information Security Community in Brazil.
yStS mixes the highest quality presentations and speakers from all over the
globe, covering diverse topics in information security.
Our goal is to help attendees understand the current state of the
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
Credits:
Charalambous Glafkos
Email: glafkos (at) astalavista (dot) com
___________________________________________
ASTALAVISTA - the hacking & security community
www.astalavista.com
www.astalavista.net
relevant to their specific system configuration:
http://corporate.secunia.com/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://corporate.secunia.com/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
Tikiwiki (Tiki) is a Free Software (LGPL) Content Management System
solution that unifies many features like wikis, forums, blogs,
articles, galleries, mapserver, link directory.
This software is massively used in the World Wide Web, and has been
audited by the security community for years.
III. DESCRIPTION
-------------------------
It is possible to get the first 1000 bytes from an arbitrary file
trough the tiki-listmovies.php script.
relevant to their specific system configuration:
http://corporate.secunia.com/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/
Secunia believes that it is important to support the community and to
two days of trainings, covering the latest topics in network and IT security.
All speakers will be invited to a social event with dinner on the first day
of the conference. Don't miss this, be part of the community and have a drink!
The DeepSec conference is a meeting place for the academic community,
businesses, industry and security community. It offers a neutral ground to
exchange ideas and experiences, thus making it a unique event trying to
present the best research and experience from the fields' leading experts.
Submission:
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://corporate.secunia.com/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/
Secunia believes that it is important to support the community and to
ABOUT THE CONFERENCE
you Sh0t the Sheriff is a very unique, one-day, event dedicated to
bringing cutting edge talks to the top-notch professionals of the
Information Security Community in Brazil.
The conference’s main goal is to bring the attendees to the most
up-to-date state of the information security world by mixing
professionals and topics from different Infosec segments of the
market.
relevant to their specific system configuration:
http://corporate.secunia.com/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
Next Page>>
|
