[Full-disclosure] Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location

Hi @ll, the current "Microsoft Live Meeting 2007 client" (available from , referenced as update in , , ,

[Full-disclosure] Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service

# Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service # Date: June 29, 2012 # Author: coolkaveh # coolka...@rocketmail.com # https://twitter.com/coolkaveh # Vendor Homepage: http://www.microsoft.com # Version: Microsoft IIS 6 , 7.5 FTP Server # Tested on: windows server 2008

[Full-disclosure] Windows short (8.3) filenames – a security nightmare?

Hi guys, I wrote a blog post about security issues related with Windows short (8.3) filenames. http://www.acunetix.com/blog/web-security-zone/articles/windows-short-8-3-filenames-web-security-problem/ -- Bogdan Calin - bogdan [at] acunetix.com CTO Acunetix Ltd. - http://www.acunetix.com Acunet

[Full-disclosure] From XSLT code execution to Meterpreter shells

Hello, in the last weeks, I demonstrated at HackInTheBox Amsterdam and HackInParis a Metasploit module used to gain Meterpreter shells from XSLT vulnerabilities. Given the questions I received, I chose to publish a blog-post explaining the overall concept and some implementation details. The arti

[Full-disclosure] Securoam advisory

Vulnerability in Cyberoam DPI devices [30 Jun 2012] (CVE-2012-3372) === Cyberoam make a range of DPI devices (http://www.cyberoamworks.com/) which are capable of intercepting SSL connections. In common with all such devices, in order

[Full-disclosure] They claim they have 700 million XSS payloads!

I dunno... I counted RSnake's cheat sheet and got to a bit over 100 payloads. 700 million means what, that there's some mechanism that figures out how to tweak a payload?? http://blog.watchfire.com/wfblog/2012/07/announcing-xss-analyzer.html ___ Full-Dis

Re: [Full-disclosure] [oss-security] RE: GIMP FIT File Format DoS

On Sat, Jun 30, 2012 at 11:14 AM, Benji wrote: > hey! let them having something to add to CV! Stop be fun police! > Everyone know security isnt actually about security, just make CV look > super cool. > haha the funny thing is "DOS". -- taha ___ Full-

[Full-disclosure] [SECURITY] [DSA 2506-1] libapache-mod-security security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2506-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012

Re: [Full-disclosure] "Please remove my e-mail and IP from internet"

On 03/07/2012 17:16, Jacqui Caren wrote : > This outsourced orange sysadmin really needs the striesand effect to hit him > and orange - hard! > That's what I told him in another thread: http://permalink.gmane.org/gmane.mail.postfix.user/230666 Now he gets what he deserves. __

Re: [Full-disclosure] "Please remove my e-mail and IP from internet"

Well that guys an idiot.. Orange has data network coverage, spanning 220 countries and territories, 967 cities 1,468 PoPs worldwide.. nice way to draw attention to themselves.. Best comment "you should consider a job outside of the IT" /pd On Tue, Jul 3, 2012 at 11:28 AM, Gage Bystrom wrote: >

Re: [Full-disclosure] "Please remove my e-mail and IP from internet"

Not to mention as others pointed out it is implied that the guy might've let out information he didn't have permission to let out, which could get him into some serious trouble. Also I could be wrong since I don't remember the full thing but did the guy said they were doing a pentest soon? No need

Re: [Full-disclosure] "Please remove my e-mail and IP from internet"

On 29/06/2012 06:47, Tonu Samuel wrote: > Really funny thread is going on in Postfix-Users list. Scroll down about half > of content here: > > http://comments.gmane.org/gmane.mail.postfix.user/227441 > > Just good example how NOT to do. I fwd'd details to lester haines of vulture central fame but