Re: [Full-disclosure] XSS at Citibank.co.uk

Hi Jim, Besides the obvious, exactly why should Cisco or any other vendor in our business be shielded from public scrutiny on products which are faulty? I am sure that Merck would like to have kept Vioxx on the market, even though people died from it. I am just as sure that Guidant Corp did not

[Full-disclosure] XSS Nordstroms.com

###-XSS-# Informed site admin: 4-15-05 http://about.nordstrom.com/help/livehelp/livehelpstart.asp?uri=http://maliciousSITE.com Discovered by Jeff Peadro jeff.peadro [at] gmail.com ###-XSS-#

[Full-disclosure] XSS www.jg-tc.com

###-XSS-### http://jg-tc.com/shared-content/search/index.php?search=goo=0l=XSS%22%20style=%22background:url(javascript:alert('XSS'))s=recentr=d1=yesterdayd2=todayq=

Re: [Full-disclosure] bash vulnerability?

Wernfried Haas wrote: assuming you actually meant :(){ :|: };: (which can be harmful if no limits are set)? It should be noted that according to the limits man page, By default no quotas are imposed on 'root'. In fact, there is no way to impose limits via this procedure to

[Full-disclosure] (TOOL ANNOUNCEMENT) Efilter - automatic exception reporting utility

Hi, ... Info Efilter is an automatic exception reporting utility. It is very useful and handy while doing vulnerability research on any software designed to work under Windows NT platforms. Due to that it hooks KiUserExceptionDispatcher function, it acts BEFORE any of

[Full-disclosure] STG Security Advisory: [SSA-20050812-27] Discuz! arbitrary script upload vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 STG Security Advisory: [SSA-20050812-27] Discuz! arbitrary script upload vulnerability. Revision 1.0 Date Published: 2005-8-12 (KST) Last Update: 2005-8-12 (KST) Disclosed by SSR Team ([EMAIL PROTECTED]) Summary Discuz! is one of famous

RE: [Full-disclosure] IMAP scans? Something going on I should knowabout?

My personal logs for imap scan for last 3 days - 11/08/2005 10:47:29 IMAP: (Accept) Receiving from 218.47.179.77 11/08/2005 10:48:00 IMAP: (Accept) Receiving from 218.47.179.77 12/08/2005 10:31:06 IMAP: (Accept) Receiving from 220.224.38.222 12/08/2005 14:00:34 IMAP: (Accept) Receiving from

Re: [Full-disclosure] IMAP scans? Something going on I should knowabout?

List of what I have for imapd vulns. Look both at the Description and Code sections. http://www.milw0rm.com/search.php?dong=imapd /str0ke On 8/14/05, Aditya Deshmukh [EMAIL PROTECTED] wrote: My personal logs for imap scan for last 3 days - 11/08/2005 10:47:29 IMAP: (Accept) Receiving from

[Full-disclosure] [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue

Drupal security advisory DRUPAL-SA-2005-004 Advisory ID:DRUPAL-SA-2005-004 Date: 2005-aug-15 CVE

Re: [Full-disclosure] The Cisco media frenzy

Agent: FANTASTIC!! What do you call youselves??? Pops: The Aristocrates!!! View attached. On 8/14/05, n3td3v [EMAIL PROTECTED] wrote: I think its pathetic the way everyone has handled the whole affair. I don't blame Cisco for anything. To see these self proclaimed hackers goto Blackhat

[Full-disclosure] [ GLSA 200508-06 ] Gaim: Remote execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -