[Full-disclosure] (no subject)

Hi,   We are pleased to inform you that the security issue “Plain text password in Finjan Appliance 5100/8100 NG backup file” described here: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047797.html   has been overcome with version 8.3.6 of Finjan’s Vital Security Appli

Re: [Full-disclosure] Hackers ready as G8 governments refuse to stop Israel invading Lebanon

On 7/23/06, Denzity <[EMAIL PROTECTED]> wrote: I'm not trying to get into a political war but both sides have their reasons for bombing each other. Of course and so do hackers in a hacker war. If they stop now any agreement will not be made comfortably by either side and it will just lead t

Re: [Full-disclosure] 70 million computers are using Windows 98 right now

On 7/22/06, wac wrote: I would use ReactOS in that case ;) ---> www.reactos.com The alpha 0.3.0 rc1 is already there waiting for the download yep an alpha but then that is what win98 always was, a badly designed alpha putted on the market with rush to produce money at the expense of

Re: [Full-disclosure] Hackers ready as G8 governments refuse to stop Israel invading Lebanon

I'm not trying to get into a political war but both sides have their reasons for bombing each other. If they stop now any agreement will not be made comfortably by either side and it will just lead to further attacks (whether a full scale war or terrorist attacks) in the future. Israel needs to bom

Re: [Full-disclosure] To XSS or not?

Separating just XSS vulns from others is not an option. It would make more sense to create a separate mailing list for vulnerabilities in Web applications. Major ones could still be reported on the other lists. If kiddies discover them, then how should they know that the vulnerability they`ve f

[Full-disclosure] Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006)

### Luigi Auriemma Application: Freeciv http://www.freeciv.org Versions: <= 2.1.0-beta1 and SVN <= 15 Jul 2006 Platforms:Windows, *nix, *BSD, MacOS and more Bugs: A] me

[Full-disclosure] Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127)

### Luigi Auriemma Application: Warzone Resurrection http://home.gna.org/warzone/ (Warzone 2100 http://www.strategyplanet.com/warzone2100/) Versions: <= 2.0.3 and SVN

[Full-disclosure] Buffer-overflow in the XM loader of Cheese Tracker 0.9.9

### Luigi Auriemma Application: Cheese Tracker http://reduz.com.ar/cheesetracker/ http://sourceforge.net/projects/cheesetronic Versions: <= 0.9.9 and current CVS Plat

Re: [Full-disclosure] To XSS or not?

On 7/23/06, Gadi Evron <[EMAIL PROTECTED]> wrote: Today, a serious cookie-stealing XSS in paypal was reported. Enough said. Although I can tell you what's going on here. XSS is suffering an identity crisis and a public relations disaster. There is a lack of high profile hacks with XSS now.

Re: [Full-disclosure] To XSS or not?

Major ones could still be reported on the other lists. Aaron something like xsstraq powered on securityfocus should be cleaner yep :) Maybe there should be a special XSS list that could specialize in that area ? ___ Full-Disclosure - We believe in

Re: [Full-disclosure] To XSS or not?

something like xsstraq powered on securityfocus should be cleaner yep :) Aaron Gray wrote: Maybe there should be a special XSS list that could specialize in that area ? Aaron ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/

Re: [Full-disclosure] To XSS or not?

Maybe there should be a special XSS list that could specialize in that area ? Aaron ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200607-08 ] GIMP: Buffer overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200607-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] To XSS or not?

Okay, so we all like to diss on Cross-site scripting vulnerabilities. They are indeed vulnerabilities, but there are so many of them that they have become tiresome, to say the least. Today, a serious cookie-stealing XSS in paypal was reported. Automatically it was put down. I will try and address

Re: [Full-disclosure] news XSS on paypal.com

This is such scenario we should see in the poc and not a usual boxe spamming a website ... This does not really alerts a web admin I think. Thanks anyway for the informations. php0t wrote: If it works, then you can plant iframes in popular websites so that when somebody visits them and they

RE: [Full-disclosure] news XSS on paypal.com

If it works, then you can plant iframes in popular websites so that when somebody visits them and they happen to be logged on to paypal at the same time, the injected javascript could make a transaction using the victim's (visitor's) creditentials. This can all happen without alerting the user. (T

Re: [Full-disclosure] news XSS on paypal.com

I wonder what is interesting in this , usually a poc show us we can upload a crafted webpage on a vulnerable website, fake a whole webpage, etc, this link doesnt speak much than the noob who found it. Pigrelax wrote: Hi! >From Russia Security Site: http://www.securitylab.ru/news/270837.php N

[Full-disclosure] news XSS on paypal.com

Hi! >From Russia Security Site: http://www.securitylab.ru/news/270837.php New worked XSS on paypal.com: www.paypal.com/cgi-bin/webscr?cmd=p/gen/-->alert('www.securitylab.ru') really work :) ___ Full-Disclosure - We believe in it. Charter: http://lists.