Be careful about those zip files. I haven't looked, but they may contain
the tibannebackoffice.exe wallet stealing malware. It has appeared in
other MtGox2014Leak.zip files.
http://www.reddit.com/r/Bitcoin/comments/200k30/the_tibannebackofficeexe_executable_is_wallet/
Mark M. Jaycox
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0033 Session fixation still possible with disableURLRewriting
enabled
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 6.0.33 to 6.0.37
Description:
Previous fixes to path parameter handling [1]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5
- - Apache Tomcat 7.0.0 to 7.0.47
- - Apache Tomcat 6.0.0 to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1
- - Apache Tomcat 7.0.0 to 7.0.42
- - Apache Tomcat 6.0.0 to 6.0.37
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-4590 Information disclosure via XXE when running untrusted web
applications
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5
- - Apache Tomcat 7.0.0 to 7.0.47
- - Apache
Hi All,
There was an XML external entity vulnerability within Googles Public
data explorer. This was submitted to Google as part of their Bug Bounty
Program.
For the full write up with screen shots -
http://www.securatary.com/vulnerabilities
--
All the best
Mark Litchfield
http
Shopify suffered from an XXE attack within their online stores domain -
*.myshopify.com
They were extremely quick in confirming and fixing the issue (even
though it was a Sunday).
Full details with the usual screen shots can be found at
http://www.securatary.com
--
All the best
Mark
with screen shots can be found at http://www.securatary.com
within the vulnerabilities section.
All the best
Mark Litchfield
www.securatary.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Commons FileUpload 1.0 to 1.3
- - Apache Tomcat 8.0.0-RC1 to 8.0.1
- - Apache Tomcat 7.0.0 to 7.0.50
- -
On 2/4/2014 2:51 PM, security curmudgeon wrote:
: From: Mark Litchfield mark () securatary com
: As previously stated, I would post an update for Ektron CMS
bypassing : the security fix.
: A full step by step with the usual screen shots can be found at - :
http://www.securatary.com
On 2/4/2014 3:01 PM, security curmudgeon wrote:
: : From: Mark Litchfield mark () securatary com
:
: : As previously stated, I would post an update for Ektron CMS bypassing :
: the security fix.
:
: : A full step by step with the usual screen shots can be found at - :
: http
.
Anyway, that is the reason for these log in options. Using these are at
the users discretion so I see no need to pull them down and to be
honest, its my website, I would not dream of telling you (strongly
recommend) what to do with yours.
Thanks
Mark
On 2/4/2014 3:13 PM, security curmudgeon wrote:
: This is not the behavior of the site as of 48 hours ago.
: Let me check. Normal registration should also be available ? Infact I
: will remove the registration.
:
: The purpose of this whole registration in the first place was to allow
: for
that PayPal fixed this issue with their own
workaround extremely quickly. Excellent work by their security / dev team.
All the best
Mark Litchfield
www.securatary.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
trusted sources and wanted / needed to enable entity expansion
could do so.
See also:
http://www.gopivotal.com/security/cve-2013-4152
http://seclists.org/fulldisclosure/2013/Aug/233
HTH,
Mark
Pivotal Security Team Lead
Thanks,
A.
On Saturday, November 02, 2013 07:04:59 AM MustLive wrote
On Wed, 19 Jun 2013 16:32:59 -0500, Hunger hun...@hunger.hu wrote:
$ uname -a
FreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec
4 09:23:10 UTC 2012
r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
$ id
uid=1001(hunger) gid=1002(hunger) groups=1002(hunger)
$
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-2071 Request mix-up if AsyncListener method throws
RuntimeException
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.39
Description:
Bug 54178 described a scenario where
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-2067 Session fixation with FORM authenticator
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.32
- - Tomcat 6.0.21 to 6.0.36
Description:
FORM authentication associates the most recent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-3544 Chunked transfer encoding extension size is not limited
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.36
Description:
When processing a request
On Tue, 23 Apr 2013 09:51:55 -0500, Georgi Guninski
gunin...@guninski.com wrote:
IMHO nobody should bother negotiating with terrorist vendors.
Open source programmers: the new terrorists of the 21st century
___
Full-Disclosure - We believe in it.
