-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( _ ) Y Y \
/__ /\___|__ / \___ /|__|_| /
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[[ Denis Andzakovic ]] @ [[ 21/06/2012 04:04
]]--
Exploitation of this vulnerability requires a malicious user with access to
the admin panel
Nicely played, sir, seems legit.
Whatabout an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:098
http://www.mandriva.com/security/
On Wed, Jun 20, 2012 at 8:04 PM, Denis Andzakovic
denis.andzako...@security-assessment.com wrote:
Exploitation of this vulnerability requires a malicious user with
access to the admin panel to use the
/wp-admin/plugin-install.php?tab=upload page to upload a malicious
file.
That tool is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:099
http://www.mandriva.com/security/
to me it seems like hes trying to say that someone with administrative
access has the ability tohave administrative access. Its like
saying Hey guys! I found a local exploit and all it requires is to be
a root user!!!
I'm not sure if he's trolling or just stupid.
On Thu, Jun 21, 2012 at 7:42
On Thu, 21 Jun 2012 08:02:26 -0700, Gage Bystrom said:
to me it seems like hes trying to say that someone with administrative
access has the ability tohave administrative access. Its like
saying Hey guys! I found a local exploit and all it requires is to be
a root user!!!
I'm not sure
Well thats a bit of an iffy one. I'd say it IS a security measure,
albeit one that is solely effective if and only if compounded with
other measures.
It's unlikely, but you never know, you just might miss out on a nasty
worm all because you werent running on a default port one day.
On Thu, Jun
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
1.- WordPress Authenticated File Upload Authorisation Bypass ... where
is the Bypass ?
2.- A malicious user with access to the admin panel .. this user does
not need any more :)
El 21/06/12 17:02, Gage Bystrom escribió:
to me it seems like hes
I completely agree with Gage. The way I see it, security through obscurity is
perfectly valid as long as the control remains obscured. I think the anyone
can just scan your ports is somewhat specious in that most (if not something
like 99% or so (unqualified opinion of course)) traffic is
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Lattice Diamond Programmer Buffer Overflow
1. *Advisory Information*
Title: Lattice Diamond Programmer Buffer Overflow
Advisory ID: CORE-2012-0530
Advisory URL:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-094
June 21, 2012
- -- CVE ID:
CVE-2012-0942
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-095
June 21, 2012
- -- CVE ID:
CVE-2012-0663
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- -- Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-096
June 21, 2012
- -- CVE ID:
CVE-2012-0122
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected
On Thu, Jun 21, 2012 at 1:37 PM, CORE Security Technologies Advisories
advisor...@coresecurity.com wrote:
...
9. *Report Timeline*
. 2012-05-30:
Core Security Technologies notifies Lattice Semiconductor Corporation of
the vulnerability. Publication date is set for June 26th, 2012.
.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-097
June 21, 2012
- -- CVE ID:
CVE-2012-0121
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-098
June 21, 2012
- -- CVE ID:
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- -- Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-099
June 21, 2012
- -- CVE ID:
CVE-2011-4165
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- -- Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-100
June 21, 2012
- -- CVE ID:
CVE-2012-0127
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Say a wordpress install has been configured as such that the user
running the web server does not have write access to wp-content/plugins.
A wordpress admin then attempts to upload a plugin, they get prompted
for ftp credentials to be able to
I hear Trustwave are reporting similar issues, like the fact you can
specify remote mysql servers in new installations, amazing right? Do
you work for them?
Btw, with phpmyadmin you can injection sql commands !!!
On Fri, Jun 22, 2012 at 12:00 AM, Denis Andzakovic
On 22/06/12 01:14, Benji wrote:
I hear Trustwave are reporting similar issues, like the fact you can
specify remote mysql servers in new installations, amazing right? Do
you work for them?
Btw, with phpmyadmin you can injection sql commands !!!
:D that was so funny
--
22 matches
Mail list logo