[Full-disclosure] [ MDVSA-2011:197 ] php
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:197 http://www.mandriva.com/security/ ___ Package : php Date: December 30, 2011 Affected: 2010.1, 2011. ___ Problem Description: Multiple vulnerabilities has been discovered and corrected in php: Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708 (CVE-2011-4566). PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters (CVE-2011-4885). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885 ___ Updated Packages: Mandriva Linux 2010.1: a1fbe2b4e30f6fa1f54134f144813fbe 2010.1/i586/libphp5_common5-5.3.8-0.3mdv2010.2.i586.rpm d20c27de0ca773dec4eac226a083dabc 2010.1/i586/php-bcmath-5.3.8-0.3mdv2010.2.i586.rpm 3c858464cb0e5fa2bc31ecd7f145917f 2010.1/i586/php-bz2-5.3.8-0.3mdv2010.2.i586.rpm a626a55f83334d53b6324819d2de07c3 2010.1/i586/php-calendar-5.3.8-0.3mdv2010.2.i586.rpm d9393838295a082f8d46866121efd76c 2010.1/i586/php-cgi-5.3.8-0.3mdv2010.2.i586.rpm 41ee254c2857a31222baf729c07d 2010.1/i586/php-cli-5.3.8-0.3mdv2010.2.i586.rpm 7cad9e9a53eadf3c78ddc125c362ab1f 2010.1/i586/php-ctype-5.3.8-0.3mdv2010.2.i586.rpm 8ce7868955aba0d60a3395006fd28036 2010.1/i586/php-curl-5.3.8-0.3mdv2010.2.i586.rpm eb9a84cde5a6f402149ccb4575ebf46f 2010.1/i586/php-dba-5.3.8-0.3mdv2010.2.i586.rpm ddd6c7fbe990fdaec12d5ade422be025 2010.1/i586/php-devel-5.3.8-0.3mdv2010.2.i586.rpm 0adeb975f1ec49c2bd4487ebaa75c1c5 2010.1/i586/php-doc-5.3.8-0.3mdv2010.2.i586.rpm f24d4e4c2a5e96f5e76a5788062b585c 2010.1/i586/php-dom-5.3.8-0.3mdv2010.2.i586.rpm 7ebe7c3d8cfd1fa63c340cd6259fc196 2010.1/i586/php-enchant-5.3.8-0.3mdv2010.2.i586.rpm 4743b302b13438e218740a54f1ee792a 2010.1/i586/php-exif-5.3.8-0.3mdv2010.2.i586.rpm 2dd57fa23f2d6b1a9241049c3a6a283f 2010.1/i586/php-fileinfo-5.3.8-0.3mdv2010.2.i586.rpm cd9b0afad6fbe7bb819f405f60ce97ab 2010.1/i586/php-filter-5.3.8-0.3mdv2010.2.i586.rpm ca19675231cca34650979b602832bcf7 2010.1/i586/php-fpm-5.3.8-0.3mdv2010.2.i586.rpm a488ba8ef83cab967a35535837546c53 2010.1/i586/php-ftp-5.3.8-0.3mdv2010.2.i586.rpm ff7bb2597212ae0ff652f3ff7e3999b4 2010.1/i586/php-gd-5.3.8-0.3mdv2010.2.i586.rpm 985b0eb766c689ed28090f9617c9612a 2010.1/i586/php-gettext-5.3.8-0.3mdv2010.2.i586.rpm 723c95d0033c5ca31407e80bf96f80fb 2010.1/i586/php-gmp-5.3.8-0.3mdv2010.2.i586.rpm 347588cf33f6e868de86a23ef340b4b9 2010.1/i586/php-hash-5.3.8-0.3mdv2010.2.i586.rpm d12700ef7a195dc70cd84d181ecc8f57 2010.1/i586/php-iconv-5.3.8-0.3mdv2010.2.i586.rpm 0d34442958ae13b80b32eb5e9ae55f4c 2010.1/i586/php-imap-5.3.8-0.3mdv2010.2.i586.rpm d48ed11d713067bf31c44d2f307b47f1 2010.1/i586/php-ini-5.3.8-0.2mdv2010.2.i586.rpm 94b2e904d7767d42901f62680190a1ce 2010.1/i586/php-intl-5.3.8-0.3mdv2010.2.i586.rpm dac6fab408346ae491827e4c6145c51a 2010.1/i586/php-json-5.3.8-0.3mdv2010.2.i586.rpm f5369da5d917a706e47e06a86a319cb8 2010.1/i586/php-ldap-5.3.8-0.3mdv2010.2.i586.rpm d451b4bc65e79c1ca8ebeece0b4ea1c7 2010.1/i586/php-mbstring-5.3.8-0.3mdv2010.2.i586.rpm 88dc31bea32fc417059dfbf2a29fa1ce 2010.1/i586/php-mcrypt-5.3.8-0.3mdv2010.2.i586.rpm 018e3080c373f9a970aac0880b5e5293 2010.1/i586/php-mssql-5.3.8-0.3mdv2010.2.i586.rpm e8c00d4dee45f09d9adc251492a718f1 2010.1/i586/php-mysql-5.3.8-0.3mdv2010.2.i586.rpm bbae98f46152f1f791d83812b825f696 2010.1/i586/php-mysqli-5.3.8-0.3mdv2010.2.i586.rpm 0909280e61db71236205744007f257cf 2010.1/i586/php-odbc-5.3.8-0.3mdv2010.2.i586.rpm 33895cd5a133d211849b9246690992ea 2010.1/i586/php-openssl-5.3.8-0.3mdv2010.2.i586.rpm e10ebebca0ee4cec8e9d49b2b7ceefa3 2010.1/i586/php-pcntl-5.3.8-0.3mdv2010.2.i586.rpm c0624789da869942f8ab21b3bc4f8372 2010.1/i586/php-pdo-5.3.8-0.3mdv2010.2.i586.rpm 9ecea2b4a3c5749c579f7916dd924255 2010.1/i586/php-pdo_dblib-5.3.8-0.3mdv2010.2.i586.rpm 962339da5d0547f6f3ae7c87bbb01870 2010.1/i586/php-pdo_mysql-5.3.8-0.3mdv2010.2.i586.rpm fa4703f91b0646e29b7bc7a94c43616c
