On Mon, Mar 1, 2010 at 18:41, Dan Rosenberg dan.j.rosenb...@gmail.com wrote:
Apologies if this seems petty, but I'd like to claim credit for discovery of
the second issue in this report (CVE-2010-0547).
Without having verified your claim either way, I don't think it is petty
of you to claim
Actually it is stochastic resonance.
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
disclosure-boun...@lists.grok.org.uk] On Behalf Of
valdis.kletni...@vt.edu
Sent: Monday, March 01, 2010 3:37 PM
To: intel unit
Cc: full-disclosure@lists.grok.org.uk
Hi there,
here's an update to this advisory. Affected Versions are now = 1.2.1.
Reasoning:
I noticed, that the author tried to fix this bug by implementing validation
via regex matching.
Sadly, that regex can be bypassed easily because it only checks if a valid
date string is in the GET param.
Yahoo.com has assassins? Wow!
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
valdis.kletni...@vt.edu
Sent: Monday, March 01, 2010 6:07 PM
To: intel unit
Cc: full-disclosure@lists.grok.org.uk
Subject:
Yahoo.com has assassins? Wow!
User-agent: Slurp
Disallow: *
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On Tue, 02 Mar 2010 09:01:59 EST, Kain, Becki (B.) said:
Yahoo.com has assassins? Wow!
Not just assassins. Super secret ninja assassins that nobody else can see. ;)
pgpDOpXuczU5X.pgp
Description: PGP signature
___
Full-Disclosure - We believe in
Mini Ninjas!
On 2 March 2010 16:06, valdis.kletni...@vt.edu wrote:
On Tue, 02 Mar 2010 09:01:59 EST, Kain, Becki (B.) said:
Yahoo.com has assassins? Wow!
Not just assassins. Super secret ninja assassins that nobody else can see.
;)
___
I did a demo of WebRaider in AppSec DC 2009 and finally managed to release it.
WebRaider is a PoC quality tool to get a reverse shell out of SQL
Injections (MSSQL) by using One Click Ownage (
http://www.mavitunasecurity.com/s/research/OneClickOwnage.pdf ).
Slides:
If Yahoo has ninjas, what does Google have ?! @#!
Sent from my iPhone
On 2 Mar 2010, at 16:08, James Rankin kz2...@googlemail.com wrote:
Mini Ninjas!
On 2 March 2010 16:06, valdis.kletni...@vt.edu wrote:
On Tue, 02 Mar 2010 09:01:59 EST, Kain, Becki (B.) said:
Yahoo.com has assassins?
I've heard about these ninjas, the only way to escape their powers is
a ten-strip to your face.
On Tue, Mar 2, 2010 at 11:19 AM, Benji m...@b3nji.com wrote:
If Yahoo has ninjas, what does Google have ?! @#!
Sent from my iPhone
On 2 Mar 2010, at 16:08, James Rankin kz2...@googlemail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Luxology Modo 401 .LXO Integer Overflow
1. *Advisory Information*
Title: Luxology Modo 401 .LXO Integer Overflow
Advisory Id: CORE-2009-0913
At risk of adding to the noise but I can't help myself...
[cid:image001.jpg@01CABA1A.719C1190]
Anyone have a pic of n3td3v to chop into this one?
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-024
March 2, 2010
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:053
http://www.mandriva.com/security/
__
NSOADV-2010-004: McAfee LinuxShield remote/local code execution
__
__
Dear List,
I'm putting on a small hacking competition and am interested in making it as
accessible and interesting as possible to potentially uninformed spectators.
Does anyone have recommendations for network visualization and auralization
software that could produce pretty animations and
Hi Chris,
Maybe take a look at GLtail -- http://www.fudgie.org
Cheers,
--scm
On Tue, Mar 2, 2010 at 10:38 AM, Christopher Covington c...@vt.edu wrote:
Does anyone have recommendations for network visualization and auralization
software that could produce pretty animations and suitable
For those who missed all the action
http://blogs.sans.org/computer-forensics/2010/03/02/cryptome-spying-guides-as-a-digital-forensic-resource/
*Microsoft* – http://cryptome.org//isp-spy/microsoft-spy.zip
*Paypal* – http://cryptome.org/isp-spy/paypal-spy.zip
*MySpace* –
Dear all,
I just want to say the recent events are nothing to do with n3td3v
whatsoever.
I have settled down now with a girl friend and has no interest in doing what
I used to do on the list.
We all make mistakes and yes I made some.
I want to put the past behind me and whoever these kids are
Hi,
I'd like to announce a Security Master's Dojo course during next
CanSecWest 2010 in Vancouver (March 22-26 2010).
Title: Advanced PHP Hacking (!)
PHP is a worldwide web language used by individuals as well as companies
(Facebook...). This session aims at providing a hands-on focused PHP
On Wed, 03 Mar 2010 00:17:59 GMT, james o' hare said:
When I post on the list, I was young and naive and thought I was an elite
hacker with a hacker group (at the time), I wasn't an intentional troll,
whatever trolling is.
Look at the bright side. n3td3v became a meme, but not on the scale
Andrew,
I'm happy that you've made the choice to settle down and have a
family.
But wait a second, James O'Hare?
Your behaviour of using pretextual identities is suspiciously
similar to all those escapades we had.
Ah, 69? All about the family, isn't that true, Mr. Wallace?
Perhaps you should
http://www.exploit-db.com/exploits/11617
===
Mozilla Firefox 3.6 plenitude String
Crash(0day) Exploit
===
==
Opera (plenitude String )Denial of Service Exploit
===
by
If its not, it should be.
On Mon, Mar 1, 2010 at 1:05 PM, NOC i...@r00t.ms wrote:
On 3/1/10 8:30 AM, valdis.kletni...@vt.edu valdis.kletni...@vt.edu
wrote:
... Giardia out in the woods is a horrid
way to die a slow death.
Giardia, isn't that the new shopping mall restaurant chain?
You gotta be joking, this is probably the 3000th DoS advisory for
document.write.
Guess what sparky, even Jeremy Brown didn't post that one.
Thus no surprise exploit-db post this kind of shit.
2010/3/3 information security informationhacke...@gmail.com
You gotta be joking, this is probably the 3000th DoS advisory for
document.write.
Guess what sparky, even Jeremy Brown didn't post that one.
Thus no surprise exploit-db post this kind of shit.
2010/3/3 information security informationhacke...@gmail.com
27 matches
Mail list logo