[Full-disclosure] XSS on eplus.de, german mobile telephony provider

Hi Hanno Böck, We have mirrored the affected websites on XSSed.com. You are welcome to post to XSSed.com any more XSS vulnerabilities that you discover. To the rest of the subscribers and readers of Full-disclosure - if you find a XSS vulnerable website, you can post it on www.XSSed.com. The affe

[Full-disclosure] [USN-436-1] KTorrent vulnerabilities

=== Ubuntu Security Notice USN-436-1 March 12, 2007 ktorrent vulnerabilities CVE-2007-1384, CVE-2007-1385 === A security issue affects the following Ubuntu releases: Ubuntu

[Full-disclosure] new AttackAPI

for those who are interested in Web 2.0 security, there is a new version of AttackAPI that you can download from here: http://www.gnucitizen.org/projects/attackapi/ There is still no documentation which is a bit of a drawback, but that will be generated soon. If there is anyone interested in docu

[Full-disclosure] [USN-435-1] Xine vulnerability

=== Ubuntu Security Notice USN-435-1 March 12, 2007 xine-lib vulnerability CVE-2007-1387 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06

Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite

Stefano Di Paola said: >1. I search on google for import_request_variables advisories >(nothing found) >2. I search on php.net in changeLog for fixes (nothing found). I can see why you weren't able to find anything. However, there have been a number of disclosures that are probably related - bu

Re: [Full-disclosure] Is OWASP vulnerable ??

Not to reduce the high signal-to-noise ratio on this thread, but I suspect there are lots of "eval injection" vulnerabilities in Javascript-heavy applications, but they don't seem to be reported to the usual places, or maybe people just call them XSS. Perl, PHP, and other interpreted languages ha

[Full-disclosure] XSS on eplus.de, german mobile telephony provider

Here we go: http://www.eplus.de/meta/shopsuche/suche_ausgabe.asp?suchwort=";>alert(1) http://www.eplus-unternehmen.de/frame.asp?go=http://www.eplus.de/');alert(1);document.write(' http://www.eplus-unternehmen.de/frame.asp?go=');alert(' Already fixed ones: http://www.eplus-unternehmen.de/frame.a

Re: [Full-disclosure] firefox 2.0.0.2 crash

Yeah, firefox is prone if it's set as your GIF file handler, schmarty. On 3/12/07, Kristian Hermansen (khermans) <[EMAIL PROTECTED]> wrote: Firefox even crashes if you have it open and visit the site from lynx... $ lynx http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif

[Full-disclosure] Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007

DeepSec In-Depth Security Conference 2007 Europe - Nov 20-23 2007 - Vienna, Austria http://deepsec.net/ Call for Papers In light of Austria's active security scene we are pleased to announce the first annual European DeepSec In-Depth Security Conference[1], to be held from November 20th to 23rd 2

Re: [Full-disclosure] firefox 2.0.0.2 crash

Firefox even crashes if you have it open and visit the site from lynx... $ lynx http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif Looking up people.zoy.org Making HTTP connection to people.zoy.org Sending HTTP request. HTTP request sent; waiting for response. HTTP/1.1 200

[Full-disclosure] RIM BlackBerry Pearl 8100 Browser DoS

RIM BlackBerry Pearl 8100 Browser DoS -- 12 March 2007 Summary: A vulnerability has been discovered that could impact upon the availability of the BlackBerry 8100 Wireless handheld (v4.2.0.51). It is possible for a remote attacker to construct a WML page that contains an overly long string v

[Full-disclosure] Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..

Dear list, Whoever deals with these poeple and thinks they are a benign Adware company (and thus spreads their bundles. Check this : Ignoring the fact that they basicaly install a Rootkit, I attached a few files I reversed, they install a DLL that does not directly KEYLOG your banking data, but

[Full-disclosure] a heeee he announcement

Dear Gmail and Inbox.com we use the following email addresses to harvest the fruits of our phishing attempts [1][2]. Please ban our asses! [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] thanks for reading he he [1] http://www.wassmail.co.uk/archive/16/113/attachments/wach.zip [2] htt

[Full-disclosure] a heeeee he announcement

dear gmail and web2mail.com we use following emails to collect the phishing victims' credentials [1]. Please ban our asses! [EMAIL PROTECTED] [EMAIL PROTECTED] thanks for reading he he [1] http://www.contestadofm.com.br/curso/Mais%20Arquivos/.UMporfolio/hfax.online-servive-update.zip ___

[Full-disclosure] a heeeee he announcement

Dear gmail we use following email to harvest the fruits of our phising attempts [1]. Please ban our asses! [EMAIL PROTECTED] [EMAIL PROTECTED] thanks for reading he he [1] http://wireless-mania.com/xcart/templates_c/www.BankOfAmerica.zip ___ Ful

[Full-disclosure] TinyMCE_exp Remote File Include Vulnerability

### TinyMCE_exp Remote File Include Vulnerability Author: Arturo Z. Contact: [EMAIL PROTECTED] Website: www.diosdelared.com Date: 10/03/07 Risk: critical Vendor Url: http://www.joomlaya.com/index.php?option=com_remository&fu

[Full-disclosure] R: A small phishing operation

> All sites have a list1.txt filled with emails for > spam and browseable directory, this was found just > searching with google. Here the google dork: http://www.google.it/search?q=%2Bparent+%2B%22index+of+% 2F%22+%2B%22list1.txt%22+mailer Interesting... Bye, Andrea "bunker" Purificato _

[Full-disclosure] A small phishing operation

http://www.wachmannin.com/ http://www.szukozavrov.net/ http://www.trustguuny.com/ http://www.mennaepolisar.com/ http://www.rasdertan.com/ http://www.billibonce.org/ http://www.nesteasyrve.com/ http://www.raseedibones.com/ http://www.ahuevshayaaffza.com/ http://www.raspizd

Re: [Full-disclosure] firefox 2.0.0.2 crash

On Fri, Mar 09, 2007, Tõnu Samuel wrote: > http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif > > I do NOT know anything else than this url. Just seen it in random > discussion and anyone else I asked knows nothing. Current tests indicate > that Mozilla 2.0.0.2 gets killed

Re: [Full-disclosure] firefox 2.0.0.2 crash

doesn't do that with a later version of gimp...: : 10:10 lois ~ ;gimp firefox-crash-save-session-before-clicking.gif GIF: too much input data, ignoring extra... GIF: bogus character 0x00, ignoring. GIF: too much input data, ignoring extra... GIF: bogus character 0x00, ignoring. GIF: bogus characte