CVE-2013-0248 Apache Commons FileUpload - Insecure examples
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- Commons FileUpload 1.0 to 1.2.2
Description:
Commons FileUpload provides file upload capability for Servlets and web
applications. During the upload process,
I. DESCRIPTION
---
portable-phpMyAdmin doesn't verify an existing WordPress session
(privileged or not) when accessing the plugin file path directly. Because
of how this plugin works, a default installation will provide a full
phpMyAdmin console with the
CVE-2012-4534 Apache Tomcat denial of service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.27
- Tomcat 6.0.0 to 6.0.35
Description:
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-3546 Apache Tomcat Bypass of security constraints
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.35
Earlier unsupported versions may also be affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.31
- - Tomcat 6.0.0 to 6.0.35
Description:
The CSRF prevention filter could be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-2733 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.27
- - Tomcat 6.0.0 to 6.0.35
Description:
The checks that limited the permitted size of request
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.35
- - Tomcat 5.5.0 to 5.5.35
- - Earlier, unsupported
This has been fixed and the release just went out. Version 3.3.7.
The email param is now escaped and we've added rate limiting to the form
with a 3 minute backoff if the limit is exceeded.
http://wordpress.org/extend/plugins/wordfence/changelog/
Thanks for your report.
Regards,
Mark Maunder
You didn't download it from download.cnet.com, by any chance?
Sounds more like an infection to me.
For windows, download and run the following programs.
http://www.filehippo.com/download_malwarebytes_anti_malware/
http://www.filehippo.com/download_spybot_search_destroy/5168/
to the source when downloading flash
player, albeit Adobe does include the annoying toolbar unless you choose
not to install.
--
Michael D. Wood
ITSecurityPros.org
www.itsecuritypros.org
- Reply message -
From: Mark boogiebr...@yahoo.co.uk
To: noloa...@gmail.com
Cc: Full Disclosure b
Nudging everyone back to the alleged Obama tactics.I'm sure everyone
has an idea for the big push for cyber warriors in the united states.
By the arguments I'm hearing and milling through some of the other infosec
posts. Who do you believe have more capability of cyber terror? NSA?
Private
Nothing will change as long as we watch. Those who are in power will
continue to do as they please.
On Jun 7, 2012 1:54 PM, Laurelai laure...@oneechan.org wrote:
On 6/7/12 1:48 PM, Ian Hayes wrote:
On Thu, Jun 7, 2012 at 1:40 PM, andrew.wallace
andrew.wall...@rocketmail.com wrote:
On Tue,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [24 Apr 2012]
===
ASN1 BIO incomplete fix (CVE-2012-2131)
===
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not
Thanks for catching that. Sorry, what I had in e-mail was wrong, but
the chart on the report is correct. I think I meant FreeBSD.
--
Mark S. Krenz
IT Director
Suso Technology Services, Inc.
Sent from Mutt using Linux
___
Full-Disclosure - We
/vg_fedora15test-lv_root 5.5G 2.1G 3.4G 39% /home
Despite what the above looks like, /tmp is actually part of the root
filesystem.
Yes, of course you can change your setup post install or if you're
daring enough during the install, but that wasn't the point of the
research.
--
Mark S. Krenz
the libvte bug report here:
http://climagic.org/bugreports/libvte-scrollback-written-to-disk.html
Extra Note: I'm not suggesting that everyone put their /tmp on tmpfs
and/or start using encrypted filesystem. There are other considerations
which I talk about in the document above.
--
Mark S
'phpPaleo' Local File Inclusion (CVE-2012-1671)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in index.php for language handling that allows
for local file inclusion using a null-byte attack on the 'lang' GET
parameter
'e-ticketing' SQL Injection (CVE-2012-1673)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in loginscript.php that allows for SQL
injection of the 'user_name' and 'password' POST parameters.
II. TESTED VERSION
'Hotel Booking Portal' SQL Injection (CVE-2012-1672)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in getcity.php that allows for SQL injection of
the 'country' POST parameter.
