. Barak Obama
himself assures that that there is no danger coming from the
extraterrestrial civilizations.
More information with prooflinks on SecurityLab.ru:
Russian: http://www.securitylab.ru/news/405274.php
English: http://www.securitylab.ru/news/405276.php
BR,
Valery Marchuk
Obama
himself assures that that there is no danger coming from the
extraterrestrial civilizations.
More information with prooflinks on SecurityLab.ru:
Russian: http://www.securitylab.ru/news/405274.php
English: http://www.securitylab.ru/news/405276.php
BR,
Valery Marchuk
www.SecurityLab.ru
Hi!
Are your websites commercial? If not, I can help you identify the
vulnerabilities and fix them.
BR,
Valery Marchuk
www.SecurityLab.ru
- Original Message -
From: "McGhee, Eddie"
To: "Cal Leeming"
Cc:
Sent: Thursday, March 31, 2011 3:57 PM
Subject: Re: [Fu
I`ve just checked the archive. The latest version of the file class2.php was
changed on 2010/01/21 03:57:43 and it does not contain the malicious code.
It has been probably replaced already, or we are using different mirrors.
Valery Marchuk
www.SecurityLab.ru
- Original Message -
From
--
(PT-2009-05) Positive Technologies Security Advisory
CA Internet Security Suite Denial of Service Vulnerability
--
---[ Affected Software ]
--
(PT-2008-09) Positive Technologies Security Advisory
Microsoft Windows MSMQ Privilege Escalation Vulnerability
--
---[ Affected Software ]
--
(PT-2009-01) Positive Technologies Security Advisory
PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities
--
---[ Affected Software
--
(PT-2008-07) Positive Technologies Security Advisory
VMware Multiple Products hcmon.sys Denial of Service Vulnerability
--
---[ Affected Software ]
--
(PT-2008-05) Positive Technologies Security Advisory
VMware Multiple Products vmci.sys Privilege Escalation Vulnerability
--
---[ Affected Software ]
--
(PT-2009-09) Positive Technologies Security Advisory
Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege
Escalation Vulnerabilities
-
--
(PT-2009-15) Positive Technologies Security Advisory
Living CMS Cross-Site Scripting vulnerability
--
---[ Affected Software ]
--
(PT-2009-20) Positive Technologies Security Advisory
A.CMS Multiple Vulnerabilities
--
---[ Affected Software ]
A.CMS
--
(PT-2009-14) Positive Technologies Security Advisory
BLOG:CMS Cross-Site Scripting vulnerability
--
---[ Affected Software ]
--
(PT-2009-11) Positive Technologies Security Advisory
SlySoft Multiple Products ElbyCDIO.sys Denial of Service
--
---[ Affected Software ]
S
--
(PT-2009-13) Positive Technologies Security Advisory
TinX CMS SQL Injection vulnerability
--
---[ Affected Software ]
TinX
--
(PT-2009-12) Positive Technologies Security Advisory
UMI.CMS Cross-Site Scripting vulnerability
--
---[ Affected Software ]
systems and install appropriate
patches according to the scanning results.
Details and download link are available at:
http://www.securitylab.ru/news/extra/368760.php
Best regards,
Valery Marchuk
www.securitylab.ru
www.ptsecurity.ru
___
Full-Disclosure
The Web Application Security Consortium (WASC) is pleased to announce
the WASC Web Application Security Statistics Project 2007. This
initiative is a collaborative industry wide effort to pool together
sanitized website vulnerability data and to gain a better understanding
about the web application
s
The vulnerability was discovered by InATeam (http://inattack.ru/).
BR,
Valery Marchuk
www.SecurityLab.ru
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
aid Ban Ki-moon
More at
http://www.securitylab.ru/news/extra/349440.php (English)
or
http://www.securitylab.ru/news/349441.php (Russian)
with links to BBC an un.org.
BR,
Valery Marchuk
www.SecurityLab.ru
___
Full-Disclosure - We believe in it
p.patch file we supply.
This code based on following works and POCs:
Sergey Gordeychik. wep0ff. (in russian)
http://www.ptsecurity.ru/download/client-side-wep.pdf
http://www.ptsecurity.ru/download/wepoff.tar.gz
Cafe-Latte
http://www.airtightnetworks.net/knowledgecenter/ppt/Toorcon.ppt
ieee802_1
for root
from 80.122.89.106 port 12387 ssh2
Oct 22 21:57:38 nms sshd[90884]: Connection from 82.207.23.93 port 3642
Best regards,
Valery Marchuk
- Original Message -
From: "Philipp" <[EMAIL PROTECTED]>
To:
Sent: Monday, October 22, 2007 2:36 PM
Subject: [Full-disclosure]
dialog, which is bypassed via
default password or through a bug in authentication mechanism. That's it.
Best regards,
Valery Marchuk
www.SecurityLab.ru
- Original Message -
From: "worried security" <[EMAIL PROTECTED]>
To:
Sent: Friday, October 12, 2007 7:15 P
Skype to
reconnect to another server. The new server also "freezes" and so on ... the
entire network.
Liks: http://www.securitylab.ru/news/301422.php
PoC: http://en.securitylab.ru/poc/301420.php
Best regards,
Valery Marchuk
www.Secu
to
reconnect to another server. The new server also "freezes" and so on ... the
entire network.
Liks: http://www.securitylab.ru/news/301422.php
PoC: http://en.securitylab.ru/poc/301420.php
Best regards,
Valery Marchuk
www.Secu
Hi all!
