Re: [Full-disclosure] full disclosure my dear (Microsoft IIS 6.0 Denial of Service)

Are you trying to Pwn$ G33ks here? On Fri, Oct 1, 2010 at 8:41 AM, HI-TECH . isowarez.isowarez.isowa...@googlemail.com wrote: vulnerability description is attached to this email. /Kingcope ___ Full-Disclosure - We believe in it. Charter:

Re: [Full-disclosure] full disclosure my dear (Microsoft IIS 6.0 Denial of Service)

geeks - the only ones that could ever possibly care about a DOS. On Fri, Oct 1, 2010 at 10:23 AM, Jacky Jack jacksonsmth...@gmail.com wrote: Are you trying to Pwn$ G33ks here? On Fri, Oct 1, 2010 at 8:41 AM, HI-TECH . isowarez.isowarez.isowa...@googlemail.com wrote: vulnerability

[Full-disclosure] rfi by iframe xss in high school

http://hacking-avanzado.blogspot.com/2010/09/rfi-en-la-universidad-autonoma-de.html Eduardo Abril Security Consultant ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia

Re: [Full-disclosure] rfi by iframe xss in high school

http://www.sutran.es/blog_hiperhidrosis/?p=128preview=true Que te parece? On Fri, Oct 1, 2010 at 12:11 PM, bpepelotas/b pepelotas...@gmail.comwrote: http://hacking-avanzado.blogspot.com/2010/09/rfi-en-la-universidad-autonoma-de.html Eduardo Abril Security Consultant

[Full-disclosure] Multiple vulnerabilities in WordPress 2 and 3

Hello Full-Disclosure! I want to warn you about Cross-Site Scripting, Full path disclosure, Information Leakage, Directory Traversal, Arbitrary File Deletion and Denial of Service vulnerabilities in WordPress. For all these attacks it's needed to have access to admin account, or to have account

[Full-disclosure] [ MDVSA-2010:191 ] mailman

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:191 http://www.mandriva.com/security/

[Full-disclosure] ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability

ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-189 October 1, 2010 -- CVSS: 7.8, (AV:N/AC:L/Au:N/C:N/I:N/A:C) -- Affected Vendors: Novell -- Affected Products: Novell eDirectory -- TippingPoint(TM) IPS

Re: [Full-disclosure] full disclosure my dear (Microsoft IIS 6.0 Denial of Service)

Hello list, looks like this bug is covered by MS10-065 ('IIS Repeated Parameter Request Denial of Service Vulnerability') as tests by VUPEN have shown. from vupen on twitter: We analyzed the MS IIS 0day disclosed by @kingcope and we confirmed that it is NOT a 0D. This is the DoS fixed in MS10-065

[Full-disclosure] ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability

ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-190 October 1, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iManager --

[Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers

BrailleNote Apex offers telnet and FTP access on the standard ports, with read/write privilege on the entire file system, to all comers. No authentication is required. BrailleNote is unsafe on any network whose devices you are not in full charge of, and which (by NAT or firewall) does not

Re: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers

⠠⠊⠋ ⠃⠁⠙ ⠛⠥⠽⠎ ⠁⠗⠑ ⠕⠝ ⠽⠕⠥⠗ ⠝⠑⠞⠺⠕⠗⠅, ⠽⠕⠥ ⠼⠚⠼⠉⠼⠊;⠗⠑ ⠎⠉⠗⠑⠺⠑⠙ ⠁⠝⠽⠺⠁⠽ t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of Sabahattin Gucukoglu Sent: Friday, October 01, 2010 2:32 PM To:

Re: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers

On 1 Oct 2010, at 22:57, Thor (Hammer of God) wrote: ⠠⠊⠋ ⠃⠁⠙ ⠛⠥⠽⠎ ⠁⠗⠑ ⠕⠝ ⠽⠕⠥⠗ ⠝⠑⠞⠺⠕⠗⠅, ⠽⠕⠥ ⠼⠚⠼⠉⠼⠊;⠗⠑ ⠎⠉⠗⠑⠺⠑⠙ ⠁⠝⠽⠺⠁⠽ (If a bad guy is on your network, you're screwed anyway) With those services closed, it doesn't take a five-second run of nmap and wget to ransack the owner's device, though. And

Re: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers

Point taken :) I just wanted to see if it would post properly :-p -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of Sabahattin Gucukoglu Sent: Friday, October 01, 2010 3:17 PM To:

Re: [Full-disclosure] [Braillenote] Warning: BrailleNote Apex Offers Read/Write FTP AndTelnet Access To All Comers

Hi, Uh oh... This is a very huge security risk. It's not KeySoft's fault (I'd say) - it's the network services on Windows CE's problem. If someone does write a web app or a program which launches automatically on the Apex, and if this program came through standard ports on the network, then

Re: [Full-disclosure] [Braillenote] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers

While I am shocked at this sort of security risk on a bn, I wonder how you use it to access your files without, as you say, using ActiveSync? I am on a public network at school and am therefore rather worried about this (then again, I doubt anyone on campus knows what telnet is, let alone how to

[Full-disclosure] Facebook Places private information leak

SUMMARY A vulnerability was discovered in Facebook Places that could be exploited to divulge a user's location even if the user has restricted their location information to “only friends” or “only me”, as long as the “make me visible in people here now” option is enabled HISTORY Vulnerability