II. TESTED VERSION
'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in admin/index.php that allows for an
unauthenticated user to export the entire application database
'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in index.php for module handling that allows
for local file inclusion using a null-byte attack on the 'module' GET
On Wed, Mar 07, 2012 at 01:12:04AM GMT, coderman [coder...@gmail.com] said the
following:
On Tue, Mar 6, 2012 at 1:46 PM, Mark Krenz m...@suso.com wrote:
Title: Gnome terminal, xfce4-terminal, terminator and other libVTE based
terminals write scrollback buffer data to /tmp filesystem
Title: Gnome terminal, xfce4-terminal, terminator and other libVTE based
terminals write scrollback buffer data to /tmp filesystem
Report date: 2011-03-06
Reported by: Mark Krenz
Severity: High depending on use and expectations
Software: libVTE v0.21.6 and later (since September 17th
CVE-2011-3375 Apache Tomcat Information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.21
- Tomcat 6.0.30 to 6.0.33
- Earlier versions are not affected
Description:
For performance reasons, information parsed from a request is
CVE-2012-0022 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.22
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.34
- Earlier, unsupported versions may also be affected
Description:
Analysis of the recent hash
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.21
Description:
This issue only affects environments running web applications that
your firewall to let packets sourced from
port 53 on your nameservers to any port go through. That way you
won't get false positives.
Mark
/var/log/named.log
05-Oct-2011 06:05:58.093 client: warning: client 81.25.53.2#5060: error
sending response: host unreachable
07-Oct-2011 13:14:38.739
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST
authentication
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.11
- - Tomcat 6.0.0 to 6.0.32
- - Tomcat 5.5.0 to 5.5.33
- -
On Mon, 29 Aug 2011 17:38:14 -0500, Ferenc Kovacs tyr...@gmail.com wrote:
http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225ahl=en
any thoughts?
Just saw this posted. Not sure of authenticity.
http://pastebin.com/ff7Yg663
CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.20
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.33
- Earlier, unsupported versions may also be affected
On Fri, Aug 19, 2011 at 11:23 PM, HI-TECH .
isowarez.isowarez.isowa...@googlemail.com wrote:
(see attachment)
Use CVE-2011-3192.
Mark
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
On Sat, 20 Aug 2011, HI-TECH . wrote:
(see attachment)
Use CVE-2011-3192.
Mark
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 7.0.0 to 7.0.19
Tomcat 6.0.30 to 6.0.32
Tomcat 5.5.32 to 5.5.33
Description:
Due to a bug in the capabilities code, jsvc (the service
CVE-2011-2481: Apache Tomcat information disclosure vulnerability
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 7.0.0 to 7.0.16
Previous versions are not affected.
Description:
The re-factoring of XML validation for Tomcat 7.0.x re-introduced the
vulnerability
CVE-2011-2204 Apache Tomcat information disclosure
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.16
- Tomcat 6.0.0 to 6.0.32
- Tomcat 5.5.0 to 5.5.33
Earlier, unsupported versions may also be affected
Description:
When using the MemoryUserDatabase
not to mention that ocr-able license plate on your vehicle and the electronic
toll collection device
in the vehicle make excellent persistent tracking cookies.
i'm more worried about private parties tracking these days... say set up high
res cameras with a good view
of the major highways and
comment to go beyond the patches, hotfix, and logchecker released by the
Plone foundation.
Mark Jenkins
p.s.
In the end, not quite:
you'll have 30 minutes before the exploit worms start knocking on
doors, I say.
http://weblion.psu.edu/chatlogs/%23plone/2011/02/02.txt
But probably not
I have
CVE-2011-1183 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.11
- Earlier versions are not affected
Description:
A regression in the fix for CVE-2011-1088 meant that security
constraints were ignored when no
CVE-2011-1475 Apache Tomcat information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.11
- Earlier versions are not affected
Description:
Changes introduced to the HTTP BIO connector to support Servlet 3.0
asynchronous requests
'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in a_viewusers.php allowing for SQL injection of the 's'
query parameter.
II. TESTED VERSION
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-1088 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.10
- - Earlier versions are not affected
Description:
When a web application was started,
'Quick Polls' Local File Inclusion Deletion Vulnerabilities (CVE-2011-1099)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
Two vulnerabilities exist in 'Quick Polls' providing local file inclusion
local file deletion due to null-byte attacks
CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.3
- Tomcat 6.0.0 to 6.0.?
