Re: [Full-disclosure] Cyberwar between Israel and Turkish Hacker

On Wed, 07 Sep 2011 04:55:36 +0530, Mohit Kumar said: > Turkish hacker "*TurkGuvenligi*" hijacked some 350 Israeli websites on > Sunday evening > "*The hack represents a 10%-15% spike compared to the average number of > daily hacks of Israeli websites*," Hmm... if 350 is a 10% spike, then the ba

Re: [Full-disclosure] Malcon 2011 - Call for Papers

You might as well organize the conference inside a prison and save the police some time. On 09/06/2011 08:26 PM, Mohit Kumar wrote: > Malcon is the worlds first platform bringing together Malware and > Information Security Researchers from across the globe to share key research > insights into bui

Re: [Full-disclosure] 20 Famous websites vulnerable to Cross Site Scripting (XSS) Attack

Very nice :) Impressive for XSS (for once). xd On 7 September 2011 09:28, Mohit Kumar wrote: > Most of the biggest and Famous sites are found to be Vulnerable to XSS > attack . Cross-site scripting (XSS) is a type of computer security > vulnerability typically found in web applications which

[Full-disclosure] Malcon 2011 - Call for Papers

Malcon is the worlds first platform bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares . *Call for Papers:* Malcon 2011 are looking for new techniques, tool releases,uniqu

[Full-disclosure] 20 Famous websites vulnerable to Cross Site Scripting (XSS) Attack

Most of the biggest and Famous sites are found to be Vulnerable to XSS attack . Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such co

[Full-disclosure] Registry Decoder - Digital Forensics Tool

Digital forensics deals with the analysis of artifacts on all types of digital devices. One of the most prevalent analysis techniques performed is that of the registry hives contained in Microsoft Windows operating systems. Registry Decoder was developed with the purpose of providing a single tool

[Full-disclosure] Cyberwar between Israel and Turkish Hacker

Turkish hacker "*TurkGuvenligi*" hijacked some 350 Israeli websites on Sunday evening, launching a Domain Name System (DNS) attack on at least seven high-profile websites including The Telegraph, Acer, National Geogra

[Full-disclosure] New Bugs released today on vl

Hallo, some new publications with technical details of today. For PoC & resources (pictures, logs & co) request -> resea...@vulnerability-lab.com Skype 5.3.x 2.2.x 5.2.x - Persistent Software Vulnerability http://www.vulnerability-lab.com

[Full-disclosure] Site Vulnerabilities: myexgf.com

Site Vulnerabilities: myexgf.com - Cross Site Scripting This vulnerability affects /cgi-bin/te/o.cgi. The impact of this vulnerability Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacke

[Full-disclosure] Permutation Oriented Programming - Part 2.

Just to let you know that new example codes and a demonstration video is now available. The new example codes is capable to bypass a MS08-078 workaround recommended by Microsoft, proving the power of a Permutation Oriented Programming approach. - Video: http://fnstenv.blogspot.com/2011/09/permuta

[Full-disclosure] GeoClassifieds Lite Multiple vulnerabilities

- [+] Title: GeoClassifieds Lite Multiple vulnerabilities [+] Affected Version : v2.0.1 & V2.0.3.1 & V2.0.3.2 &V2.0.4 [+] Software Link: http://geodesicsolutions.com/ [+] Tested on: Windows 7 [+] Date

Re: [Full-disclosure] [SECURITY] [DSA 2300-2] nss security update

On Tue, 06 Sep 2011 19:29:56 +0300, Georgi Guninski said: > you appear to not be CVE(R) compliant. where is the CVE(R) id? https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=DigiNotar Right there. Hope that helps. > i immediately request you get a CVE(R) id and repost this email!!! https://cve

Re: [Full-disclosure] [SECURITY] [DSA 2300-2] nss security update

On Mon, Sep 05, 2011 at 10:15:22PM +0200, Thijs Kinkhorst wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - - > Debian Security Advisory DSA-2300-2 secur...@debian.org > http://www.debian.org/sec

[Full-disclosure] [SECURITY] [DSA 2301-1] rails security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2301-1 secur...@debian.org http://www.debian.org/security/ Luciano Bello September 5, 2011

[Full-disclosure] [SECURITY] [DSA 2300-2] nss security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2300-2 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst September 5, 2011

[Full-disclosure] [SECURITY] [DSA 2298-2] apache2 regression fix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2298-2 secur...@debian.org http://www.debian.org/security/Stefan Fritsch September 05, 2011

[Full-disclosure] Globaleaks demo of the Prototype online! $ /etc/init.d/globaleaks start

Hi All, We are pleased to announce the release of the GlobaLeaks Prototype Demo. You are all invited to take a look at it and try how it feels to a Node Administrator, Whistleblower and TULIP receiving target. You can reach the demo on http://demo.globaleaks.org/ GlobaLeaks is the first Open So

Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking

On Mon, Sep 05, 2011 at 07:50:51PM +, Thor (Hammer of God) wrote: > Excellent points - one slight addition, though: > > >In fact, the Windows Script Host software is mostly used to write system > >maintenance scripts, > >so it's obvious its scripts can't be restricted or they'd be useless. >

[Full-disclosure] [ MDVSA-2011:132 ] pidgin

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:132 http://www.mandriva.com/security/ _