yes, they seem already fixed, all of them ;_P)
Congratulations on the good work.
-Nikolay Kichukov
- Original Message -
From: Hanno Böck [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk
Sent: Friday, March 30, 2007 4:18 PM
Subject: [Full-disclosure] A lot of XSS
Since exploit code has already been posted to Full-Disclosure, we are going to
release an advisory with more technical details about the vulnerability. Enjoy:
http://www.determina.com/security.research/vulnerabilities/ani-header.html
Alex
signature.asc
Description: OpenPGP digital signature
Hello:
Does this works in *fully patched* XP pro + SP2? Mine seems to be totally
immune (not even crashing). XP Pro + SP2 + 0 patches crashes (probably
landing somewhere else in memory).
On 3/30/07, dev code [EMAIL PROTECTED] wrote:
/*
* Copyright (c) 2007 devcode
*
*
*
Hi all
The PHP based applications are severely vulnerable to
global space exploitation. This gives rise to XSS .A very generic
analysis have been undertaken. Cutting edge research is on your way.
Look at the issue at:
I didn't include the DoS version of this, it just calls ExitProcess(). If
you have SP2, you can try going to http://sicotik.com/ink/test.html. Thanks.
From: wac [EMAIL PROTECTED]
To: dev code [EMAIL PROTECTED]
CC: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Windows .ANI
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Michal Zalewski wrote:
On Sat, 31 Mar 2007, Aditya K Sood wrote:
http://zeroknock.metaeye.org/analysis/gspace.xhtml
Just like your previous double trap XSS advisory, I fail to see the
novelty or significance of this report.
You seem to discuss an ages-old issue that had been used
nothing more to say,
http://mybeni.rootzilla.de/mybeNi/2007/digg_delicious_netscape_technorati_hacked/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
-BEGIN LSD SIGNED MESSAGE-
Infiltrated.net Security Advisory:
Cisco IP Phone Denial of Service
http://www.infiltrated.net/ciscoIPPhone7960.html
Revision 6.9
For Public Release
Summary
The Cisco IP Phones are subject to a denial of
service.
This vulnerability has not yet been documented
The issue is that this only works with DEP turned off!
On 3/31/07, dev code [EMAIL PROTECTED] wrote:
I didn't include the DoS version of this, it just calls ExitProcess(). If
you have SP2, you can try going to http://sicotik.com/ink/test.html.
Thanks.
From: wac [EMAIL PROTECTED]
To: dev code
Hey it is still March 31st in CA!
--
A l e ss a n dr o
Sa l v at o r i
On 3/31/07, J. Oquendo [EMAIL PROTECTED] wrote:
-BEGIN LSD SIGNED MESSAGE-
Infiltrated.net Security Advisory:
Cisco IP Phone Denial of
Short version:
beThere, a UK ISP distributed routers to customers with the telnet port open
and a default administrator password. A bit embarrassing.
Sid, who discovered the hole, originally blogged about it on SecuriTeam blogs,
which resulted in the ISP calling us within 24 hours to have Sid
13 matches
Mail list logo