- Tomcat 5.5.0 to 5.5.?
- Earlier, unsupported versions may also be affected
Description:
When
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.3
- - Tomcat 6.0.0 to 6.0.?
- - Tomcat 5.5.0 to 5.5.?
- - Earlier,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The original report is [1].
Tomcat is affected when accessing a form based security constrained
page or any page that calls javax.servlet.ServletRequest.getLocale() or
javax.servlet.ServletRequest.getLocales().
Work-arounds have been implemented in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-0534 Apache Tomcat DoS vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.6
- - Tomcat 6.0.0 to 6.0.30
Description:
Tomcat did not enforce the maxHttpHeaderSize limit while
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.5
- - Tomcat 6.0.0 to 6.0.29
- - Tomcat 5.5.0 to 5.5.31
- - Earlier, unsupported versions may also
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in 'Seo Panel' page rendering which allows for
unfiltered, unencrypted content to be presented
HyperStrike Integration with Snap Fitness, SSO Bypass Vulnerability
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability existed within the single sign-on (SSO) integration of
HyperStrike and Snap Fitness websites. By altering
i was joking about the history of the s boxes, originally designed by ibm but
with substantial classified input from nsa.
suspicious people believed the s box changes (and the reduced key length) that
was adopted was intended to weaken des, or make it more brute-forceable by the
nsa.
the
'Pointter PHP Content Management System' Unauthorized Privilege Escalation
(CVE-2010-4332)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in the 'Pointter PHP Content Management System'
authentication system which allows
'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation
(CVE-2010-4333)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in the 'Pointter PHP Micro-Blogging Social Network'
authentication system which
On Dec 15, 2010, at 5:23 PM, Graham Gower wrote:
On 16 December 2010 09:50, Larry Seltzer la...@larryseltzer.com wrote:
Has anyone read this yet?
http://www.downspout.org/?q=node/3
Seems IPSEC might have a back door written into it by the FBI?
Surely the thing to do now is not to
'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in the 'includes/controller.php' script that allows for
arbitrary local file inclusion due to a null-byte
'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in the 'Orbis CMS' fileman_file_upload.php script that
allows any authenticated user to upload a PHP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in the 'Free Simple Software' download module which
allows for a 'UNION SELECT' to easily expose
'WSN Links' SQL Injection Vulnerability (CVE-2010-4006)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in the search.php code that allows for SQL injection of
various parameters. By assembling portions of SQL code between
It's impossible for anyone on this mailing list to know if the attack is
personal or not, unless they are actually involved in the attack. Use a
password such as 7%Ônç#®]�...@ãnÝèÅ#çñ] and watch them hack away to their
heart's content.
On 17/06/2010 13:48, Gary Baribault wrote:
Hello list,
to reimburse travel and accomodation fees.
We hope to too you at Eth0:2010 Summer
The Program Comittee
Aldert Hazenberg
Erik Bosman
Jeroen Dekkers
Mark Janssen
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
On 21/03/2010 19:01, Benji wrote:
1) Acquire a knife
2) Acquire a lighter
3) Gouge face until you do not recognise self.
4) Acquire a shaver
5) Shave hair off
6) Cut ears off
7) Acquire plyers
8) Yank all teeth out
9) Walk to a bridge above water, attach shakles to legs
10) Gouge eyes
23:34, Christian Sciberras wrote:
You might want to consider that every mailing list have its own court
jester. ;)
On Sun, Mar 21, 2010 at 11:25 PM, Mark Byrne boogiebr...@yahoo.co.uk
mailto:boogiebr...@yahoo.co.uk wrote:
On 21/03/2010 19:01, Benji wrote:
1) Acquire a knife
that with everyone else's feedback too.
All the best,
Mark
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
yet another nice troll with a stylistic stench of n3td3v about it, judging by
the fanciful misconceptions surrounding a kernel of truth
(and the phony attribution to someone to whom he's taken an unreasonable
disliking...)
it's true that yahoo is hiring security people, though, typically not as
. Make it available via the software center.
