Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, "Jeffrey Walton" wrote: > On Mon, Sep 26, 2011 at 8:47 PM, Ivan . wrote: >> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html > Though HMA claims they complied with a cou

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

On Mon, Sep 26, 2011 at 8:47 PM, Ivan . wrote: > http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no j

[Full-disclosure] Twitter URL spoofing still exploitable

Some of you might consider this blog post of value: http://ximen.es/?p=534 Thanks, Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hos

[Full-disclosure] VPN provider helped track down alleged LulzSec member

http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://s

[Full-disclosure] XSS and FPD vulnerabilities in Adobe ColdFusion

Hello list! I want to warn you about new security vulnerabilities in Adobe ColdFusion. These are Cross-Site Scripting and Full path disclosure vulnerabilities. - Affected products: - Vulnerable are Adobe ColdFusion 7 and previous versions to XSS,

[Full-disclosure] sshtrix - a very fast multithreaded SSHv1 and SSH1v2 login cracker (version 0.0.2)

hi there, i publish sshtrix version 0.0.2 with lot's of improvements and features. nice tool. ;) you can get it here: http://www.noptrix.net/codes.html cheers, noptrix -- Name: Levent 'noptrix' Kayan E-Mail: nopt...@lamergarten.net GPG key: 0x014652c0 Key fingerprint: ABEF 4B4B 5D93 32B8 D423

[Full-disclosure] [CVE-2011-3645] Multiple vulnerability in "Omnidocs"

  Hi All, I would like to inform about multiple vulnerability in NewGen's Omnidocs application.   Exploit Title: Multiple Vulnerability in "Omnidocs"  Author: Sohil Garg  CVE : CVE-2011-3645   Product Description: OmniDocs is an Enterprise Document Management (EDM) platform for creating,

Re: [Full-disclosure] sshd logins without a source

This is useful for scrubbing wtmp/utmp: http://git.zx2c4.com/lastlog/tree/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] sshd logins without a source

> At the time of the compromise I can see in each > servers sshd logs an entry like the following: > > Sep 22 12:57:14 test-vm sshd[25002]: pam_unix(sshd:session): session > opened for user root by (uid=0) > Sep 22 12:57:32 test-vm sshd[25002]: pam_unix(sshd:session): session > closed for user root

[Full-disclosure] [SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.11 - - Tomcat 6.0.0 to 6.0.32 - - Tomcat 5.5.0 to 5.5.33 - - Earlier

Re: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting

This is a bit old (2007) but it shows this kind of bug perfectly well. http://securitytracker.com/id/1018588 So I can imagine one scenario in which DLL hijacking would make sense - if the developers neglected to properly set the directory permissions and it got reported as a vuln, the patch *could