[Full-disclosure] Hellsing

I was looking through my Projects/ folder earlier today and found this discarded piece of work. I vamped it up a little bit and decided to post it in my blog (socialnetworkwhore.com) as well as here. It still has a few things busted (like ssl only works with non self signed certificates), but

[Full-disclosure] Troy Riser

Unfortunately Eye have bad news. The paedophobic Troy Riser is trying to cast aspersions on those who appreciate the beauty of young boys. Eye myself have even been assailed by the miscreant, simply for having no shame about being a lover of pre-pubescent and pre-teen boys. Eye refuse to stand f

Re: [Full-disclosure] Troy Riser

Rut ro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] HP Photosmart vulnerabilities

HP Photosmart C6280 (and probably other) network printers ship with insecure default settings. The printer ships with SNMP enabled using the default community strings for both public and private. HP does not document the use of SNMP, or provide a way for users to change the default community

Re: [Full-disclosure] HP Photosmart vulnerabilities

Do you mean to tell me someone can come to my house and after I let them on my network they can see how soon I need toner? Oh crap I better not let anyone over for New Year's!!! There is a reason it's a $200 home/home office printer. It's not meant to sit on the internet. It's not meant to

[Full-disclosure] [SECURITY] [DSA 1440-1] New inotify-tools packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1440-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff December 28, 2007

Re: [Full-disclosure] HP Photosmart vulnerabilities

It is actually scary that someone would not know that a disposable consumer product has some issues. Spoon feed much? I guess on your planet perfection is expected at a very low price tag. I am pretty sure that most if not all network devices default with these same silly plug "N" play regardles

Re: [Full-disclosure] HP Photosmart vulnerabilities

A low price for the printer does not give the vendor a free pass for shipping insecure products. Since this type of printer is targeted for home/home office use, it would be valid to ask why SNMP is enabled in the first place. Please explain how this printer would be any less easy to use if

Re: [Full-disclosure] HP Photosmart vulnerabilities

Dude SNMP can be used by their software to query the printer for toner levels or that it is online. You tell me what exactly you are getting from a printer like that via SNMP besides print job status and ink levels? And you are a stranger in my home on my network? I'd have the po-po beatin

Re: [Full-disclosure] HP Photosmart vulnerabilities

Dear [EMAIL PROTECTED], SNMP is used to monitor printing queue status with LPR or RAW printing protocol. This is standard feature in e.g. Windows and is not HP specific. You can find this option in port settings. --Friday, December 28, 2007, 7:01:40 PM, you wrote to full-disclosure@lis

[Full-disclosure] Buffer-overflow in CoolPlayer 217

### Luigi Auriemma Application: CoolPlayer http://coolplayer.sourceforge.net Versions: <= 217 Platforms:Windows Bug: buffer-overflow in CPLI_ReadTag_OGG Exploitation:

[Full-disclosure] THE BIG ONE

Fret for your nagios and Fret for your network and Fret for your servers and Fret for your SOA and Fret for your options and Fret for your ajax and Fret for your upstream and Fret for your SAN. It's a Bullshit three ring circus sideshow of tards here in this worthless hole we call the internet t

Re: [Full-disclosure] THE BIG ONE

You sure do seem to like dongs. On Dec 28, 2007 1:51 PM, Andrew A <[EMAIL PROTECTED]> wrote: > dongs are gonna fix it all soon. > dongs are comin' round to put it back the way it oughta be. -- ME2 ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] Persits Software XUpload Control Buffer Overflow Exploit

I tried posting this yesterday, don't know what happened, anyhow, my advance apologies for any double posts. I took a shot at writing an exploit for this, so here goes. Code is inline and attached. - Persits Software XUpload Control AddFolder BoF Exploit fu

Re: [Full-disclosure] THE BIG ONE

We also Fret the Dongaphobic population in my world. As it is common knowledge that it does take a huge dong to exploit a huge hole, if one wants it to do it correctly. > Mo.Ron Hubbard > Chief Inquisitor Securentology > ___ Full-Disclosure - We belie

