Hello -
This is Cisco's response to the message posted by Radu State to full-
disclosure on Wednesday Dec 5 2007. Cisco greatly appreciates the
opportunity to work with researchers on security vulnerabilities, and
welcomes the opportunity to review and assist in product reports.
Cisco co
On Dec 7, 2007 9:41 PM, Joseph Hick <[EMAIL PROTECTED]> wrote:
> could someone please explain how this PoC works? I wonder why simply loading
> an image logs me out
A paper will be presented next week on the topic of "Crowd
SuRFing"...please wait until that time :-)
--
Kristian Erik Hermansen
"I
could someone please explain how this PoC works? I wonder why simply loading an
image logs me out
Kristian Erik Hermansen <[EMAIL PROTECTED]> wrote: On Dec 7, 2007 7:40 AM,
Aaron Katz wrote:
> Could you please explain the vulnerability? When I test, and I submit
> a correct response to the CAP
It's just stopped working for me.
-Alessandro
On Dec 7, 2007 5:04 PM, Kristian Erik Hermansen <
[EMAIL PROTECTED]> wrote:
> On Dec 7, 2007 7:40 AM, Aaron Katz <[EMAIL PROTECTED]> wrote:
> > Could you please explain the vulnerability? When I test, and I submit
> > a correct response to the CAPTCH
===
Ubuntu Security Notice USN-555-1 December 08, 2007
e2fsprogs vulnerability
CVE-2007-5497
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu
On Dec 7, 2007 7:40 AM, Aaron Katz <[EMAIL PROTECTED]> wrote:
> Could you please explain the vulnerability? When I test, and I submit
> a correct response to the CAPTCHA, I'm presented with knowledge based
> authentication.
The bug, unless Google fixed it already, will have an affect on your
GMai
Vladimir,
Our draft discusses many port randomization approaches. Some of them were
taken from existing implementations (e.g., Algorithm 1 was taken from
OpenBSD).
However, Algorithm 3 was first described (AFAICT) in Michael Larsen's "port
randomization" paper (the first version of our port rando
###
Luigi Auriemma
Application: Easy File Sharing Web Server
http://www.sharing-file.com
Versions: <= 4.5
Platforms:Windows
Bugs: A] upload directory traversal
###
Luigi Auriemma
Application: Firefly Media Server (mt-daapd)
http://www.fireflymediaserver.org
Versions: <= 2.4.1 and SVN <= 1699
Platforms:*nix, Windows, Mac and others
Bug
###
Luigi Auriemma
Application: Simple HTTPD
http://shttpd.sourceforge.net
Versions: <= 1.38
Platforms:Windows, *nix, QNX, RTEMS
only Windows seems vulnerable
Bug
###
Luigi Auriemma
Application: HTTP File Server
http://www.rejetto.com/hfs/
Versions: <= 2.2a and <= 2.3 beta (build #146)
Platforms:Windows
Bug: limited directory tr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:240
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Do you have any patches or reproducers for these issues?
Thanks in advance.
smithj
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.7 (GNU/Linux)
iD8DBQFHWbx1CG91qXPaRekRAmJoAJ9aHoO9w9gqEVGlTRpqZbK5pkONDgCfVO7z
wkED5u38YgIw9OTa5FiZSaM=
=Ey
Note that, by editing NoScript's whitelist, removing google.com, and
adding mail.google.com, I can browse to
http://www.kristian-hermansen.com without having my cookie killed.
On Dec 7, 2007 2:59 PM, Aaron Katz <[EMAIL PROTECTED]> wrote:
> Oh! OK. In that case, yeah, I can reproduce it, no pro
Oh! OK. In that case, yeah, I can reproduce it, no problem :)
-- Forwarded message --
From: Ed Carp <[EMAIL PROTECTED]>
Date: Dec 7, 2007 2:57 PM
Subject: Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
To: Aaron Katz <[EMAIL PROTECTED]>
Oh! You need to go t
Wouldn't it be more beneficial (and maybe ethical as well) if one could just
start putting PoCs or whatever inside the message's body?
On 12/7/07, Aaron Katz <[EMAIL PROTECTED]> wrote:
>
> Could you please explain the vulnerability? When I test, and I submit
> a correct response to the CAPTCHA,
Sign a petition
We the undersigned petition the Prime Minister to give the formation
of a police central e-crime unit, as proposed by the Metropolitan and
ACPO urgent priority.
More details
The consequences of, and reactions to, the loss of records by HM
Revenue and Customs, make the creation of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1423-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
December 07, 2007
You don't need to submit anything, just viewing the page will log you out of
gmail...
On Dec 7, 2007 9:23 AM, worried security <[EMAIL PROTECTED]>
wrote:
> On Dec 7, 2007 3:54 PM, Mukul Dharwadkar <[EMAIL PROTECTED]>
> wrote:
> > Precisely. I don't see any vulnerability here unless the account ho
On Dec 7, 2007 3:54 PM, Mukul Dharwadkar <[EMAIL PROTECTED]> wrote:
> Precisely. I don't see any vulnerability here unless the account holder has
> set it up incorrectly in which case it is not a bug / vulnerability but
> rathe a user error
Try viewing the image when you are logged into your gmail
Advisory: MIT Kerberos 5: Multiple vulnerabilities
Severity: Normal
DATE:Dec 7,2007
Vulnerable:
ALL
Vendor:
MIT
I.Synopsis
Several vulnerabilites have been found in MIT Kerberos 5.
II.DETAILS:
--
Background
MIT Kerberos 5 is a suite of applications that implement the Kerbe
Heimdal ftpd uninitialized vulnerability
Class: implementation Error
DATE:11/12/2007
CVEID:CVE-2007-5939
Vulnerable:
<=heimdal 0.7.2
Affected distribution:
Gentoo <=heimdal-0.7.2-r3
ubuntu <=heimdal-0.7.2
Vendor:
I.Synopsis
A vulnerability has been discovered in He
netkit-ftpd/ftp uninitialized vulnerability
Class: Design Error
DATE:11/1/2007
CVEID:CVE-2007-5769
Vulnerable:
netkit-ftpd-0.17/netkit-ftp-0.17
Vendor:
I.Synopsis
A vulnerability has been discovered in netkit-ftpd/ftp.
II.DETAILS:
--
Background
netkit-ftpd is the Linux Netkit FT
Precisely. I don't see any vulnerability here unless the account holder has
set it up incorrectly in which case it is not a bug / vulnerability but
rathe a user error
On 12/7/07, Aaron Katz <[EMAIL PROTECTED]> wrote:
>
> Could you please explain the vulnerability? When I test, and I submit
> a
Could you please explain the vulnerability? When I test, and I submit
a correct response to the CAPTCHA, I'm presented with knowledge based
authentication.
--
Aaron
On Dec 7, 2007 1:58 AM, Kristian Erik Hermansen
<[EMAIL PROTECTED]> wrote:
> Proof of concept here...
> http://www.kristian-hermans
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1422[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
December 07, 2007
26 matches
Mail list logo