- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201101-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
===
Ubuntu Security Notice USN-1035-1 January 05, 2011
evince vulnerabilities
CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643
===
A security issue affects the
/*
* Linux Kernel CAP_SYS_ADMIN to root exploit
* by Dan Rosenberg
* @djrbliss on twitter
*
* Usage:
* gcc -w caps-to-root.c -o caps-to-root
* sudo setcap cap_sys_admin+ep caps-to-root
* ./caps-to-root
*
* This exploit is NOT stable:
*
* * It only works on 32-bit x86 machines
*
* *
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:000
http://www.mandriva.com/security/
Is code no work:
# uname -a
OpenBSD cyka.etopizdets.ru 4.7 WRIGHTKERNEL#1337 i386
# md5 danposerberg.c
MD5 (danposerberg.c) = 26b1dd146a3b96c63539f551a8741f18
# gcc danposerberg.c -o hakaruski
danposerberg.c:53:30: linux/capability.h: No such file or directory
danposerberg.c: In function `main':
* Usage:
* gcc -w caps-to-root.c -o caps-to-root
* sudo setcap cap_sys_admin+ep caps-to-root
* ./caps-to-root
Is further you fail because why see above:
* sudo setcap cap_sys_admin+ep caps-to-root
Is I had sudo for why I has to run this code when I can sudo su. Is
you must change
==
Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
==
1. OVERVIEW
The Joomla! 1.0.x series are currently vulnerable to Cross
InfoSec professionals, h4x0rs, international spies, script kidz, and
posers,
CarolinaCon is accepting speaker/paper/demo submissions for its 7th annual
Hacking/InfoSec conference. This year's event will be held on the final
weekend of April 2011 (Apr 29th thru May 1st) in Raleigh NC.
Who
Athena SSL Cipher Check has been updated to version 0.6.2, and
contains some important bug fixes.
Download it from http://dmcdonald.net/athena-ssl-cipher-check_v062.tar.gz
athena-ssl-cipher-check is an SSL Cipher scanner. Unlike most
scanners, rather than scanning the
few ciphers openssl
Good morning. I think for most people on this list, the PJL RDYMSG
printer display message prank would not be new.
However, what is amusing is that some lexmark (and dell) printers
display the actual text on the printer display in their web interface
without escaping it. This can be used to xss
... the PJL RDYMSG prank ... can be used to xss the web interface.
... google for 'Lexmark X651de Device Status ' ...
Amusing, but not very useful to have an XSS on such a website.
The web interface should be locked down, or anyone can lock up your
device or read your fax job log.
Cheers,
You can use nmap to set the RDYMSG of a printer and xss the printer
web interface:
nmap --script=pjl-ready-message.nse
--script-args='pjl_ready_message=scriptalert(1);/script' . [0]
*chuckles*
What's the rendering engine? WebKit?
___
12 matches
Mail list logo