Don't buy Linksys Routers they are vulnerable to Wifi unProtected
Setup Pin registrar Brute force attack.
No patch or workaround exist at the making of this post.
Vulnerable list and alleged patch availability:
source:http://www6.nohold.net/Cisco2/ukp.aspx?vw=1articleid=25154
E1000 To Be
Celebrate with PenTest Magazine
To celebrate the transformation of PenTest StarterKit edition into
Auditing Standards PenTest, we've decided to give everyone access to 4
full PenTest issues for free
All you need to do to download them is create a free account. Sign up as
a free member here:
Wellin Germany...our law regarding security in general is very, very
vague.
It basically says that you have to go to prison if you produce or
publish any information
and/or tools (for so-called hacking-purposes) in preparation for a
criminal offense.
And: if you get unauthorized access to
CVE-2012-1037: GLPI = 0.80.61 LFI/RFI
Severity: Important
Vendor: GLPI - http://www.glpi-project.org
Versions Affected
=
All versions between 0.78 and 0.80.61
Description
===
GLPI fails to properly sanitize the GET 'sub_type' parameter in the
front/popup.php file:
Title:
==
Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
Date:
=
2012-02-07
References:
===
http://www.vulnerability-lab.com/get_content.php?id=428
VL-ID:
=
428
Introduction:
=
Dolibarr ERP CRM is a modern software to manage your company or
Title:
==
OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities
Date:
=
2012-02-08
References:
===
http://www.vulnerability-lab.com/get_content.php?id=426
VL-ID:
=
426
Introduction:
=
Onxshop is not only great CMS offering integrated in-context editing and full
Title:
==
Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities
Date:
=
2012-02-09
References:
===
http://www.vulnerability-lab.com/get_content.php?id=427
VL-ID:
=
427
Introduction:
=
Dolibarr ERP CRM is a modern software to manage your company or
Title:
==
Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities
Date:
=
2012-02-09
References:
===
http://www.vulnerability-lab.com/get_content.php?id=427
VL-ID:
=
427
Introduction:
=
Dolibarr ERP CRM is a modern software to manage your company or
Title:
==
Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities
Date:
=
2012-02-06
VL-ID:
=
418
Abstract:
=
Alexander Fuchs discovered 2 remote SQL Injection Vulnerabilities on the
official website of Indianapolis Superbowl 2012 (US).
Status:
Verified
*Advisory Information*
Title: Astaro Security Gateway - bypass using whitelist domain pattern
weakness
upSploit Ref: UPS-2011-0041
*Advisory Summary*
Astaro Security Gateway's default Web Filtering Exceptions allow
specially-named domains to bypass security features of the firewall.
http://www.indianapolissuperbowl.com/view-release.php?id=42
2012/2/10 resea...@vulnerability-lab.com resea...@vulnerability-lab.com
Title:
==
Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities
Date:
=
2012-02-06
VL-ID:
=
418
Abstract:
=
Alexander
Use Tomato-USB OS on them.
A.
On Fri, 10 Feb 2012 07:40:03 +,
farthva...@hush.ai wrote: Don't buy Linksys Routers they are vulnerable to
Wifi unProtected Setup Pin registrar Brute force attack.
No patch or
workaround exist at the making of this post.
Vulnerable list and alleged
patch
Title:
==
Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities
Date:
=
2012-02-10
References:
===
http://www.vulnerability-lab.com/get_content.php?id=429
VL-ID:
=
429
Introduction:
=
Scriptable, distributed and object oriented Hosting Platform.
On Fri, 10 Feb 2012 03:51:53 GMT, Nick Boyce said:
OT: They should just make FF quality high and the design impeccable -
Quality high is always a nice concept. But there's always 5 quality issues
and
resources to fix only 3. Obviously, you want to fix the 3 that matter most to
your users -
Hi,
I can imagine that developers want to have a clue what they need to repair.
I only have a problem the way they do it and the way my behavior is exposed
without possible influence.
Let's say for the sake of argument, that 20% on similar hardware have a problem
with loading times and the
On Fri, 10 Feb 2012 07:40:03 GMT, farthva...@hush.ai said:
Don't buy Linksys Routers they are vulnerable to Wifi unProtected
Setup Pin registrar Brute force attack.