[Full-disclosure] [SECURITY] [DSA 2376-1] ipmitool security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2376-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst December 30, 2011 http://www.debian.org/security/faq - - Package: ipmitool Vulnerability : insecure pid file Problem type : local Debian-specific: no CVE ID : CVE-2011-4339 Debian Bug : 651917 It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file. For the stable distribution (squeeze), this problem has been fixed in version 1.8.11-2+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 1.8.11-5. We recommend that you upgrade your ipmitool packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJO/Wc/AAoJEOxfUAG2iX57/aEIAI7UnI1v9h9vQVZ4tHF93TQC RXDdTyLH1cu2AWGb416oSmLwHCKp2GvwihLwHmtUX4OJu21gChfHr7wkZZy2xNVg qcisZ2zxa66rzg3jFkhC8D9bYbcVIQhC33RwOPxuQngybun+haqPELLuFT6ZXEhz eTt2rf6/kd1MmZ23wlL+DMgSSqr0up04nj6pZS8Bo7theKZRw2ds6ezWRyhJquP6 uiTuyBVXqEFSyHsdvI93/zXs1g02ltuFztt12pnPaZzu3D1UtRItYX1ylhP5osie VVOC2Nz4zNDFUun5zrEffcIHPCgD4KMhOJU9f/dENMELcV5eVEm1e1tCrBjojiY= =DrU8 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2263-2] movabletype-opensource security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2263-2 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst December 30, 2011 http://www.debian.org/security/faq - - Package: movabletype-opensource Vulnerability : several Problem type : remote Debian-specific: no CVE ID : not yet available Debian Bug : 627936 Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package. The original advisory text follows. It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities: A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances. For the oldstable distribution (lenny), these problems have been fixed in version 4.2.3-1+lenny3. For the stable distribution (squeeze), these problems have been fixed in version 4.3.5+dfsg-2+squeeze2. For the testing distribution (wheezy) and for the unstable distribution (sid), these problems have been fixed in version 4.3.6.1+dfsg-1. We recommend that you upgrade your movabletype-opensource packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJO/W15AAoJEOxfUAG2iX579YAH/iHvmSvkzHQj5mrg48eEw8XI RCWvrYvCmnvPSJWia0c0p66KuncfABjWO3vN2MQR231TYlFH1UXGhwDQ6pyIxM9S jjvxmpoJD3DJm9VDlviSJfUulz9f47xyNbOMnB1griTlueOotYZR98B3MnbYzaB/ hemCTK7eC5tHgUj2LK3iVClmmL+OL9ykhFT7gYwJ+k4SX7zh82jrvghzktFoM9RV nbsVx6uqI341SVIuM/hbDuIHhWnobSPZyEcGEXoU1YcojezwLz/HMyEm929OsWTl t0SurJvEEGvSQwiIO1cp0/S9txZZtuZQrLFpnFBdnC5YFihdM8TQN2sIZ0y3izA= =E15M -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Winn Guestbook v2.4.8c Stored XSS
# Exploit Title: Winn Guestbook v2.4.8c Stored XSS # Date: 12/29/11 # Author: G13 # Software Link: http://code.google.com/p/winn-guestbook/, http://www.winn.ws # Version: 2.4.8c # Category: webapps (php) # CVE: 2011-5026 # Vulnerability # There is no sanitation on the input of the name variable. This allows malicious scripts to be added. This is a stored XSS. # Vendor Notification # 12/24/11 - Vendor Notified. 12/27/11 - Vendor Acknowledged, Patch Issued. # Resolution # Upgrade to Version 2.4.8d # Affected Variables # name=[XSS] # Exploit # The script can be added right in the page, there is no filtering of input. This can easily be exploited if the email address used is added to the approved posters list. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DoS in TI Golden Gateway MXP Debug Application
### Will Urbanski Application:Texas Instruments Golden Gateway MXP Debug Application http://www.ti.com Vuln ID:SHR20111201 Version:2007 Platforms: Embedded (tested on SMC D3GNV Cable Modem) Bug:input sensitization DoS vuln in `show rtcp_info` Exploitation: remote Date: 01 Dec 2011 Author: Will Urbanski e-mail: will () shakingrock com permalink: http://www.shakingrock.com/vulns/SHR20111201.txt ### 1) Introduction 2) `show rctp_info` 3) Impact 4) Workaround ### === 1) Introduction === From vendor's homepage: Golden Gateway® software is designed to run on Texas Instruments (TI) Digital Signal Processors (DSPs). The software, which powers voice, fax and data modem transmission over the Internet, is inside products made by industry leaders such as Cisco Systems, 3Com, Nortel Networks and many other leading voice and data communications equipment manufacturers. ### == 2) `show rctp_info` == Executing `show rctp_info 1` results in system failure due to a critical process being terminated. The show command is normally used to display system information and should not result in application termination. $ nc 172.16.1.1 4159 ����!