[Full-disclosure] Multiple XSS+XSRF found at Movistar Chile

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Status: reported Discovered: April 25, 2011, 9:32 p.m. XSS: http://www.movistar.cl/PortalMovistarWeb/appmanager/Porta%3Cscript%3Ealert(/xss/)%3C/script%3EalMovistar/portal?_nfpb=true&_pageLabel

Re: [Full-disclosure] Warning - t00ls.org hidden callback in shells

Just an update to the previous post on this topic. The attacker has been moving around his datafile containing the list of urls with shell scripts installed. His old one: http://xmors.byethost7.com/mynameisahmed..html has been shutdown. Did some investigating, and found some other places this guy

[Full-disclosure] Trustwave WebDefend Privilege Escalation Vulnerability

-- 1. Summary: A privilege escalation vulnerability has been identified in Trustwave's WebDefend Enterprise product. It is possible for the restricted operator account to gain access as root on the appliance. ---

Re: [Full-disclosure] iPhone Geolocation storage

M$ are in the love in http://news.cnet.com/8301-31921_3-20057329-281.html On Tue, Apr 26, 2011 at 8:12 PM, Ivan . wrote: > Interesting write up, and apparently old news > > > https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/ > > On Fri,

[Full-disclosure] CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server

-BEGIN PGP SIGNED MESSAGE- CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server Issued: April 26, 2011 CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist

[Full-disclosure] Default config bug leaves 394, 000 computers open proxies

A flaw in the PPLive video streaming software leaves quite a lot of computers open as proxies for clickfraud, clickjacking and spam. A new port, TCP port 9415, was appearing regularly on websites that list open proxies. Most of these open proxies were based in China. However, some were also ba

[Full-disclosure] [SECURITY] [DSA 2226-1] libmodplug security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2226-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff April 26, 2011

[Full-disclosure] [SECURITY] [DSA 2225-1] asterisk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2225-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff April 25, 2011

[Full-disclosure] iPhone Geolocation storage: Levinson write-up [Re: Full-Disclosure Digest, Vol 74, Issue 47]

On Tue, 26 Apr 2011 20:12:02 +1000, "Ivan ." wrote: "Interesting write up, and apparently old news" https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/ I agree that it was interesting, and raised some pertinent points. However, the scope of

Re: [Full-disclosure] iPhone Geolocation storage

Interesting write up, and apparently old news https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/ On Fri, Apr 22, 2011 at 1:59 PM, mark seiden wrote: > yes, that's right. on one of the forensics lists someone pointed out that > he started