Matthew Flaschen wrote:
Why can't message signing offer backwards compatibility (assuming you
use multipart/signed)?
Matthew Flaschen
Darkz wrote:
Mail Drives Security Considerations
===
Author: Attila Gerendi (Darkz)
Date: November 03, 2006
So all the malware writer has to do now is figure out how to do the
initial exploit in the first place, that would then allow them to muck
with path statements or place code in path executable areas. I mean, do
you get it, yet? If the malware writer figures out how do the initial
exploit, anything
Just set it to only accept signed messages starting from a certain date.
Matthew Flaschen
Darkz wrote:
Matthew Flaschen wrote:
Why can't message signing offer backwards compatibility (assuming you
use multipart/signed)?
Matthew Flaschen
Darkz wrote:
Mail Drives Security
On Pi, 2006-11-03 at 09:35 +0100, Tyop? wrote:
No problem on Mac OS X 10.4.8 with firefox 1.5.0.7.
firefox 1.5.0.7 on FreeBSD 7.0(september) and on Linux debian 2.6.17-2-686,
Not affected.
PC-BSD's 1.5.0.7 PBI not affected.
1.5.0.7 on OpenSUSE 10.2 alpha5 not affected.
Even up-to-date
Title: [x0n3-h4ck.org] PayPal vulnerable to XSS
-=[ADVISORY---]=-
PayPal.com
Author:CorryL x0n3-h4ck.org
-=[]=-
-=[+] Application: PayPal.com
-=[+] Version:
-=[+] Vendor's URL: www.paypal.com
-=[+]
http://www.msfirefox.com/microsoft-firefox/index.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
ZDI-06-037: America Online ICQ ActiveX Control Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-037.html
November 6, 2006
-- CVE ID:
CVE-2006-5650
-- Affected Vendor:
America Online
-- Affected Products:
America Online ICQ 5.1
-- TippingPoint(TM) IPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1206-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
November 6th, 2006
Since most of the reporting out on OSX.Macerena is fairly minimal I thought I
would point everyone to the original tutorial and PoC code by Roy G Biv of 29A
incase you missed it.
http://vx.netlux.org/lib/vrg01.html
-KF
___
Full-Disclosure - We
Flaschen [EMAIL PROTECTED],
full-disclosure@lists.grok.org.uk
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20061106/76d0ca99/attachment-0001.html
On 04 Nov 06, at 11:39, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
this is a request, that I have passed server to the web, complete
of the code that would allow the xss:
GET / HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET
CLR 1.1.4322)
Host:
Dear Andrew Farmer,
Is it? Look into Flash 8 raw http requests, you can trigger them
client side.
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
___
Full-Disclosure - We believe in it.
That's not exploitable. Remember that the XS in XSS stands for
cross-site: you have to be able to trigger the scripting using
ordinary requests from another site. To generate this cookie, you'd
need to already have scripting access to the paypal.com domain - in
which case you don't care
Hi All,
I am glad to announce that free version of VulnDisco Pack for Metasploit
Framework 2.7 is available for download.
This release includes the following 0day exploits:
vd_ldapinfo.pm - [0day] Query info from LDAP server
vd_xlink.pm - [0day] Omni-NFS Enterprise remote exploit
vd_openldap.pm
Simon Smith wrote:
http://www.msfirefox.com/microsoft-firefox/index.html
Probably some joker playing mind games.; still --
Technical Contact:
Whois Privacy Protection Service, Inc.
Whois Agent ([EMAIL PROTECTED])
+1.4252740657
Fax: +1.4256960234
PMB 368, 14150 NE 20th St -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:199
http://www.mandriva.com/security/
I found a similar one long back in the Expect header but did not bother to
post... However, this bug is not associated with the paypal application but
rather with the Apache server *version* on which it is hosted. This kind of
XSS are usually called as - Unfiltered Header Injection in Apache.
DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php
Description:
The DigiOz Guestbook is a PHP driven guestbook system. The vulnerability
exists in list.php script which allows remote attackers to obtain
sensitive information via an HTTP request to list.php that contains
On 11/7/06, Zachary Miller [EMAIL PROTECTED] wrote:
On Nov 6, 2006, at 1:34 PM, imipak wrote:
Simon Smith wrote:
http://www.msfirefox.com/microsoft-firefox/index.html
Probably some joker playing mind games.; still --
snip
Google search for site:msfirefox.com and look at the cached
19 matches
Mail list logo