[Full-disclosure] Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Web Vulnerability

2013-09-19 Thread Vulnerability Lab
Title: == Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Web Vulnerability Date: = 2013-09-20 References: === http://www.vulnerability-lab.com/get_content.php?id=984 PayPal Security UID: nj1071UU VL-ID: = 984 Common Vulnerability Scoring System:

[Full-disclosure] New version of JBrute

2013-09-19 Thread Gonzalo Camino
Hey folks, There's a new version of JBrute, an Open Source, multi-platform tool to "decrypt" hashed passwords written in Java. It supports both brute-force and dictionary attack methods, with a built-in rule pre-processor similar to the JTR one, and it actually supports several standard algorithm

Re: [Full-disclosure] %windir%\temp\sso\ssoexec.dll (or: howtrustworthy is Microsoft's build process)

2013-09-19 Thread Stefan Kanthak
This is a followup to and : On Sunday, March 04, 2012 9:06 PM I wrote: > Hi @ll, > > the system image "\Setup\WIM\setup.wim" on the "POSReady 2009 eval CD", > available from the Microsoft Download C

[Full-disclosure] [ MDVSA-2013:239 ] wordpress

2013-09-19 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:239 http://www.mandriva.com/en/support/security/ __

[Full-disclosure] Multiple vulnerabilities in RokMicroNews for WordPress

2013-09-19 Thread MustLive
Hello list! I want to warn you about multiple vulnerabilities in plugin RokMicroNews for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress (http://securityvulns.ru/docs28871.html). These vulnerabilities are similar, since the same developers put the same

[Full-disclosure] [ MDVSA-2013:238 ] wireshark

2013-09-19 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:238 http://www.mandriva.com/en/support/security/ __