Reached back out to vendor for update
06/11/2014 Rouched out one last time... Crickets
06/12/2014 Advisory
VI. TOOLS USED
Burpsuite, WVS, Firefox
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
Where
CVE-2013-5694 Blind SQL Injection in Ops View
Version(s): Opsview pre 4.4.1
Author: J. Oquendo (joquendo at e-fensive dot net)
I. ADVISORY
Title: Blind SQL Injection in OpsView
Date published: 2013-10-28
Vendor contacted: 2013-09-04
II. BACKGROUND
Opsview is a systems management software
CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View
Version(s): Opsview pre 4.4.1
Author: J. Oquendo (joquendo at e-fensive dot net)
I. ADVISORY
Title: Multilple Cross Site Scripting (XSS) Attacks in Ops View
Date published: 2013-10-28
Vendor contacted: 2013-09-04
II
Multiple Vulnerabilities in the Adtran Netvanta 7100
Impact: Multiple Local and Remote Compromise, XSS and
other Injection Attacks
Version(s): firmware prior to R10.5.3.HA
Author: J. Oquendo (joquendo at e-fensive dot net)
I. ADVISORY
Title: Multiple Vulnerabilities in Adtran Netvanta 7100
Date
- --
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP
It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently. - Warren Buffett
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op
treatment
plant in his area was affected causing all the water around him to be toxic.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP
It takes 20 years to build a reputation and five minutes to
ruin it. If you think about
paid for
your research. So unless you live under a rock, your argument is sort of
moot with regards to: or do you think that you can contact the vendor
asking funds for the research you have already found?
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH
of these systems in these
environments. These are not applications and or systems one can plop
onto donated boxes. They have no choice BUT to run the code.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP
It takes 20 years
fix an issue?
Where in any of your advisories did you take the time to let a company
know: hey you guys have some potential issues, here they are!!!
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP
It takes 20 years to build
/01apr_deepsolarminimum.htm
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP
It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently. - Warren Buffett
227C 5D35 7DCB 0893 95AA 4771
On Tue, 06 May 2008, Ken Schaefer wrote:
I'm not sure the facts in evidence support the conclusions reached here
(sorry, not posting inline as I don't want to address each conclusion built
upon some other shaky conclusion.
From http://support.microsoft.com/kb/890830
==
Either I
it
off. You don't have the chance to agree or disagree to provide logging
information which IS BEING USED by law enforcement. In fact... YOU WERE
NEVER TOLD.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)
wget -qO
. Oquendo
sil @ infiltrated dot net
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)
wget -qO - www.infiltrated.net/sig|perl
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x3AC173DB
offline. What does this accomplish other then
pure stupidity.
3) Where is the vendor contact information. Was this meant to be posted
to Bugtrag or Fool Disclosure?
--
J. Oquendo
SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)
wget -qO
Steve Shockley wrote:
Requred to lie, or just required to not disclose the cooperation?
We cannot confirm nor deny this term lie/(un)disclose at present time.
http://libraryjuicepress.com/blog/?p=291
--
J. Oquendo
SGFA #579 (FW+VPN
to mitigate your
strategy. Not mitigate what's happening after you possibly sent 1Gb of
traffic down a 100Mb pipe.
--
J. Oquendo
Excusatio non petita, accusatio manifesta
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xF684C42E
sil . infiltrated
a look at the information this clown is posting
or someone asleep at the wheel.
--
J. Oquendo
Excusatio non petita, accusatio manifesta
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net
sense.
Casper
Should we now create a new term for the industry +0day or 1day. How
about? nowaday
--
J. Oquendo
Excusatio non petita, accusatio manifesta
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xF684C42E
sil . infiltrated @ net
...
--
J. Oquendo
Excusatio non petita, accusatio manifesta
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net
smime.p7s
Description: S/MIME Cryptographic Signature
);
/script
Goodbye
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (FreeBSD
execution.
script
var reg = /(.)*/;
var z = 'Z';
while (z.length = 8192) z+=z;
var boum = reg.exec(z);
/script
while (z.length = 16384) z+=z;
--
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1383A743
sil . infiltrated @ net
01:34:54 CDT 2006
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/HYPNOS i386
*
* (c) 2006 J. Oquendo Genexsys.net::Infiltrated.net
*/
#include stdio.h
#include stdlib.h
#include unistd.h
#include strings.h
#include sys/time.h
#include sys/types.h
#include sys/socket.h
#ifndef __USE_BSD
#define __USE_BSD
22 matches
Mail list logo