Hi Ingo,
just read:
> > References
> > ==
> >
> > [ 1 ] CVE-2008-7251
> >http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7251
> > [ 2 ] CVE-2008-7252
> >http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7252
> > [ 3 ] CVE-2010-2958
> >http://nvd.nist.gov/nvd.cfm?cvename
Hi Ingo,
just read:
> > References
> > ==
> >
> > [ 1 ] CVE-2008-7251
> >http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7251
> > [ 2 ] CVE-2008-7252
> >http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7252
> > [ 3 ] CVE-2010-2958
> >http://nvd.nist.gov/nvd.cfm?cvename
> Since few days my domain is out for first tests ..but today
> it is totally disappeared from Google search results.
>
> Do you know how this can happen?
>
> It has no malwares, exploits or anything illegal and there is neither
> the intent as you can read in the few pages.
>
> the domain i
On Wed, 9 Mar 2011 17:34:42 +0100
John Harwold wrote:
> After two weeks, contributions will be revisited and person with
> largest collection of real web malware will receive prize of 500$.
Nice idea, looks like malware/exploitfishing.
--
Kind Regards
Milan Berger
Project-Mindstorm Tec
o you have security problems?
You want something to impress?
Well, you found the right person!"
You should know this... you offer security soloutions on your website
and maintaining servers, guess you missunderstood FD.
--
Kind Regards
Milan Berger
Project-Mindstorm Technical Engineer
possible...
This "adivsory" is pure bullshit!
--
Kind Regards
Milan Berger
Project-Mindstorm Technical Engineer
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
> PD: Bad English written on purpose, please forgive me for any correct
> grammar I may have used :P
> PD2: Григорий seeing your historial I think the mail was a joke but
if you read his "advisories" and "0-days" you know: It's not a joke...
--
Kind Regar
> tested this in Google Chrome 23.0.1.1271.6 dev build for linux
> (debian): truncate -s 1T favicon.ico
> python -m SimpleHTTPServer
>
> google-chrome localhost:8000/
tested with: Chromium Version 24.0.1297.0 (162078)
nothing happened.
--
Kind Regards
Milan Berger
Project-Mind
Hi,
quick and dirty POC for lighttpd 1.4.31 DOS vulnerability.
#!/bin/bash
# simple lighttpd 1.4.31 DOS POC
# CVE-2012-5533
# http://www.lighttpd.net/2012/11/21/1-4-32/
# http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt
# written by Milan Berger
if [ $# -lt 2 ]
then
Hi,
> So, wanna tell me what exactly is critical about you being able to
> inject marquee tags into your savefile names?
didn't test the POC yet, but I guess the fun is here:
>> [PERSISTENT INJECTED SYSTEM COMMAND OR CODE!]
Injecting system commands..
--
Kind Regards
Mil
Hi king cope,
> Please keep headers intact.
tried your exploit on some SuSE and Debian machines, I was never able
to get what I deserve, never found this phppath/php getting Error
404/403.
Any suggestions?
--
Kind Regards
Milan Berger
Project-Mindstorm Technical Engineer
---
proj
e to these missing checks.
>
> CVE-2014-1694
>
> Karsten Nielsen from Vasgard GmbH discovered that an attacker
> with a valid customer or agent login could inject SQL code through the
> ticket search URL.
you mixed up those two CVEs
1471 is the SQLi
1694 is the CSFR Vuln.
know anything about smartphones but was wondering if anyone
> has Android experience with something like this. Does the Android
> have startup functions like Windows's Startup folder where we can
> investigate?
wipe the phone if you don't know anything.
For investigating get adb and
> Extreme Yodaism is my guess...
guess more like locatting (icanhashotdog|icanhascheezburger).com
--
Kind Regards
Milan Berger
Project-Mindstorm Technical Engineer
--
project-mindstorm.net
90537 Feucht
Germany
http://www.androcom.net
http://www.project-mindstorm.net
twitter: h
Hi,
> Anyone got a contact at PGP, and I have tried mailing all the addies
> on their web site, with no response yet.
wait 2-4 weeks, no response -> Full disclosure
--
Kind Regards
Milan Berger
Project-Mindstorm Technical Engineer
--
project-mindstorm.net
Humboldtstrasse 69
90459
On Thu, 4 Mar 2010 18:57:14 -0800
Mercury Vapour wrote:
> You are a fucking idiot. It will never end, will it ?
/signed
--
Kind Regards
Milan Berger
Project-Mindstorm Technical Engineer
--
project-mindstorm.net
90459 Nuremberg
Germany
http://www.project-mindstorm.net
twitter: h
> Looks like Andrew/weev/n3td3v finally gets to do what he likes the
> most
> Performing fellatio on his fellow inmates
> http://www.theregister.co.uk/2010/06/16/auernheimer_arrested/
looks to good to be true.
Is the longlife FD really away? Would be great!
--
Kind Regards
Milan Be
via a link:
> http://link-to-our-wp-unsecured-blog.com/wp-content/uploads/2009/11/test-vuln.php.jpg
tried this with lighttpd and wordpress 2.8.5 and PHP 5.2.11-pl0-gentoo
with Suhosin-Patch 0.9.7
Shows a broken image no code executed.
--
Kind Regards
Milan Berger
Project-Mindstorm Technical Engi
rent Tor proxy that intercepts all DNS and TCP at the
> network layer and performs a redirect to the Tor Tcp and DNS Ports.
> (see man page.)
Bullshit.
Tor proxies are
a) not the best way
b) many apps like firefox enable using proxy for dns as well as other
connections.
--
Kind Regards
Mi
t I actually said.
'not the best way' meant TOR. Hope this explains it much better.
--
Kind Regards
Milan Berger
Project-Mindstorm Technical Engineer
--
project-mindstorm.net
Humboldtstrasse 69
90459 Nuremberg
Germany
Tel.: +49 911 27 56 381
Mob.: +49 176 22 98 76 02
http:
20 matches
Mail list logo
