Adrian,
If you can execute javascript - what is a reason to wait for user to
click the link? The message I reply stated there is no need to force
user to visit Web page and clicking the obfuscated link _sent_ to
admin is enougth. I replied in this case only GET request is possible
you would be surprised how many people out there (mistakenly) still
think that only GET requests are CSRFable!
2009/6/16 Jeremi Gosney :
> Vladimir: "Where there is an open mind, there will always be a frontier." -
> Charles Kettering
>
> name='DoS'>
>
>
> Google
>
>
>
> -Original Messag
Vladimir: "Where there is an open mind, there will always be a frontier." -
Charles Kettering
Google
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Vladimir
Dubrovin
Sent: Tuesday, June 16, 200
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1816-1 secur...@debian.org
http://www.debian.org/security/ Stefan Fritsch
June 16, 2009
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
... really? so everyone who believes in full disclosure is a
blackhat now? by your definition, even those who follow RFPolicy
are blackhats as well. your "ethics" are severely flawed, and are
malaligned with the philosophies that many security professi
Ref. [DSF-02-2009] - Zoki Catalog SQL Injection
Vendor: Zoki Soft (www.zokisoft.com)
Status: Patched by vendor
Original advisory:
http://www.davidsopas.com/2009/06/15/zoki-catalog-sql-injection/
Zoki Catalog
Smart Catalog is unique and convenient software. It is designed for
many purposes whether
ZDI-09-043: Apple Java CColorUIResource Pointer Derference Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-043
June 16, 2009
-- CVE ID:
CVE-2009-1719
-- Affected Vendors:
Apple
-- Affected Products:
Apple Java
-- TippingPoint(TM) IPS Customer Protection:
Tipping
Dear sr.,
clicking on the link can not produce POST request, only GET, unless
there are some special conditions, like crossite scripting
vulnerability in the router.
--16.06.2009 19:16, you wrote [Full-disclosure] Netgear DG632 Router Remote DoS
Vulnerability to full-disclos
Basically it's got some different features than PyDbg and a more
complete documentation. If you have an *existing* project built upon
PyDbg it's probably not worth switching (unless you've hit some very
bad problem with it) but I believe it's better for newer projects, as
this new library is more f
Mario Alejandro Vilas Jerez wrote:
> What is WinAppDbg?
> ==
>
> The WinAppDbg python module allows developers to quickly code instrumentation
> scripts in Python under a Windows environment.
Can you compare/contrast with pydbg so I can understand why I might want
to give it a try
What is WinAppDbg?
==
The WinAppDbg python module allows developers to quickly code
instrumentation
scripts in Python under a Windows environment.
It uses ctypes to wrap many Win32 API calls related to debugging, and
provides
an object-oriented abstraction layer to manipulate thre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
and as previously stated, if you have 'remote management' enabled then you are
truly vulnerable to outside threats. csrf works as well. but an attack carried
out on the LAN would still be considered a remote attack; although, you'd
likely be within
it could still be carried out remotely by obfuscating a link sent to the
"admin" of the device. this would obviously rely on the admin clicking on
the link, and is more of a phishing / social engineering style attack. this
would also rely on the router being setup with all of the default internal
L
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:133
http://www.mandriva.com/security/
Hi everyone, i just like to announce officially the release of our
wireless keyboard sniffer Keykeriki.
An addition to the official press release;
Website: http://www.remote-exploit.org/Keykeriki.html
Video with some demonstration available on website as well
Contact: hardh...@remote-exploit.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting
Vulnerability
CA Advisory Reference: CA20090615-02
CA Advisory Date: 2009-06-15
Impact: A remote attacker can inject arbitrary web script or HTML.
Summary: The release of Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Reported By: iViZ Security Research Team
Impact: A remote attacker can cause a denial o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Reported By: iViZ Security Research Team
Impact: A remote attacker can cause a denial o
---
[ iViZ Security Advisory 09-004 16/06/2009 ]
---
iViZ Techno Solutions Pvt. Ltd.
http://w
---
--
[ iViZ Security Advisory 09-00316/06/2009 ]
---
--
iViZ Techno Solutions Pvt. Ltd.
From the low-hanging-fruit-department
Clamav generic evasion (RAR,CAB,ZIP)
Shameless plug :
Dear Tom Neaves,
It still can be exploited from Internet even if "remote management" is
only accessible from local network. If you can trick user to visit Web
page, you can place a form on this page which targets to router and
request to router is issued from victim's browser.
--Tuesday
Am Montag 15 Juni 2009 schrieb Tom Neaves:
> Within the "/cgi-bin/" directory of the administrative web interface exists
> a
> file called "firmwarecfg". This file is used for firmware upgrades. A
> HTTP POST
> request for this file causes the web server to hang. The web server will
> stop
> res
From the low-hanging-fruit-department
F-prot generic TAR bypass / evasion
Shameless plug :
---
I know and I understand. What I wanted to mean is that we can not eventually
acces to the web interface of a netgear router remotely if we cannot localy.
As for the DoS, it is simple to solve such attack from outside. We just
disable receiving pings (There is actually an option in even the lowest
How can it be carried out remotely if it bugs localy?
2009/6/15 Tom Neaves
> Product Name: Netgear DG632 Router
> Vendor: http://www.netgear.com
> Date: 15 June, 2009
> Author: t...@tomneaves.co.uk
> Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt
> Discovered: 18 November
26 matches
Mail list logo
