Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

The reason why no one understood your ground-breaking vulnerability (broken English aside) is because it's a *feature*. Whether you're being a smartass right now or not is irrelevant, being that my email generated the exact same thing as yours did (view source on both of them). The difference is, y

[Full-disclosure] [SECURITY] [DSA 2258-1] kolab-cyrus-imapd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2257-1 secur...@debian.org http://www.debian.org/security/Nico Golde June 11, 2011

[Full-disclosure] [SECURITY] [DSA 2259-1] fex security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2259-1 secur...@debian.org http://www.debian.org/security/Nico Golde June 12, 2011

[Full-disclosure] Blind Sql Injection With Regular Expression

New and fast attack for blind sql injection. http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secuni

Re: [Full-disclosure] Contact for reporting Facebook vulnerability

http://www.facebook.com/help/contact.php?show_form=white_hat First google link On Sat, Jun 11, 2011 at 11:51 AM, Madhur Ahuja wrote: > Does anyone know where I can report vulnerabilities in Facebook ? > > Thanks, > Madhur > > ___ > Full-Disclosure - We

Re: [Full-disclosure] Contact for reporting Facebook vulnerability

Then why are you asking if you know the answer ? You have a low-self-esteem ? On 6/11/2011 8:12 PM, Madhur Ahuja wrote: > Shouldn't I first report to Facebook at > http://www.facebook.com/help/contact.php?show_form=white_hat > ? > > On Sat, Jun 11, 2011 at 3:10 PM, Andrew D Kirch wrote: >> On 6/

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

On Sat, Jun 11, 2011 at 08:02:20PM -0500, adam wrote: > I guess we're right back to being idiotic. > > Either way, Christian, you may want to be careful. When this guy isn't busy > releasing ground-breaking, never-before-seen full disclosures, he's hacking > people off the internet: > > http://r

[Full-disclosure] New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello list! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ (SI2000 Callisto821+ Router). These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative (and this modem was bough

[Full-disclosure] [HITB-Announce] HITB eZine Issue #006 Released!

After a slight delay, we are pleased to announce that Issue 006 of the HITB Magazine is now available for download (PDF)! (The slight delay was to allow us to bring you some post conference coverage!) http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-006.pdf We've got loads of awesome cont

Re: [Full-disclosure] Contact for reporting Facebook vulnerability

Guys, Can we close this discussion now, since the vulnerability in discussion I was talking about is Session Sidejacking and its something applicable to all sites not just facebook. Thanks, Madhur On Mon, Jun 13, 2011 at 10:21 AM, TAS wrote: > And you think you couldn't have got that before you

[Full-disclosure] [ MDVSA-2011:108 ] xerces-j2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:108 http://www.mandriva.com/security/ _

Re: [Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...

On Sun, 12 Jun 2011 11:33:17 +1000, -= Glowing Doom =- said: > This code is not what shows up when it is dissected. > It shows up with many x41 all over the email when it is done properly . Part of the problem is that your original PoC mail didn't in fact have x41s all over the place. Your origi

[Full-disclosure] [ MDVSA-2011:109 ] webmin

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:109 http://www.mandriva.com/security/ _

[Full-disclosure] [Annoucement] ClubHack Magazine - Call for Articles

ClubHack Magazine is seeking for submissions for next issue i.e. July 2011 issue. If you have something interesting and would like to share, please send in your articles to abhij...@clubhack.com Topics/Themes for July issue is - Metasploit. Other articles, not related to metasploit, are also welco

Re: [Full-disclosure] Contact for reporting Facebook vulnerability

And you think you couldn't have got that before you even posted on the list! - TAS http://twitter.com/p0wnsauc3 -Original Message- From: Madhur Ahuja Sender: full-disclosure-boun...@lists.grok.org.uk Date: Sat, 11 Jun 2011 15:59:20 To: adam Cc: Subject: Re: [Full-disclosure] Contact f

Re: [Full-disclosure] (fractal-Self__) : A theoretical introduction to Universe, Conscious Machines and Programming Ur-cells !!!

tl;dr ACID IS A LOT OF FUN AMIRITE? -TRAVIS On Sun, Jun 12, 2011 at 8:36 PM, Christian Sciberras wrote: > Fractal fractal fractal, even us that coined the concept can't keep it > going forever. > Seems evident that each subsystem looses key aspects of its parent, this > might turn out to be a sy

[Full-disclosure] Last Day for AppSec USA 2011 CFP!

It's the last day for CFP submissions for the global OWASP AppSec USA 2011 software security conference, so get those abstracts entered! The conference talks are September 22-23 in Minneapolis. http://www.appsecusa.org/talks.html Here are the core content areas: * Cloud Security * Mobile Securit