Re: [Full-disclosure] 2Wire Broadband Router Session Hijacking Vulnerability

CVE ID hasn't been assigned yet. - Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd On Tue, Aug 10, 2010 at 2:23 AM, Henri Salo wrote: > On Mon, 9 Aug 2010 23:12:29 +0800 > Y

Re: [Full-disclosure] Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers

On Sun, 8 Aug 2010, MustLive wrote: > Also in all versions of Mozilla and Mozilla Firefox it's possible to use > another variant of Strictly social XSS - with using of -moz-binding (for > Firefox < 3.0 or for Firefox => 3.0 with xml-file on the same site) or with > using of onMouseOver: > > http:

[Full-disclosure] ZDI-10-146: Apple Webkit Anchor Tag Mouse Click Event Dispatch Remote Code Execution Vulnerability

ZDI-10-146: Apple Webkit Anchor Tag Mouse Click Event Dispatch Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-146 August 9, 2010 -- CVE ID: CVE-2010-0048 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Saf

Re: [Full-disclosure] Project Vigilant

Cryptome has been following it very closely http://cryptome.org/0002/vigilant-fraud.htm http://cryptome.org/isp-spy/vigilant/vigilant-spies.htm http://cryptome.org/0002/vigilant-snitch.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.gr

[Full-disclosure] ZDI-10-145: Novell ZENWorks Remote Management Agent Weak Authentication Remote Code Execution Vulnerability

ZDI-10-145: Novell ZENWorks Remote Management Agent Weak Authentication Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-145 August 9, 2010 -- CVSS: 9, (AV:N/AC:L/Au:S/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell Zenworks -- Vulner

[Full-disclosure] Month of BEB

Greetings for you to and many of this is here list Full Disclosure. I'd would have to like to introduce you to new and as improved competition contest I call MoBEB (as this is pronounced Moe Behb) MoBEB is Month of Bad Engrish Bugs whereas for to why is you the silly reader is to for ans

Re: [Full-disclosure] 2Wire Broadband Router Session Hijacking Vulnerability

On Mon, 9 Aug 2010 23:12:29 +0800 YGN Ethical Hacker Group wrote: > == > 2Wire Broadband Router Session Hijacking Vulnerability > == > > > 1. O

Re: [Full-disclosure] Project Vigilant

--On Monday, August 09, 2010 09:38:46 -0800 gillis jones wrote: > > Hi List, >   > Normally don't post much, or at all- mainly just a lurker. But has anyone > heard of this 'Project Vigilant' asshattery that has emerged post-defcon? > Seems like Chet Uber claims to have a Avengers type squad of

Re: [Full-disclosure] Project Vigilant

Either they could teach operational security to the CIA or someone was trying to pull the wool over people's eyes! My bet would be option 2, but you never know. Gary B On 08/09/2010 01:38 PM, gillis jones wrote: > Hi List, > > Normally don't post much, or at all- mainly just a lurker. But has

[Full-disclosure] 2Wire Broadband Router Session Hijacking Vulnerability

== 2Wire Broadband Router Session Hijacking Vulnerability == 1. OVERVIEW The 2Wire Broadband Router is vulnerable to Session Hijacking flaw whic

[Full-disclosure] Project Vigilant

Hi List, Normally don't post much, or at all- mainly just a lurker. But has anyone heard of this 'Project Vigilant' asshattery that has emerged post-defcon? Seems like Chet Uber claims to have a Avengers type squad of uber nerds, but I can't find any record of his '10 years' of crime-fighting awes

[Full-disclosure] 2Wire Broadband Router Session Hijacking Vulnerability

== 2Wire Broadband Router Session Hijacking Vulnerability == 1. OVERVIEW The 2Wire Broadband Router is vulnerable to Session Hijacking flaw which attackers can compromise the router administrator session. 2. PRODUC

[Full-disclosure] ZDI-10-144: Apple Webkit Rendering Counter Remote Code Execution Vulnerability

ZDI-10-144: Apple Webkit Rendering Counter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-144 August 9, 2010 -- CVE ID: CVE-2010-1784 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- Vulnerability

[Full-disclosure] ZDI-10-143: Novell Sentinel Log Manager Multiple Servlet Remote Code Execution Vulnerabilities

ZDI-10-143: Novell Sentinel Log Manager Multiple Servlet Remote Code Execution Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-10-143 August 9, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell Security Manager -- Vulnerabil

[Full-disclosure] Nagios XI 2009R1.2B Multiple CSRF

Advisory Information Advisory ID: NGENUITY-2010-006 Date published: Aug. 7, 2010 Class: Cross-Site Request Forgery (CSRF) Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Description Nagios XI 2009R1.2B

Re: [Full-disclosure] Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers

Hi MustLive, I can not reproduce this on Firefox 3.6.8. When a test-application with one line of code gives the redirect, then nothing happens. No page with a "here" link and no alert and whatnot. maybe it's just your proxy or so.. /site.php?redir=javascript:alert(document.cookie) => Result: A

[Full-disclosure] ISS Proventia Desktop

Hi FD, I'd need help confirming a specific vulnerability, if you happen to have ISS Proventia Desktop installed, please get in touch with me. You don't need to expose anything - I will provide more information. Regards, Thierry ___ Full-Disclosu