����Texas Instruments Inc. 2007 Golden Gateway Remote Command Processor MXPshow version show version XGCP Version: 2.7.0 CM Version Label: 2.7.0 [...] MXPshow rtcp_info 1 show rtcp_info 1 MXPsigterm_prog=0;calling vp880_restart The DoS can be initiated remotely by simply sending show rtcp_info 1 to the MXP shell. During some of our tests we were unable to regain internet connectivity until the device had been unplugged. In the event that connectivity is restored spamming show rtcp_info 1 to the MXP shell will ensure the device stays offline. ### === 3) Impact === As mentioned on the vendors site the Golden Gateway Remote Command Processor MXP Debug Application is included in many embedded networking devices. The software, which powers voice, fax and data modem transmission over the Internet, is inside products made by industry leaders such as Cisco Systems, 3Com, Nortel Networks and many other leading voice and data communications equipment manufacturers. This remote denial of service was discovered in an SMC D3GNV DOCSIS 3.0 Multimedia Voice Gateway which provides voice, wifi, and cable internet capabilities. This vulnerability _may_ be found on any device that allows unauthenticated access to the MXP Debug Application shell. ### == 4) Workaround == Restrict access to port tcp/4159 on devices that are allowing unauthenticated access to the MXP Debug Application. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416
SEC Consult Vulnerability Lab Security Advisory 20111230-0 === title: Microsoft ASP.NET Forms Authentication Bypass product: Microsoft .NET Framework vulnerable version: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.237 and below fixed version: MS11-100 CVE: CVE-2011-3416 impact: critical homepage: http://www.microsoft.com/net found: 2011-10-02 by: K. Gudinavicius / SEC Consult Vulnerability Lab m. / SEC Consult Vulnerability Lab https://www.sec-consult.com === Vendor description: --- .NET is an integral part of many applications running on Windows and provides common functionality for those applications to run. This download is for people who need .NET to run an application on their computer. For developers, the .NET Framework provides a comprehensive and consistent programming model for building applications that have visually stunning user experiences and seamless and secure communication. Source: http://www.microsoft.com/net Vulnerability overview/description: --- The null byte termination vulnerability exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer. This vulnerability can be leveraged into an authentication bypass vulnerability. Microsoft ASP.NET membership system depends on the FormsAuthentication.SetAuthCookie(username, false) method for certain functionality. By exploiting this vulnerability an attacker is able to log on as a different existing user with all the privileges of the targeted user (e.g. admin). Proof of concept: - Detailed exploit information and source code references have been removed from this advisory. An attacker is able to bypass authentication in certain functionality using null bytes and log on as another user, e.g. admin. Vulnerable / tested versions: - The vulnerability has been verified to exist in Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.237, which was the most recent version at the time of discovery. More information regarding affected versions is available within the advisory of Microsoft: http://technet.microsoft.com/en-us/security/bulletin/ms11-100 Vendor contact timeline: 2011-10-07: Contacted vendor through sec...