Eston_gandon has reported in his blog several XSS vulnerabilities in famous
web projects (www.rambler.ru, search.live.com and www.president.ee).
http://www.securitylab.ru/blog/eston_gandon/
Have a nice day,
Valery Marchuk
___
Full
Maria Sharapova, one of the most famous tennis players, gained the CCIE
status yesterday. More at http://www.securitylab.ru/news/extra/293608.php
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
H
Last week Russian hackers attacked top news agencies web sites. Work in
these agencies was almost completely paralyzed by mass defaces. Russian
hackers replaced published news by anti-American slogan "Neft' bliznego
vostoka - dostoyanee chelovechestva. Russkaya Komputernaya Mafia." (Oil of
Midd
Hi!
I`ve published XSS vulnerabilities at top news agencies (bbc, cbsnews,
zdnet, cnn, cnet etc).
Examples are in my blog
http://www.securitylab.ru/blog/tecklord/224.php
Have a nice day,
Valery
___
Full-Disclosure - We believe in it.
Charter: htt
On Friday night, George Bush made an official announcement saying that
Michael Antipov (http://michael.antipov.name), a 9 year old talented
security specialist was to be the chairperson of the Information Security
Department of the US...
More at http://www.securitylab.ru/news/extra/272756.php
There was XSS vulnerability previous time and lots of people saw that. eEye
reacted really fast and fixed it during one working day and now Ross Brown
denies the existence of that flaw. Interesting, how does eEye feel to be in
Microsoft`s shoes?
I don`t think I`m the right person to explain yo
Hi
all!
According to this blog eEye (Ross
Brown) denies existence of XSS Vulnerability at their web
site.
http://www.stillsecureafteralltheseyears.com/ashimmy/2006/08/make_sure_the_s.html
Well,
what else we can expect from the security company, which cannot protect its
own web site?
As a
Why world’s
leading security companies don’t take care of their security?
I`ve published
some of XSS vulnerabilities in my blog and forwarded them to full-disclosure.
But it seems like leading security companies don`t even think of fixing these
bugs. Cisco, Microsoft, Symantec, NSA, F-Secu
Not very cool for an IDS vendor :)
Example is in my blog at http://www.securitylab.ru/blog/tecklord/181.php
Have a nice day,
Valery
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
I bet you haven't the balls all to search on nsa.gov and fbi.gov :>
It looks like I have :) See my next message "XSS at nsa.gov" or just visit
my blog
http://www.securitylab.ru/blog/tecklord/179.php
And it looks like you owes me a bottle of cognac, so send me an email, so I
could tell you wh
Well, and they take care of US security :)
XSS at nsa.gov
Example:
http://www.securitylab.ru/blog/tecklord/179.php
Have a nice day,
Valery
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
These are traces lerft by webinspect and Watchfire Appscan
webinspect:
http://www.google.ru/search?q=serverinclude.html
Watchfire Appscan:
http://www.google.ru/search?q=watchfire+%22xss+test%22
The article is available in Russian at
http://www.securitylab.ru/news/271743.php
These are traces lerft by webinspect and Watchfire Appscan
webinspect:
http://www.google.ru/search?q=serverinclude.html
Watchfire Appscan:
http://www.google.ru/search?q=watchfire+%22xss+test%22
The article is available in Russian at
http://www.securitylab.ru/news/271743.php
Dear guys from Securityfocus. Shame on you!
And you are security company and own security mailing list: How could this
happen? :)
Example:
http://www.securitylab.ru/blog/tecklord/170.php
Have a nice day
Valery
___
Full-Disclosure - We be
Hi!
This
is another XSS vulnerability at Symantec.com and there are like 40 more (!)
Just
curious, can guys at Symantec read log files?
Example in my blog at
http://www.securitylab.ru/blog/tecklord/165.php
Have
a nice day
Valery
___
Full-D
Dear security companies,
How can we trust our security to you, if you are not capable to protect
yourself?
Another XSS vulnerability at Symantec.com
Example of exploitation is in my blog at
http://www.securitylab.ru/blog/tecklord/163.php
Have a nice day
Valery
_
They seem to have fixed the particular issue as of now. Of course, it's
rather sad that a net security company does have XSS issues, but at least
they seem to have reacted quickly.
No they have not. XSS still exists.
http://uptime.netcraft.com//netmove/today?mode=new%5Fsite&zero=0";>alert('www.s
Hi All!
This time XSS vulnerability at Netcraft. Hope this company will act a bit
sooner than others.
Example of vulnerability is as usually in my blog at
http://www.securitylab.ru/blog/tecklord/?category=19
All the XSS vulnerabilities, published there since Monday this week are
still
Just google boze and you will see what I am saying
-JP
Have tried your advice and googled a bit:)
XSS at google.com
Example:
http://www.securitylab.ru/blog/tecklord/156.php
Valery
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok
- Original Message -
From: "Steven M. Christey" <[EMAIL PROTECTED]>
To: ;
Sent: Monday, July 31, 2006 10:43 PM
Subject: [Full-disclosure] Re: Do world's famous companies take care oftheir
security?
Vulnerability databases (CVE included) historically have NOT recorded
site-specific X
one week after XSS bugs were reveled). Are they planning to fix
them?
Example of XSS vulns are in my blog at
http://www.securitylab.ru/blog/tecklord/?category=19
I will publish such information in my blog and
hope that companies will take care of their security.
Valery Marchuk
Separating just XSS vulns from others is not an option. It would make more
sense to create a separate mailing list for vulnerabilities in Web
applications.
Major ones could still be reported on the other lists.
If kiddies discover them, then how should they know that the vulnerability
they`ve f
47 matches
Mail list logo