[Full-disclosure] Persits Software XUpload Control AddFolder() Buffer Overflow Exploit

I took a shot at writing an exploit for this, so here goes. Choice of WinExec(the calculator, what else?) or a bindshell. --- Persits Software XUpload Control AddFolder BoF Exploit function Check() { var buf = 'A'; while (buf.length <= 1387) buf

[Full-disclosure] [SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1405-3[EMAIL PROTECTED] http://www.debian.org/security/Thijs Kinkhorst December 1st, 2007

[Full-disclosure] [SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1439-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst December 28, 2007

[Full-disclosure] [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1438-1 [EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer December 28, 2007

[Full-disclosure] [SECURITY] [DSA 1441-1] New peercast packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1441-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst December 28, 2007

[Full-disclosure] NoseRub Login SQL Injection Vulnerability

-- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser -- -- - -- -

[Full-disclosure] iFriends free video chat exploit

I noticed this on this site: http://themisternobody.blogspot.com/ Here is a summary of the exploit from that site. Requirements: A web server (Apache 2), Firefox (preferably 2.0), and FoxyProxy , either an account on iFriends or both a flash decompiler an

Re: [Full-disclosure] iFriends free video chat exploit

On Fri, 28 Dec 2007 16:09:23 CST, Ifriends Exploit said: > If you don't have an iFriends account, and do not wish to get one, find a > chathost utilizing EasyCam, and enter their Guest Chatroom, follow the steps > above, except look for a file named "LSChatViewG.swf" instead... this is the > flash

Re: [Full-disclosure] iFriends free video chat exploit

SHUT THE FUCK UP VALDIS On Dec 28, 2007 7:51 PM, <[EMAIL PROTECTED]> wrote: > > On Fri, 28 Dec 2007 16:09:23 CST, Ifriends Exploit said: > > > If you don't have an iFriends account, and do not wish to get one, find a > > chathost utilizing EasyCam, and enter their Guest Chatroom, follow the steps

Re: [Full-disclosure] iFriends free video chat exploit

On Dec 29, 2007 12:37 AM, damncon <[EMAIL PROTECTED]> wrote: > SHUT THE FUCK UP VALDIS n3td3v doesn't like the way you talk to a respected member of the security community. valdis is a member of the security community you can rely on, he is someone you can e-mail privately at 5am in the morning

Re: [Full-disclosure] iFriends free video chat exploit

n3td3v can suck my balls and n3td3v can answer to my last post if he isn't an illiterate dumb FUCK. On Dec 28, 2007 9:47 PM, worried security <[EMAIL PROTECTED]> wrote: > On Dec 29, 2007 12:37 AM, damncon <[EMAIL PROTECTED]> wrote: > > SHUT THE FUCK UP VALDIS > > > n3td3v doesn't like the way you

[Full-disclosure] [SECURITY] [DSA 1442-2] New libsndfile packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1442-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff December 29, 2007

Re: [Full-disclosure] iFriends free video chat exploit

your profanity is not appreciated. If you are going to troll at least think of something original and/or clever. On Dec 28, 2007 6:37 PM, damncon <[EMAIL PROTECTED]> wrote: > SHUT THE FUCK UP VALDIS > > On Dec 28, 2007 7:51 PM, <[EMAIL PROTECTED]> wrote: > > > > On Fri, 28 Dec 2007 16:09:23 CST,

[Full-disclosure] Fwd: beyond security sucks at coding

In case you missed it before -- Forwarded message -- From: reepex <[EMAIL PROTECTED]> Date: Dec 23, 2007 8:22 PM Subject: beyond security sucks at coding To: full-disclosure@lists.grok.org.uk, Gadi Evron <[EMAIL PROTECTED]> http://www.milw0rm.com/exploits/4773 Gadi and Noam Rath