@microsoft.com 2011-10-07: Vendor response, MSRC 11838 2011-10-14: Contacted MSRC asking for status 2011-10-15: Answer from case manager: the vulnerability will be addressed through a security bulletin, a timeframe is unknown. 2011-11-23: Contacted MSRC asking for status 2011-11-23: Answer from case manager: a release date of update is unknown, best guess would be a month before or after the March (2012) update cycle 2011-12-29: Microsoft publishes out-of-band security patch MS11-100 which also addresses this vulnerability 2011-12-30: SEC Consult releases redacted version of advisory due to criticality of this issue SEC Consult will release a more detailed advisory at a later date. Solution: - Immediately apply the MS11-100 patch: http://technet.microsoft.com/en-us/security/bulletin/ms11-100 Workaround: --- In .NET 4.0 the vulnerability can be mitigated by setting the ticketCompatibilityMode attribute in the application or global web.config file like this: system.web authentication mode=Forms forms ticketCompatibilityMode=Framework40 / /authentication /system.web Advisory URL: - https://www.sec-consult.com/en/advisories.html ~~~ SEC Consult Unternehmensberatung GmbH Office Vienna Mooslackengasse 17 A-1190 Vienna Austria Tel.: +43 / 1 / 890 30 43 - 0 Fax.: +43 / 1 / 890 30 43 - 25 Mail: research at sec-consult dot com https://www.sec-consult.com EOF K. Gudinavicius, J. Greil / @2011 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in plugins for MODx CMS, XOOPS, uCoz, Magento and DSP CMS
Hello Antony! You are welcome. All those XSS vulnerabilities in 34 millions flash files, and all those vulnerable plugins for different engines with vulnerable swf-file, which I've wrote about during 2010-2011, including last five plugins, and those vulnerabilities in TinyMCE (on tens millions of web sites, only on WordPress there are more then 67 millions of affected web sites), and all those vulnerabilities disclosed by me in 2011, and that new version of plugin Register Plus Redux (with fixed all holes), which I wrote about in the last advisory - all these are my presents. So Merry Christmas and Happy New Year! Of course I wish good music for everyone for holidays. Like this one: http://soundcloud.com/mustlive/mega-mix-4 Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua - Original Message - From: Antony widmal To: MustLive Cc: submissi...@packetstormsecurity.org ; full-disclosure@lists.grok.org.uk Sent: Tuesday, December 27, 2011 12:44 AM Subject: Re: [Full-disclosure] Vulnerabilities in plugins for MODx CMS, XOOPS, uCoz, Magento and DSP CMS 10 million XSS ! Thank you Santa. 2011/12/26 MustLive mustl...@websecurity.com.ua Hello list! Besides tens millions of vulnerable web sites with affected flash files and vulnerable multiple plugins for different engines, which I've wrote about earlier, there are a lot of other vulnerable plugins. Here are new ones (some of them are vulnerable to two XSS holes). There are Cross-Site Scripting vulnerabilities in plugins for engines MODx CMS, XOOPS, uCoz, Magento and DSP CMS, which all are ports of WP-Cumulus. A lot of other such plugins for other engines can be vulnerable. This XSS is similar to XSS vulnerability in WP-Cumulus, which I've disclosed in 2009 (http://securityvulns.com/Wdocument842.html). Because these plugins are using tagcloud.swf made by author of WP-Cumulus. About such vulnerabilities I wrote in 2009-2011, particularly about millions of flash files tagcloud.swf which are vulnerable to XSS attacks I mentioned in my article XSS vulnerabilities in 34 millions flash files (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-January/006033.html). - Affected products: - Vulnerable are all versions of Tagcloud for MODx CMS. Vulnerable is Сumulus for XOOPS 1.0, which is also included in ExtendedPackRU for XOOPS. Vulnerable are all versions of uCoz-Cumulus for uCoz. Vulnerable are all versions of Cumulus Tagcloud for Magento. Vulnerable are all versions of Сumulus for DSP CMS. Some of these plugins are vulnerable to one and some to two XSS holes - as to first hole in WP-Cumulus, which I've disclosed in 2009, as to second hole, which I've disclosed in 2011. Besides these ones and those which I've disclosed in 2009-2011, a lot of other such plugins for other engines can be vulnerable. -- Details: -- XSS (WASC-08): Tagcloud for MODx CMS: http://site/assets/files/tagcloud.