On 8/23/11 2:02 AM, n...@myproxylists.com wrote:
Im involved in anonymity and privacy research and development. I've
recently released NiX Web Proxy Script:
A fully working online demo: http://myproxylists.com/nix_web_proxy/
I understand your point but it's always harder to find bugs when
Hi,
I have got an abc.img file for an Embedded router. I am planning to do some
reverse engg.
Need inputs to dissect the Linux kernel and CRAMFS portion, further modify
it and then putting it back to .img format.
Cheers,
Naik
___
Full-Disclosure - We
,-._,-.Sagan [http://sagan.quadrantsec.com]
\/)(\/By Champ Clark III Quadrant InfoSec Team: [quadrantsec.com]
(_o_) Copyright (C) 2009-2011 Quadrant Information Security, et al.
/ \/)
(|| ||)
oo-oo
Quadrant Information Security
Information
Name : XSS Reflected on BING.COM
Software : BING.COM MAPS
Vendor Homepage : http://www.bing.com
Vulnerability Type : XSS Reflected
Severity : Very High
Researcher : Juan Sacco (runlvl) jsacco [at] insecurityresearch [dot]
com
Description
--
On 8/23/11 6:20 PM, n...@myproxylists.com wrote:
This is what you jealous people want to say.
I don't care, i don't have any business with glype.com nor with you .
Well then I wonder why you made this accusation to public. What comes to
proxifying, there are always some similarities.
Im
On Tue, Aug 23, 2011 at 7:49 PM, n...@myproxylists.com wrote:
On 8/23/11 6:20 PM, n...@myproxylists.com wrote:
This is what you jealous people want to say.
I don't care, i don't have any business with glype.com nor with you .
Well then I wonder why you made this accusation to public. What
FHTTP [http://sourceforge.net/projects/fhttp/,
http://packetstormsecurity.org/files/104315]
By Xianur0 Los Caballeros Team [hackingtelevision.blogspot.com]
Copyright (C) 2010-2011 Los Caballeros.
What is FHTTP?
FHTTP is a framework for HTTP protocol attacks consisting of more than
2000 lines.
You can usually find the update script in the cramfs. when you upload
a new firmware, they will have a script that deals with the system
image. It will contain all the information you need to recreate an
image file.
Jason Ellison
___
Full-Disclosure -
ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-273
August 23, 2011
-- CVE ID:
CVE-2011-2735
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
EMC
-- Affected Products:
EMC AutoStart
--
On 8/23/11 7:53 PM, Ferenc Kovacs wrote:
nobody said that you simply copied it:
- stealing the glype.com php proxy source-code
- modifying it
- making your own release obfuscated with sourceguardian
- not even saying that's Glype based
yeah
They don't even customized the error codes,
ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-274
August 23, 2011
-- CVE ID:
CVE-2011-2735
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
EMC
-- Affected Products:
EMC AutoStart
ZDI-11-275: EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-275
August 23, 2011
-- CVE ID:
CVE-2011-2735
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
EMC
-- Affected Products:
EMC AutoStart
ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-276
August 23, 2011
-- CVE ID:
CVE-2011-2140
-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
-- Affected Vendors:
Adobe
-- Affected Products:
Reagrding this bug,
The release should have also specified a bugfix / workaround, ofcourse
usually this is the case, altho the one i have seen, does not work on all
boxes.
On a BSD 8.0 box, it killed eveything, swap/ram, eveything died/needed
reboot. now, what is quite annoying, i guess is that i
Reagrding this bug,
The release should have also specified a bugfix / workaround, ofcourse
usually this is the case, altho the one i have seen, does not work on all
boxes.
On a BSD 8.0 box, it killed eveything, swap/ram, eveything died/needed
reboot. now, what is quite annoying, i guess is
Yea, i think only way to get around it is to upgrade httpd versions.. I
tried it on freeBSD8.2 standard default settings and httpd devel and that
seems fine, even standard httpd alone on another box, again running 8.2, is
fine.
Some boxes also seem to only consume ram, when it is swap that is the
INSECT Pro is a new free tool for Penetration Testing and the ultimate
resource to demonstrate the security or vulnerability of your network.
INSECT Pro goes beyond simply detecting vulnerabilities to safely
exploiting them. The first free integrated vulnerability and penetration
testing tool,
oops.. forgot to cc the list :P wuld maybe help...
Yes, i still think a nice .sh/.patch for this would be great for things like
productuion boxes wich run 400 or so sites and need a fast fix b4 things
start to crumble :s.. in my case, it is one box out of 10 wich is being the
pain, and, i dont
Hello list,
oops looks like this bug has nothing to do with mod_deflate/mod_gzip,
read on here where the apache team is resolving the issue:
http://www.gossamer-threads.com/lists/apache/dev/401638
Cheers,
Kingcope
2011/8/20 Moritz Naumann secur...@moritz-naumann.com:
On 20.08.2011 00:23
http://www.gossamer-threads.com/lists/apache/dev/401638
FWIW, I pointed out the DoS-iness of their Range handling a while ago:
http://seclists.org/bugtraq/2007/Jan/83
/mz
___
Full-Disclosure - We believe in it.
Charter:
20 matches
Mail list logo
