[Full-disclosure] [ GLSA 201101-01 ] gif2png: User-assisted execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201101-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[Full-disclosure] [USN-1035-1] Evince vulnerabilities

=== Ubuntu Security Notice USN-1035-1 January 05, 2011 evince vulnerabilities CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643 === A security issue affects the

[Full-disclosure] Getting root, the hard way

/* * Linux Kernel CAP_SYS_ADMIN to root exploit * by Dan Rosenberg * @djrbliss on twitter * * Usage: * gcc -w caps-to-root.c -o caps-to-root * sudo setcap cap_sys_admin+ep caps-to-root * ./caps-to-root * * This exploit is NOT stable: * * * It only works on 32-bit x86 machines * * *

[Full-disclosure] [ MDVSA-2011:000 ] phpmyadmin

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:000 http://www.mandriva.com/security/

Re: [Full-disclosure] Getting root, the hard way

Is code no work: # uname -a OpenBSD cyka.etopizdets.ru 4.7 WRIGHTKERNEL#1337 i386 # md5 danposerberg.c MD5 (danposerberg.c) = 26b1dd146a3b96c63539f551a8741f18 # gcc danposerberg.c -o hakaruski danposerberg.c:53:30: linux/capability.h: No such file or directory danposerberg.c: In function `main':

Re: [Full-disclosure] Getting root, the hard way

 * Usage:  * gcc -w caps-to-root.c -o caps-to-root  * sudo setcap cap_sys_admin+ep caps-to-root  * ./caps-to-root Is further you fail because why see above: * sudo setcap cap_sys_admin+ep caps-to-root Is I had sudo for why I has to run this code when I can sudo su. Is you must change

[Full-disclosure] Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability

== Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability == 1. OVERVIEW The Joomla! 1.0.x series are currently vulnerable to Cross

[Full-disclosure] CarolinaCon-VII/2011 - Call for Papers/Presenters

InfoSec professionals, h4x0rs, international spies, script kidz, and posers, CarolinaCon is accepting speaker/paper/demo submissions for its 7th annual Hacking/InfoSec conference. This year's event will be held on the final weekend of April 2011 (Apr 29th thru May 1st) in Raleigh NC. Who

[Full-disclosure] Athena SSL Cipher Check v0.6.2

Athena SSL Cipher Check has been updated to version 0.6.2, and contains some important bug fixes. Download it from http://dmcdonald.net/athena-ssl-cipher-check_v062.tar.gz athena-ssl-cipher-check is an SSL Cipher scanner. Unlike most scanners, rather than scanning the few ciphers openssl

[Full-disclosure] Amusing xss against some lexmark printers

Good morning. I think for most people on this list, the PJL RDYMSG printer display message prank would not be new. However, what is amusing is that some lexmark (and dell) printers display the actual text on the printer display in their web interface without escaping it. This can be used to xss

Re: [Full-disclosure] Amusing xss against some lexmark printers

... the PJL RDYMSG prank ... can be used to xss the web interface. ... google for 'Lexmark X651de Device Status ' ... Amusing, but not very useful to have an XSS on such a website. The web interface should be locked down, or anyone can lock up your device or read your fax job log. Cheers,

Re: [Full-disclosure] Amusing xss against some lexmark printers

You can use nmap to set the RDYMSG of a printer and xss the printer web interface: nmap --script=pjl-ready-message.nse --script-args='pjl_ready_message=scriptalert(1);/script' . [0] *chuckles* What's the rendering engine? WebKit? ___