GreyMagic Security Advisory GM#015-IE
=
By GreyMagic Software.
19 Apr 2005.
Available in HTML format at
http://www.greymagic.com/security/advisories/gm015-ie/.
Topic: File Selection May Lead to Command Execution.
Discovery date: 18 Jan 2005.
Affected
toss this one in...
http://www.myspace.com/index.cfm?fuseaction=findcircuitaction=searchsearchType=networkinteresttype=f_first_name=iframe
src=http://whatismyip.com;/iframeSubmit=Find
i think redirects are more effective in showing xss, but cookies are nice
too
or other xss like
On Apr/20/2005, Day Jay wrote:
You are wrong again, it's Smashing the Stick you
moron. Not smashing the stack. Ask anyone here!
Man, you are such a newbie. Get a clue and stop trying
to say the sweet code is a backdoor just because you
don't know how to compile software properly. You're
On Thu, Apr 21, 2005 at 04:32:39AM -0500, Ed Carp wrote:
Javi Polo wrote:
On Apr/20/2005, Day Jay wrote:
You are wrong again, it's Smashing the Stick you
moron. Not smashing the stack. Ask anyone here!
Man, you are such a newbie. Get a clue and stop trying
to say the sweet code is a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Update Advisory
___
Package name: xli
Advisory ID:
My 2 eurocents:
http://www.multimania.lycos.fr/myaccount/?lsu_ssl=?_loginName=?_loginName=lsu_err_msg=I%20LOVE%20XSS
http://trans.voila.fr/voila?systran_text=%3C/textarea%3E%3CBODY%20ONLOAD=document.write('I_LIKE_XSS!')%3E
Regards.
Jerome
___
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200504-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Fun with ISS Fusion Module
This module can correlate data from different ISS products and based it can
give additional info about detected attacks (was it successfully or not, etc).
For example, if IDS (network sensor)detects exploit in traffic, but scans
(internet scanner) reports that
Has anyone ever used elsave.exe or anything similar for 2003 server event log
collection and clearing? Are there any known issues with this software i.e.
trojaned or backdoor etc...?
Sgt Taylor Steve C
Information Assurance
Marine Forces Europe
Mole Rat
Ultima Ratio Regum
Bob,
I'm looking for something that is free and easily scripted. Basically I
have a server farm and would like to have all log files cleared and saved to a
central location so that I can back them up.
S/F
Sgt Taylor Steve C
Information Assurance
Marine Forces Europe
Mole Rat
Ultima
KF
I tried that, but the logs were dropping or not being reported for some
undetermined reason.
Sgt Taylor Steve C
Information Assurance
Marine Forces Europe
Mole Rat
Ultima Ratio Regum
-Original Message-
From: KF (lists) [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 21,
Donato Ferrante
Application: Yawcam
http://www.yawcam.com
Version: 0.2.5
Bug: directory traversal
Date: 21-Apr-2005
Author: Donato Ferrante
e-mail: [EMAIL PROTECTED]
web:
The ONLY posts I don't like are posts like that, complaining about the
list. Like somebody else said, the rest of this list provides great
comic relief!
Javi Polo wrote:
On Apr/20/2005, Day Jay wrote:
You are wrong again, it's Smashing the Stick you
moron. Not smashing the stack. Ask anyone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 713-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 21st, 2005
Day Jay wrote:
I think it's a whole lot of trouble to the newbie
beginners who probably ran it the first time.
Lamers. Heh.
I haven't seen any evidence as of yet that anyone ran this code on a
segment connected to the network (seeing as I haven't seen any passwd or
shadow files posted to the
root:$1$WO0cTkiq$4x/Of2KBx2HRwv/OXmggv1:12741:0:9:7:::
daemon:*:12741:0:9:7:::
bin:*:12741:0:9:7:::
sys:*:12741:0:9:7:::
sync:*:12741:0:9:7:::
games:*:12741:0:9:7:::
man:*:12741:0:9:7:::
lp:*:12741:0:9:7:::
mail:*:12741:0:9:7:::
news:*:12741:0:9:7:::
Well tried !
--
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050324
Debian/1.7.6-1
--
= I didn't know mail adds so funny headers ;)
Does the Joker (understand the r0x0r who releases this bulls**t) already
run his favorite bruteforcer ?
Pierre
Le jeudi 21 avril 2005
lmfao. Good job. :-P Guess you ran that IIS 6 exploit.
On 4/21/05, KF (lists) [EMAIL PROTECTED] wrote:
root:$1$WO0cTkiq$4x/Of2KBx2HRwv/OXmggv1:12741:0:9:7:::
daemon:*:12741:0:9:7:::
bin:*:12741:0:9:7:::
sys:*:12741:0:9:7:::
sync:*:12741:0:9:7:::
Yah... You can take that back now as of 3:04 CST. hehe.
On 4/21/05, bkfsec [EMAIL PROTECTED] wrote:
I haven't seen any evidence as of yet that anyone ran this code on a
segment connected to the network (seeing as I haven't seen any passwd or
shadow files posted to the list...) indicating
Try running John the Ripper on the file. LOL.
Cody
On 4/21/05, Tim O'Guin [EMAIL PROTECTED] wrote:
Yah... You can take that back now as of 3:04 CST. hehe.
On 4/21/05, bkfsec [EMAIL PROTECTED] wrote:
I haven't seen any evidence as of yet that anyone ran this code on a
segment connected
Well tried !
--
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050324
Debian/1.7.6-1
--
= I didn't know mail adds so funny headers ;)
Does the Joker (understand the r0x0r who releases this bulls**t) already
run his favorite bruteforcer ?
Pierre
Le jeudi 21 avril 2005
21 matches
Mail list logo