Raj Mathur wrote:
> On Monday 16 July 2007 14:27, lostzero wrote:
>> Is this a sales pitch, or merely a statement.
>
>>From someone who can't distinguish between enclosing his/her public key
> in a message and signing the message with that public key? Oh come
> on...!
>
> -- Raju
Ohwell, signi
http://www.gnucitizen.org/blog/javascript-xss-scanner
This POC shows how easy is to implement XSS scanner by using only
JavaScript and a few tricks from the Web2.0 world. Similar technique
can be easily implemented into AJAX/XSS worms which will allow them to
propagate across several domains and a
Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability
iDefense Security Advisory 07.16.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 16, 2007
I. BACKGROUND
Trend Micro OfficeScan is a centrally managed AntiVirus solution that
allows administrators to manage
Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability
iDefense Security Advisory 07.16.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 16, 2007
I. BACKGROUND
Trend Micro OfficeScan is a centrally managed AntiVirus solution that
allows administrators to manage virus an
Dear List,
I am looking for a XPA2ASM tool that is included in the CSR - CASIRA
SDK ? For those that might not know (like me 3 hours ago) I am speaking
about Bluetooth CSR Chipsets. Anybody can help?
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 4813 c403 58f1 1200 7189 a000 7cf1 120
Yahoo Messenger 8.1 Address Book Buffer Overflow
#
XDisclose Advisory : XD12
Vulnerability Discovered : 10 April 2007
Advisory Released : 17 July 2007
Credit: Raj
On Mon, 16 Jul 2007 16:51:22 BST, Berend-Jan Wever said:
> without XMLHTTPRequest. I've been told that people saw XSS worms as early as
> 2000, but I have found no evidence to support this: let me know if you know
> something.
It's quite possible that they were out there, but nobody noticed them
Hi all,
I recently stumbled upon this;
http://ha.ckers.org/blog/20070709/nduja-cross-domainwebmail-xss-worm/
In short: It mentions a "new" kind of XSS worm; one that can infect multiple
domains. I attempted to reply but my reply mysteriously never made it to the
page. In an attempt to set the rec
ExLibris Aleph and Metalib Cross Site Scripting Attack
--
Matthew Cook
Date 16/07/2007
http://escarpment.net/
http://escarpment.net/exlibris.txt
Attack:
Multiple versions of the ExLibris (http://www.exlibrisgroup.com/) Aleph
and Metalib produc
On Monday 16 July 2007 14:27, lostzero wrote:
> Is this a sales pitch, or merely a statement.
>From someone who can't distinguish between enclosing his/her public key
in a message and signing the message with that public key? Oh come
on...!
-- Raju
> [snip]
> PGP Public Key for Sauron <[EMAIL
http://www.gnucitizen.org/blog/yahoo-site-explorer-spider
This simple POC uses Yahoo Site Explorer Service to craw/spider other
webistes. It is written entirely with JavaScript - no server side
support was required from my side. The POC proves once again that
Web2.0 technologies open new ways of a
I don't get your point.
As I said in the paper all the informations that -I- found were either
outdated or unusable. That may be my disability in finding stuff, but
obviously other people had the same difficulties. Since it's release
this paper has been downloaded nonstop and spread to quite a few
oh so your paper rox better than all paper about chrooting sshd ?
dude, all thing written in your paper is known since a while !
Sometimes it may become profitable or necessary to jail the ssh daemon
within a chroot. Unluckily there aren't many papers out there that
explain the process of cr
Is this a sales pitch, or merely a statement.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sauron
Sent: Monday, July 16, 2007 9:05 AM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] selling office 2003 & 2007 0day
hey,
im a researche
hey,
im a researcher un exploit coder. i sell 0day about office 2003 and
office 2007 0day (working exploit which permit to execute code by
opening some office application).
i will also sell some windows exploit about IIS products for example and
son unix 0day bug.
[EMAIL PROTECTED]
PGP Public
15 matches
Mail list logo