[Full-disclosure] csrf and xss vs the openwrt 10.03 webinterface

The openwrt 10.03 webinterface seems to have no protection against csrf... In addition, the following xss can be used against the webinterface: 1. (nearly any page) e.g. http://192.168.0.1/cgi-bin/luci/;stok=d/admin/network/network/"/>alert(1); 2. the query for packages e.g. http://192.168.0.1/cg

Re: [Full-disclosure] Archive of NoMarriage.com, The definitive guide on marriage and staying single.

> Also, happy to see David Kernell, the /b/tard getting some incarceration. > It's nice to see people out there actually wnat to get rid of the bad guys 4 > once. Enjoy your conviction. Anyone not familiar: David Kernell, the son of Tennessee state representative Mike Kernell, hacked Sarah Palin's

[Full-disclosure] Archive of NoMarriage.com, The definitive guide on marriage and staying single.

Jon Hertzog is a voice echoing out in the wilderness. My oracle of the day, an ode to you I giveth. Single? Enjoy that freedom. That creativity, that entrepeaunerial vigor. Let's do good in the world. Let's create wealth and give back to the world magnitudes more than we take! Also, happy

[Full-disclosure] Babylon Cross-Application Scripting Code Execution

Introduction Babylon is a single-click computer online dictionary and translation software which is also capable of translating whole documents and web pages. The translation and dictionary results are presented to the user via the Trident layout engine (an in-app/embedded Internet-Ex

Re: [Full-disclosure] NiX - Linux Brute Forcer (the beast) has been released!]]

Original Message Subject: Re: [Full-disclosure] NiX - Linux Brute Forcer (the beast) has been released!] From:"Ryan Sears" Date:Fri, November 12, 2010 6:59 pm To: n...@myproxylists.com Cc: full-disclosure@lists.grok.org.uk

[Full-disclosure] [ MDVSA-2010:231 ] poppler

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:231 http://www.mandriva.com/security/ _

Re: [Full-disclosure] NiX - Linux Brute Forcer (the beast) has been released!]

Well that's not really a useful response. He asked a simple question (the first one that popped into my head as well). Basically it comes down to this: THC's Hydra already does all that stuff, and they've been doing it for years and years. How does your tool fit in with it? It sounds like you

[Full-disclosure] [ MDVSA-2010:230 ] poppler

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:230 http://www.mandriva.com/security/ _

[Full-disclosure] [ MDVSA-2010:229 ] kdegraphics

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:229 http://www.mandriva.com/security/ _

[Full-disclosure] [ MDVSA-2010:228 ] xpdf

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:228 http://www.mandriva.com/security/ _