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E Сumulus for XOOPS: http://site/modules/cumulus/include/cumulus.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E uCoz-Cumulus for uCoz: http://site/tagcloud.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E Cumulus Tagcloud for Magento: http://site/frontend/tag/tagcloud.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href=%27javascript:alert(document.cookie)%27+style=%27font-size:+40pt%27%3EClick%20me%3C/a%3E%3C/tags%3E http://site/frontend/tag/tagcloud.swf?xmlpath=xss.xml http://site/frontend/tag/tagcloud.swf?xmlpath=http://site/xss.xml Via parameters mode and xmlpath. Сumulus for DSP CMS: http://site/engine/tags/cumulus.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href=%27javascript:alert(document.cookie)%27+style=%27font-size:+40pt%27%3EClick%20me%3C/a%3E%3C/tags%3E Code will execute after click. It's strictly social XSS (http://websecurity.com.ua/5476/). Also it's possible to conduct (like in WP-Cumulus) HTML Injection attack. - Plugins with fixed version of swf-file: - Because in November 2009, after my informing, Roy Tanck (developer of WP-Cumulus) fixed only XSS vector, but not HTML Injection vector, it's still possible to conduct HTML Injection attacks (for injecting arbitrary links) to all versions of this swf-file (which can be found under name tagcloud.swf and other names). Including fixed version of the swf-file, with fixed XSS hole. So all those plugins, which developers fixed this vulnerability (after my informing or by informing from Roy or other people) by updating swf-file, are still vulnerable to HTML Injection.
[Full-disclosure] INSECT Pro - Version 3.0 Released!
Great news!!! This 2012 we released the new version of INSECT PRO INSECT Pro 3.0 - Ultimate is here! This penetration security auditing and testing software solution is designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications. Promotional price: 50 u$d! Get your copy now! From here: http://insecurityresearch.com http://www.youtube.com/watch?v=4txmfeWKaxAfeature=player_embedded Insecurity Research Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Version 3.0 Released!
Seriously, what the fuck is wrong with you? How many times have you been told that full disclosure is not the place for advertising your piece of shit software? On Dec 30, 2011 4:43 PM, runlvl run...@gmail.com wrote: Great news!!! This 2012 we released the new version of INSECT PRO INSECT Pro 3.0 - Ultimate is here! This penetration security auditing and testing software solution is designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications. Promotional price: 50 u$d! Get your copy now! From here: http://insecurityresearch.com http://www.youtube.com/watch?v=4txmfeWKaxAfeature=player_embedded Insecurity Research Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Version 3.0 Released!
The presentation video is actually quite nice. Maybe you should diversify your business into graphical design. On 12/30/2011 09:37 PM, runlvl wrote: Great news!!! This 2012 we released the new version of INSECT PRO INSECT Pro 3.0 - Ultimate is here! This penetration security auditing and testing software solution is designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications. Promotional price: 50 u$d! Get your copy now! From here: http://insecurityresearch.com http://www.youtube.com/watch?v=4txmfeWKaxAfeature=player_embedded Insecurity Research Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/