Nice sound bite there.
So tell us - what alternative brand should we buy instead? Include in your
discussion a proof that the
1. OVERVIEW
The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection.
2. BACKGROUND
CubeCart is an out of the box ecommerce shopping cart software
solution which has been written to run on servers that have PHP
MySQL support. With CubeCart you can quickly setup a powerful
*Advisory Information*
Title: Zen-Cart Admin CSRF/XSRF - Delete / Disable Products
Date published: 2012-02-10 01:59:45 AM
upSploit Ref: UPS-2011-0018
CVE REF: CVE-2011-4403
*Advisory Summary*
An attacker can force an administrator to delete or disable products from
within his store.
*Vendor*
Fixing a vulnerability like this with all the bureoucratic, QA and legal
process wouldn't take no more than 2 weeks
If bureaucratic, QA, and legal issues emerge, you can't even get the names of
the people you need to speak to in less than 2 weeks, let alone schedule a
conference call. Fixing?
Hello list!
I want to warn you about new security vulnerabilities in D-Link DAP 1150
(Wi-Fi Access Point and Router).
These are Cross-Site Request Forgery, Denial of Service and Cross-Site
Scripting vulnerabilities. This is my fourth advisory from series of
advisories about vulnerabilities in
Fecha y hora: Sabado, Febrero 11 2012 - 18:00 PM ( Hora Argentina GMT - 3:00 )
En el webinario veremos de forma practica y teorica como se ejecutan
los ataques de denegacion de servicio,
haremos pruebas contra ambientes reales que los asistentes propogan
usando botnets y exploits.
Orador: Juan
Hello, one of InfoSec Institute's security researchers reverse engineered a
new botnet that is active for the Android platform. RootSmart has some
unique features that make it newsworthy:
. Takes advantage of Gingerbreak exploit to take control of Android device
. The main malware payload is a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:016
http://www.mandriva.com/security/
Solution: use DD-WRT? Or is that vulnerable too? (Or are there worse
problems? :))
On Feb 10, 2012 10:12 AM, Dan Kaminsky d...@doxpara.com wrote:
Fixing a vulnerability like this with all the bureoucratic, QA and legal
process wouldn't take no more than 2 weeks
If bureaucratic, QA, and legal
According to the Reaver people, DD-WRT doesn't support WPS at all :)
On Fri, Feb 10, 2012 at 2:00 PM, Zach C. fxc...@gmail.com wrote:
Solution: use DD-WRT? Or is that vulnerable too? (Or are there worse
problems? :))
On Feb 10, 2012 10:12 AM, Dan Kaminsky d...@doxpara.com wrote:
Fixing a
Waidaminnit... Didn't you try to sell me a belkin the other day?
Conflict of interest there
Sent from my BlackBerry® wireless device
-Original Message-
From: valdis.kletni...@vt.edu
Sender: full-disclosure-boun...@lists.grok.org.uk
Date: Fri, 10 Feb 2012 11:06:49
To: farthva...@hush.ai
On Fri, 10 Feb 2012 14:41:37 EST, Dan Kaminsky said:
According to the Reaver people, DD-WRT doesn't support WPS at all :)
The sort of people that run DD-WRT probably consider that a feature, not a bug.
;)
pgpXK8cycHsYF.pgp
Description: PGP signature
On Fri, Feb 10, 2012 at 4:33 PM, valdis.kletni...@vt.edu wrote:
On Fri, 10 Feb 2012 14:41:37 EST, Dan Kaminsky said:
According to the Reaver people, DD-WRT doesn't support WPS at all :)
The sort of people that run DD-WRT probably consider that a feature, not a
bug. ;)
If you've got the
Hello All,
ClubHack Magazine is seeking submissions for next issue, Issue 26 - March
2012.
Topics:-
1. Web App Sec
2. OS Exploitation and Security
3. Cryptography and cryptanalysis
Few guidelines :
1) Keep the language as easy as possible. Screen shots will be of help.
2) Along with article
29 matches
Mail list logo