[Full-disclosure] Cisco ASA5520 Web VPN Host Header XSS

- Cisco ASA5520 Web VPN Host Header XSS - Description Cross-site scripting. - Product Cisco, ASA5520, IOS 7.2(2)22 - PoC Modified request: POST /+webvpn+/index.html HTTP/1.1 Host: 'scriptalert('BugsNotHugs')/scriptmeta httpequiv= content='www.owasp.org Accept: image/gif, image/x-xbitmap,

[Full-disclosure] CUPS port 631 how to hack

Alo, Well, I have a CUPS opened on the port 631, I have access to administration pages Does any1 have tricks/tips to elevate local privilegies? -mark ___ Full-Disclosure - We believe in it. Charter:

[Full-disclosure] [Positive Technologies SA 2009-09] Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities

-- (PT-2009-09) Positive Technologies Security Advisory Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities

[Full-disclosure] Random HTTP-Requests

Hi there, I've noticed that some weird requests are showing up in the error logs of one of my apache webservers. The requests seem to have the following in common: * GET Request on some random alphanumeric string like GET /hDMe9NS * Referer has some randomized, invalid URL like

Re: [Full-disclosure] Random HTTP-Requests

Jan, On Tue, Mar 31, 2009 at 11:30 AM, Jan G.B. ro0ot.w...@googlemail.com wrote: Hi there, I've noticed that some weird requests are showing up in the error logs of one of my apache webservers. The requests seem to have the following in common: * GET Request on some random alphanumeric

Re: [Full-disclosure] Random HTTP-Requests

Hi Andres, thanks for your Ideas. 2009/3/31 Andres Riancho andres.rian...@gmail.com: Jan, On Tue, Mar 31, 2009 at 11:30 AM, Jan G.B. ro0ot.w...@googlemail.com wrote: Hi there, I've noticed that some weird requests are showing up in the error logs of one of my apache webservers. The

[Full-disclosure] CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. *Advisory Information* Title: Multiple vulnerabilities in Sun Calendar Express

[Full-disclosure] [SECURITY] [DSA 1759-1] New strongswan packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1759-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris March 30, 2009

[Full-disclosure] [SECURITY] [DSA 1760-1] New openswan packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1760-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris March 30, 2009

[Full-disclosure] fooobar in source

Hi! Not an exploit or bug but just another sample of making things difficult. Try to find out in HTML source where foobar comes from: http://www.digg.ee/xsl2.html Ignore other stuff on this host. Just happened to be logged in there when idea came :) Enjoy! Tõnu

Re: [Full-disclosure] fooobar in source

This list is not amused, Mr. Ballmer. Consequently, the trolls are now asleep. Fuck them anyways. On Tue, Mar 31, 2009 at 8:33 AM, Tonu Samuel t...@jes.ee wrote: Hi! Not an exploit or bug but just another sample of making things difficult. Try to find out in HTML source where foobar comes

[Full-disclosure] VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2009-0004 Synopsis: ESX Service Console updates for openssl, bind, and vim

[Full-disclosure] Introducing RMBSS - Risk Metrics Budgetary Scoring System

Infiltrated Research Group is proud to introduce RMBSS Risk Metrics Budgetary Scoring System. A synergy of best practices frameworks that synchronizes industry known security frameworks for more thorough Risk Assessments and Analysis. The concept was born out of the need for Information Security