===
Ubuntu Security Notice USN-788-1 June 15, 2009
tomcat6 vulnerabilities
CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781,
CVE-2009-0783
===
A security issue
Hi list,
What are, if any, the legal and ethical things to do before someone
could publicly disclosure a given vulnerability?
--
Giuseppe
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
Try it with your latest quicktime player.
--
#0:000 !exploitable -v
#HostMachine\HostUser
#Executing Processor Architecture is x86
#Debuggee is in User Mode
#Debuggee is a live user mode debugging session on the local machine
#Event
Product Name: Netgear DG632 Router
Vendor: http://www.netgear.com
Date: 15 June, 2009
Author: t...@tomneaves.co.uk t...@tomneaves.co.uk
Original URL:
http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt
Discovered: 18 November, 2006
Disclosed: 15 June, 2009
I. DESCRIPTION
The
Product Name: Netgear DG632 Router
Vendor: http://www.netgear.com
Date: 15 June, 2009
Author: t...@tomneaves.co.uk t...@tomneaves.co.uk
Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt
Discovered: 18 November, 2006
Disclosed: 15 June, 2009
I. DESCRIPTION
The Netgear DG632
While US law focused, you might take a look at the few guides by the
EFF (Electronic Frontier Foundation).
http://www.eff.org/issues/coders/vulnerability-reporting-faq
Cheers,
--scm
On Mon, Jun 15, 2009 at 2:14 PM, Giuseppe
Fuggianogiuseppe.fuggi...@gmail.com wrote:
What are, if any, the legal
Excellent. Doesn't trigger on Mac. I just did a talk on QuickTime
hacking at ShakaCon III -- which btw -- can I just say best place for a
con ever!. My slides are at www.vdalabs.com. The slides might give
you some insight into the types of exceptions you're hoping for. To
boil it down, a
Hi.
I'm not quite sure of your question...
The DoS can be carried out remotely, however one mitigating factor (which makes
it a low risk as opposed to sirens and alarms...) is that its turned off by
default - you have to explicitly enable it under Remote Management on the
device if you want
Hi.
I see where you're going but I think you're missing the point a little. By
*default* the web interface is enabled on the LAN and accessible by anyone
on that LAN and the remote management interface (for the Internet) is
turned off. If the remote management interface was enabled, stopping
Hi WebDEVIL,
You base your PoC on this plugin (http://www.codeplex.com/msecdbg) for
windbg (as copy/pasted), but i wonder, what make you think it's really
exploitable (on quicktime) ?
Have you tried that PoC on Itunes ?
Itunes, use Quicktime as a module to read .mov files, but Itunes doesn't
have
10 matches
Mail list logo