Disocvered on Tue, 07 Jun 2011
by Dan Luedtke http://www.danrl.de
Abstract
Calendar application Dienstplan 2.2 uses predictive passwords in
user-creation and password-reset routines.
About Dienstplan
Dienstplan is a web-based calendar application written in PHP
month of? isn't our month over of this silliness?
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Herr E
Balls
Sent: Sunday, August 28, 2011 7:34 PM
To: full-disclosure@lists.grok.org.uk
Subject:
On 08/27/2011 08:54 AM, Mario Vilas wrote:
On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote:
when is smeone going to warez this... it aint free..
http://www.insecurityresearch.com/files/
___
Full-Disclosure - We
On Thu, Aug 25, 2011 at 03:52:00PM -0400, valdis.kletni...@vt.edu wrote:
On Thu, 25 Aug 2011 21:35:04 +0300, Georgi Guninski said:
On Wed, Aug 24, 2011 at 10:45:53AM +0100, Mark J Cox wrote:
Use CVE-2011-3192.
why the fuck use this shit?
So that when two different people issue
You are comparing a new product with others who have years of
development, it is not fair. If you like Core Impact or Metrasploit
Express, please pay your license and use them.
I'm not pushing you to use my software. INSECT Pro is free and I do it
because I like it. Not to like you.
Juan
CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.20
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.33
- Earlier, unsupported versions may also be affected
Apparently you are invulnerable to sarcasm.
On 08/29/2011 01:45 PM, Juan Sacco wrote:
You are comparing a new product with others who have years of
development, it is not fair. If you like Core Impact or Metrasploit
Express, please pay your license and use them.
I'm not pushing you to use
On 2011-08-26, at 05:08, Miroslav Stampar wrote:
Does anybody know what's the general opinion on disclosure of
WordPress plugin vulnerabilities in these two sections:
...
2) admin ones (requires access to the restricted admin area)
If you need full admin access to run the exploit, you probably
http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225ahl=en
any thoughts?
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Hello list!
I want to warn you about Insufficient Anti-automation and Denial of Service
vulnerabilities in ClickCMS, which is included in ClickEMU.
This is one of few advisories which I've made in April 2010, but didn't
publish to the lists due to large flame by moaners and double standarters
On Mon, Aug 29, 2011 at 3:38 PM, Ferenc Kovacs tyr...@gmail.com wrote:
http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225ahl=en
any thoughts?
sure:
- PRUNE YOUR ROOTS
- public key pinning == useful [0]
- perspectives == useful [1]
- google's cert catalog == useful [2]
-
On 2011-08-26, at 08:12, Nikolay Kichukov wrote:
Hi,
This one works like charm on my debian stable
LimitRequestFieldSize 200
in the apache2.conf as global directive for all vhosts.
Be cautious about applying this mitigation -- it *will* break applications
which use large cookies. In
On Mon, Aug 29, 2011 at 4:35 PM, coderman coder...@gmail.com wrote:
...
tech details http://pastebin.com/ff7Yg663
doh, try http://pastebin.com/SwCZqskV
___
Full-Disclosure - We believe in it.
Charter:
People hate you because you've been stealing software, slapping a new
wrapper on it, and calling it your own.
All other complaints, criticisms, or even approvals is nothing in
light of that simple fact. A light that was cast the first time you
released InsectPro to FD and all you got was a horde
Hey Gage, bad day huh? I don't argue with people on mailing list. You
are taking INSECT Pro too personal, take it easy.
If you like it, use it, if you dont like it dont use it, if you can do
it better, do it.
Good luck.
Juan Sacco ( runlvl )
On Mon, 29 Aug 2011 16:53:56 -0700, Gage Bystrom
15 matches
Mail list logo