Hi,
We are pleased to inform you that the security issue “Plain
text password in Finjan Appliance 5100/8100 NG backup file” described
here:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047797.html
has been overcome with version 8.3.6 of Finjan’s Vital
Security Appli
On 7/23/06, Denzity <[EMAIL PROTECTED]> wrote:
I'm not trying to get into a political war but both sides have their reasons
for bombing each other.
Of course and so do hackers in a hacker war.
If they stop now any agreement will not be made
comfortably by either side and it will just lead t
On 7/22/06, wac wrote:
I would use ReactOS in that case ;) ---> www.reactos.com
The alpha 0.3.0 rc1 is already there waiting for the download yep an alpha
but then that is what win98 always was, a badly designed alpha putted on the
market with rush to produce money at the expense of
I'm not trying to get into a political war but both sides have their reasons for bombing each other. If they stop now any agreement will not be made comfortably by either side and it will just lead to further attacks (whether a full scale war or terrorist attacks) in the future. Israel needs to bom
Separating just XSS vulns from others is not an option. It would make more
sense to create a separate mailing list for vulnerabilities in Web
applications.
Major ones could still be reported on the other lists.
If kiddies discover them, then how should they know that the vulnerability
they`ve f
###
Luigi Auriemma
Application: Freeciv
http://www.freeciv.org
Versions: <= 2.1.0-beta1 and SVN <= 15 Jul 2006
Platforms:Windows, *nix, *BSD, MacOS and more
Bugs: A] me
###
Luigi Auriemma
Application: Warzone Resurrection
http://home.gna.org/warzone/
(Warzone 2100 http://www.strategyplanet.com/warzone2100/)
Versions: <= 2.0.3 and SVN
###
Luigi Auriemma
Application: Cheese Tracker
http://reduz.com.ar/cheesetracker/
http://sourceforge.net/projects/cheesetronic
Versions: <= 0.9.9 and current CVS
Plat
On 7/23/06, Gadi Evron <[EMAIL PROTECTED]> wrote:
Today, a serious cookie-stealing XSS in paypal was reported.
Enough said.
Although I can tell you what's going on here.
XSS is suffering an identity crisis and a public relations disaster.
There is a lack of high profile hacks with XSS now.
Major ones could still be reported on the other lists.
Aaron
something like xsstraq powered on securityfocus should be cleaner yep :)
Maybe there should be a special XSS list that could specialize in that
area ?
___
Full-Disclosure - We believe in
something like xsstraq powered on securityfocus should be cleaner yep :)
Aaron Gray wrote:
Maybe there should be a special XSS list that could specialize in that
area ?
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/
Maybe there should be a special XSS list that could specialize in that area
?
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200607-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Okay, so we all like to diss on Cross-site scripting vulnerabilities. They
are indeed vulnerabilities, but there are so many of them that they have
become tiresome, to say the least.
Today, a serious cookie-stealing XSS in paypal was reported. Automatically
it was put down. I will try and address
This is such scenario we should see in the poc and not a usual boxe
spamming a website ... This does not really alerts a web admin I think.
Thanks anyway for the informations.
php0t wrote:
If it works, then you can plant iframes in popular websites so that when
somebody visits them and they
If it works, then you can plant iframes in popular websites so that when
somebody visits them and they happen to be logged on to paypal at the
same time, the injected javascript could make a transaction using the
victim's (visitor's) creditentials. This can all happen without alerting
the user. (T
I wonder what is interesting in this , usually a poc show us we can
upload a crafted webpage on a vulnerable website, fake a whole webpage,
etc, this link doesnt speak much than the noob who found it.
Pigrelax wrote:
Hi!
>From Russia Security Site:
http://www.securitylab.ru/news/270837.php
N
Hi!
>From Russia Security Site:
http://www.securitylab.ru/news/270837.php
New worked XSS on paypal.com:
www.paypal.com/cgi-bin/webscr?cmd=p/gen/-->alert('www.securitylab.ru')
really work :)
___
Full-Disclosure - We believe in it.
Charter: http://lists.
18 matches
Mail list logo