Please fix this, you're making a big mistake. Other than that, I'm
extremely excited for Lucid Lynx.
Well, you can remove it yourself. And I won't be offended if you do.
Thanks for the feedback, keep happy,
Mark
that an undeploy removes all files. If one or more
files cannot be deleted, it may be necessary to stop Tomcat before the
files can be deleted.
Credit:
This issue was discovered by the Apache Tomcat security team
References:
[1] http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP
Schoenefeld of the Red Hat Security Response Team
References:
[1] http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJLXMF6AAoJEBDAHFovYFnniGcP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 5.5.0 to 5.5.28
Tomcat 6.0.0 to 6.0.20
The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be
I think it means you need to stop using IE. :)
Seriously, when I go there, everything looks normal.
MJ
Thor (Hammer of God) t...@hammerofgod.com 1/15/2010 14:20
I know google likes to do clever Today themes, but what's this one supposed
to mean? :D
Timothy (Thor)
follow these intruscciones:
http://www.tomahawktesttool.org/install.html
I have a Fedora10 Virtual box if any1 have more experience using this tool
over vmware, please postme
Also, if any1 know a best tool to stress a IDS/IPS as tomahawk? more
efficient? please postme..
-mark
$php -f dos.php 1 localhost
PHP Fatal error: Call to undefined function pcntl_fork() in
C:\Users\Administrador\Desktop\dos.php on line 68
Mmm it not works! :-/
-mark
2009/6/20 Lolek of TK53 lolek1...@googlemail.com
On Fri, Jun 19, 2009 at 8:00 PM, evilrabbievilra...@gmail.com wrote
Just a reminder that you only have 1 more week to submit for the OWASP
AppSec DC 09 Conference. You too can be a part of the Premier Application
Security Conference in the US for 2009.
See the message below.
On Tue, Apr 28, 2009 at 12:00 PM, Mark Bristow mark.bris...@owasp.orgwrote
Thanks for u response, any1 have the official link to down ns2 (win32/
Linux)
-mark
2009/5/8 Shyaam shy...@gmail.com
That is a nice tool as such. Many of my friends have tested it, and it
is really cool.
Shyaam
On Fri, May 8, 2009 at 10:00 PM, Tomas L. Byrnes t...@byrneit.net wrote
Well, Im looking info:
1) See all the traffic (Over botnet)
2) Administering many slaves (Lab) with the master (lab) via IRC, web,
etc...
3) Probe attacks DDoS and DoS (Lab)
4) Probe remote and Local Exploits
5) Infected via remote iframe, exploit, XSS etc.
any1 ?
-Mark :-)
2009/5/6 Aadil
Does any1 know a tool. squema, info or ideas to simulate a Botnet?
Ideas:
A) Many Vmware (workstations) over win32
B) Make a fake traffic
C) Make a scripts to simulate many hosts
D) IDS/ IPS (to see the traffic)
-mark
___
Full-Disclosure - We believe
://www.owasp.org/index.php/OWASP_AppSec_DC_2009_-_FAQ
CFP w/ FAQ: http://www.owasp.org/images/6/65/AppSec_DC_2009_CFP.pdf
Please forward to all interested practitioners and colleagues.
Regards,
--
Mark Bristow
AppSec DC 09 - https://www.owasp.org/index.php/OWASP_AppSec_DC_2009
OWASP DC Chapter Co-Chair - http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability
Severity: Low
Vendor: SpringSource
Versions Affected:
Spring Framework 1.1.0-2.5.6, 3.0.0.M1-3.0.0.M2
dm Server 1.0.0-1.0.2 (note 2.x not affected since dm Server 2.x requires a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is the Cisco PSIRT response to an issue discovered and reported to
Cisco by Bugs NotHugs regarding a cross-site scripting vulnerability in
the
Cisco Adaptive Security Appliance (ASA) clientless SSL VPN feature.
Cisco
PSIRT greatly appreciates the
Alo,
Well, I have a CUPS opened on the port 631, I have access to administration
pages
Does any1 have tricks/tips to elevate local privilegies?
-mark
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
1 - 100 of 195 matches
Mail list logo