xss attacks through utf7-BOM string injection
the beginning of the utf-7 BOM chascter is from Gareth Heyes's paper 《XSS
Lightsabre techniques》
-start--
CSS expressions with UTF-7
• UTF-7 BOM character can force UTF-7 in a external style sheet
•
Full disclosure means just that, unfortunately we have to take all the bad
with the good.
Sure it would work well for messages just being trolls/profanities and
whatnot, but it would be up to the moderator to determine if something falls
into a non desirable category.
I am sure you can see at thi
Michael Brooks (Sitewatch) discovered an XSS issue in the nonjs
interface that allowed HTML injection via a crafted parameter.
0.5.10 is now available. This is actually just 0.5.9 with the
following fix:
- CVE-2011-0050: XSS in R param in nonjs interface
David
__
moderation on this list is moot since people just sign up with a new email
address
as i have done several times in the past years
2011/2/8 David Klein
> Full disclosure means just that, unfortunately we have to take all the bad
> with the good.
>
> Sure it would work well for messages just being
moderated as in he removes people he thinks crosses the line
and it has been done for a lot longer than that
so no andrew you are not special.. it did not happen due to your inane
ramblings
2011/2/9 andrew.wallace
> On Wed, Feb 9, 2011 at 12:45 PM, huj huj huj wrote:
> > moderation on this lis
fair enough
i stand corrected
however the old practice you mentioned in the earlier post has been going on
for years
maybe you should have posted this link in that post :)
2011/2/9 andrew.wallace
> On Wed, Feb 9, 2011 at 12:59 PM, huj huj huj wrote:
> > moderated as in he removes people he thi
trivial SQL injection in LIGATT Security's LocatePC software
--
I'm going to skip all the drama and get straight to it. The
software is crap.
Affected Software:
LocatePC 1.05
Consequences:
Arbitrary SELECT queries ag
2011/2/9 andrew.wallace
> On Wed, Feb 9, 2011 at 1:25 PM, huj huj huj wrote:
> > fair enough
> > i stand corrected
> > however the old practice you mentioned in the earlier post has been going
> on
> > for years
> > maybe you should have posted this link in that post :)
>
> The only thing I got
Well, eventually even complete idiots get tired at beating rocks together
thinking they're doing some noise
On Wed, Feb 9, 2011 at 2:58 PM, huj huj huj wrote:
>
>
> 2011/2/9 andrew.wallace
>
>> On Wed, Feb 9, 2011 at 1:25 PM, huj huj huj wrote:
>> > fair enough
>> > i stand corrected
>>
Doubtful
2011/2/9 Christian Sciberras
> Well, eventually even complete idiots get tired at beating rocks together
> thinking they're doing some noise
>
>
>
> On Wed, Feb 9, 2011 at 2:58 PM, huj huj huj wrote:
>
>>
>>
>> 2011/2/9 andrew.wallace
>>
>>> On Wed, Feb 9, 2011 at 1:25 PM, hu
Hello list!
I want to warn you about Cross-Site Scripting and Remote HTML Include
vulnerabilities in PHPXref.
-
Affected products:
-
Vulnerable are PHPXref 0.7 and previous versions. In version PHPXref 0.7.1
the developer fixed these vulnerabilit
We are proud to announce the immediate availability of HITB Magazine
Issue 005 - The first HITB Magazine release for 2011!
HITB Magazine
=
http://magazine.hackinthebox.org/
Direct Link
===
http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-005.pdf
Just over a year has p
On Wed, Feb 09, 2011 at 01:45:27PM +0100, huj huj huj wrote:
> moderation on this list is moot since people just sign up with a new email
> address
> as i have done several times in the past years
>
hm, i thought having more than actor (possibly one time actor) was common
practice on this list...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:024
http://www.mandriva.com/security/
_
TPTI-11-01: Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code
Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-11-01
February 8, 2011
-- CVE ID:
CVE-2010-4188
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwav
TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-11-02
February 8, 2011
-- CVE ID:
CVE-2011-0555
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Player
TPTI-11-03: Adobe Shockwave Font Xtra String Decoding Remote Code Execution
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-11-03
February 8, 2011
-- CVE ID:
CVE-2011-0556
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Pla
TPTI-11-04: Adobe Shockwave GIF Logical Screen Descriptor Parsing Remote Code
Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-11-04
February 8, 2011
-- CVE ID:
CVE-2010-4189
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe S
TPTI-11-05: Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-11-05
February 8, 2011
-- CVE ID:
CVE-2011-0569
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Playe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:025
http://www.mandriva.com/security/
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Description of Vulnerability:
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL. The Drupal Data module
(http://drupal.org/project/data) "helps you model, manage and query
related sets of tables. It offers
http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk
Was it fixed? What's the current status?
The sounds like a major issue, and the lack of info about it is darn
impressive.
I tried it on my test Windows WAMP server:
';
$f=(float)"2.2250738585072011e-308";
echo 'Try 1 => '.$f.'';
$f=floatval("2.2250738585072011e-308");
echo 'Tr
Ah, been reading more about it, seems it was fixed.
Still, there should have been safeguards around this - I'm thinking they
should check existing conversion routines to ensure they're safe...
On Wed, Feb 9, 2011 at 8:54 PM, Christian Sciberras wrote:
> Was it fixed? What's the current status
Christian, this issue has been 'floating' around for several months now.
On Wed, Feb 9, 2011 at 7:56 PM, Christian Sciberras wrote:
> Ah, been reading more about it, seems it was fixed.
>
> Still, there should have been safeguards around this - I'm thinking they
> should check existing conversion
On Wed, 09 Feb 2011 20:54:41 +0100, Christian Sciberras said:
> $f=floatval("2.2250738585072011e-308");
> echo 'Try 2 => '.$f.'';
> Plus, I'm a bit amazed such a bug exists in PHP - since converting to
> floating point is a trivial operation, it should have been limited and
> safe-guarded
You've misread my statement, I didn't say floating point is trivial.
I actually said securing a base data type is trivial.
I'd give you credit if this was a complex issue in, say, deserializing some
complex type, but not float.
How many simple types does PHP have? Integer, float, string and bool
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2158-1 secur...@debian.org
http://www.debian.org/security/ Steve Kemp
February 9, 2011
Breakin' fuckin' news! (Or not!) One of those stories is over a month old,
the other is over a week old. Nothing particularly exciting or unexpected in
either. It's just typical GPL code quality.
From: litera...@gmail.com
To: full-disclosure@lists.grok.org.uk
Date: Wed, 9 Feb 2011 12:40:54
Secure Network - Security Research Advisory
Vuln name: Linksys WAP610N Unauthenticated Access With Root Privileges
Systems affected: WAP610N (Firmware Version: 1.0.01)
Systems not affected: --
Severity: High
Local/Remote: Remote
Vendor URL: http://www.linksysbycisco.com
Author(s): Matteo Ignaccolo
It borders idiocy this hasn't been plugged.
Aerojam
--- On Wed, 2/9/11, Leon Kaiser wrote:
From: Leon Kaiser
Subject: [Full-disclosure] {Java,PHP} Server Exploits
To: full-disclosure@lists.grok.org.uk
Date: Wednesday, February 9, 2011, 5:40 PM
http://developers.slashdot.org/story/11/
[Full-Disclosure] Mailing List Charter
John Cartwright
- Introduction & Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with security issues and the
32 matches
Mail list logo
