On Wed, 26 Jan 2011 21:43:28 PST, Michal Zalewski said:
The real problem is that when mhtml: is used to fetch the container
over an underlying protocol, it does not honor Content-Type and
related headers (or even nosniff).
Geez. It's 2011, and people are *still* doing that same basic error?
==
Vanilla Forums 2.0.16 = Cross Site Scripting Vulnerability
==
1. OVERVIEW
The Vanilla Forums 2.0.16 and lower versions were vulnerable to
Security is a general,Many security issues are composed of many
different vulnerabilities of different factory.
like mhtml:http://www.google.com/gwt/n?u=[mhtml file url]! this vul
so we come back this vul need two Conditions
Hey Steve, Thanks for your time. Probably this tool is not meant for you,
since you use metasploit, I wasnt trying to reinvent the wheel, This tool is
oriented to people with basic security skills, that need a way to do pentest
to their sites among many other possibilities.
Thanks again, dont
Oh, fuck this shit.
http://rapidshare.com/files/444699301/InsectProFull.zip
This is the previous version, you can guess what the new version should be like.
___
Full-Disclosure - We believe in it.
Charter:
Even though I am not an established Security Professional, I would like to
make a comment regarding your software.
I generally only donate to people/companies that produce software which I
can see/experience. Unfortunately, your software is being released with the
stipulation that a person
BIG UPS TO KRASHED
Leon Kaiser - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of
Not a google vuln.
Hunt down MSFT to pay for your bug.
Oh wait they dont pay for free research.. 0noz, you wont get any candy !
2011/1/27, IEhrepus 5up3r...@gmail.com:
Security is a general,Many security issues are composed of many
different vulnerabilities of different factory.
like
The following web applications are found to have full path disclosure
flaws (Ref: WASC-13, CWE-200).
-
htmlpurifier-4.2.0
phpids-0.6.5
PhpSecInfo
111WebCalendar-1.2.3
adodb
aef-1.0.8
ATutor-2.0
auth
b2evolution-3.3.3
bbpress-1.0.2
cftp-r80
claroline-1.9.7
Knowing one of the people listed in the shout-outs, I told them about the
props and they got back with the following statement:
After doing some digging, [I] found out that they did it to their own
website to generate publicity. The person responsible told me he didn't
think anything would happen
I've received indications that Insect Pro 2.0 is free to redistribute
and contains no copyright infringement, and as such am making it
available from the following site:
http://insectpro.highprofilesite.com/
The only assertions for legality and usefulness come from the author,
Steve, thanks for the hosting and advertising, and also for the donation, I
am taking it as a double donation! :-D
Hope you can post some images and a review of the product real soon!
Juan Sacco
--
_
Insecurity Research - Security auditing and
ZDI-11-028: Symantec AMS Intel Alert Service AMSSendAlertAct Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-028
January 27, 2011
-- CVE ID:
CVE-2010-110
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Symantec
-- Affected Products:
ZDI-11-029: Symantec AMS Intel Alert Handler Service CreateProcess Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-029
January 27, 2011
-- CVE ID:
CVE-2010-111
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Symantec
-- Affected
ZDI-11-030: Symantec AMS Intel Alert Handler Modem String Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-030
January 27, 2011
-- CVE ID:
CVE-2010-111
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Symantec
-- Affected Products:
ZDI-11-031: Symantec AMS Intel Alert Handler Pin Number Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-031
January 27, 2011
-- CVE ID:
CVE-2010-111
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Symantec
-- Affected Products:
ZDI-11-032: Symantec Intel Alert Originator Service iao.exe Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-032
January 27, 2011
-- CVE ID:
CVE-2010-111
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Symantec
-- Affected Products:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20101231-01: Security Notice for CA ARCserve D2D
Issued: December 31, 2010
Last Updated: January 26, 2011
CA Technologies support is alerting customers to a security risk with
CA ARCserve D2D. A vulnerability exists that can allow a remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2152-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
January 27, 2011
ZDI-11-033: Realplayer vidplin.dll AVI Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-033
January 27, 2011
-- CVE ID:
CVE-2010-4393
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
RealNetworks
-- Affected Products:
RealNetworks
ZDI-11-033: Realplayer vidplin.dll AVI Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-033
January 27, 2011
-- CVE ID:
CVE-2010-4393
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
RealNetworks
-- Affected Products:
RealNetworks
21 matches
Mail list logo