[Full-disclosure] VMSA-2010-0008 VMware View 3.1.3 addresses an important cross-site scripting vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2010-0008 Synopsis: VMware View 3.1.3 addresses an important cross-site scriptin

[Full-disclosure] JavaScript exploits via source code disclosure

We've got a lot of JQuery code that calls back-end web services, and we're worried about exposing the web services to the outside world - anyone can "view source" and see exactly how we're calling our web services. Are there any suggestions or guidelines regarding protecting one's source from such

Re: [Full-disclosure] 0days for sale

You want a mirrion dorrar?! Too bad! Here Bomb! Fvck you! adida...@hushmail.com wrote: > Hello, > > 0days for sale in both DNS-SEC and IPv6. Bug is in specs. Only > serious buyers, thanks. > > ___ > Full-Disclosure - We believe in it. > Charter: http:/

Re: [Full-disclosure] WTF eEye Really?

> > And if the author is sincere and it was really his original intent, he > should refrain from blogging from now on... > I have a feeling his employer will see to that for the foreseeable future. At least in a professional context representing them as a company. If he really meant it as everyon

Re: [Full-disclosure] WTF eEye Really?

Looks to me more like the "unqualified person doing testing" argument is used as an escape from their faux-pas. When you read the initial article, the author is clearly interested in the issue of crime being perpetrated by using these tools : "Penetration tools clearly allow the breaking and ente

Re: [Full-disclosure] go public to avoid jail

> > The security industry could really benefit from more of Stephen's > contributions > Allow me to clarify. Perhaps the INDUSTRY wouldn't benefit, but the general public which the security industry is supposed to be looking out for would. On Wed, May 5, 2010 at 9:47 AM, J Roger wrote: > [1] R

Re: [Full-disclosure] go public to avoid jail

[1] Releasing tools to the public COULD help you stay out of jail but isn't enough on it's own (I never claimed it was BTW) [2] Gonzales is a rat that would turn on what was at least reported to be his best friend I've never met Stephen either online or IRL but from what I've read he sounds like h

[Full-disclosure] KHOBE - 8.0 earthquake for Windows desktop security software

Hello, We have found number of vulnerabilities in implementations of kernel hooks in many different security products. Vulnerable software: * 3D EQSecure Professional Edition 4.2 * avast! Internet Security 5.0.462 * AVG Internet Security 9.0.791 * Avira Premium Security Suite 1

[Full-disclosure] Vulnerabilities in t3m_cumulus_tagcloud for TYPO3

Hello Full-Disclosure! I want to warn you about security vulnerabilities in t3m_cumulus_tagcloud plugin for TYPO3. - Advisory: Vulnerabilities in t3m_cumulus_tagcloud for TYPO3 - URL: http://websecurity.com.ua/4181/ -

[Full-disclosure] AlienTechnology ALR-9900 default root password and backdoor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tested: www.alientechnology.com/readers/alr9900.php Background: Alien Technology is a major rfid-reader designer and manufacturer. Alien's products are sold to many corporations and the military. Alien's readers can be interfaced with

Re: [Full-disclosure] go public to avoid jail

I got the final point of this all: /!\ 100% true statement /!\ GO TO JAIL TO AVOID PUBLIC Cluster #[[ mutiny ]] possibly emitted, @Time [[ 04/05/2010 02:09 ]] The Following #String > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Way to over stretch what he was talking about. Stop