-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[+] Device: Fingerprint & Proximity Access Control
[+] Model: ZEM560 and others
[+] Kernel: 2.6.24 Treckle on an MIPS
[+] Vulnerability: Auth Bypass
[+] Impact: By using a direct URL attackers can bypass the fingerprint
& proximity security and open th
lize our contact
importer tool. Requiring the registration of an account would not
provide any significant additional friction.
Alex Security Facebook"
Details in
http://www.securitybydefault.com/2011/08/busqueda-automatizada-de-cuentas.html
Cheers,
- --
Zerial
Seguridad Informatica
GNU/Lin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/11/11 15:01, Zerial. wrote:
> Prontus is a /chilean/ "CMS" used by many sites in Chile.
>
> The vulnerability is into "antialone.html" which contains some frames
> using the va
l/prontus_senado/antialone.html?page=javascript:alert%28/XSS/%29;//
- -
http://www.ucv.cl/p1_rector/antialone.html?page=javascript:alert%28/XSS/%29;//
And many other sites...
Read this report in Spanish: http://bit.ly/p4l50m
- --
Zerial
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.ze
ns "Invalid Password". Now you can use brute-force to enumerate all
valid users using, for example, a name&username dictionary.
Try using https://wordpress.com/wp-login.php
Is a bug? Is a vulnerability? Is a feature?
Cheers,
Zerial
http://blog.zerial.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STATUS is now FIXED :-)
Very nice time of response from nic.cl developers.
On 04/20/11 12:36, Zerial. wrote:
> * Main URI: http://www.nic.cl
>
> * Type: Cross Site Scripting
>
> * Exploitable URI:
> http://www.nic.cl/c
: http://www.secureless.org/vulnerability/1347/
- --
Zerial
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.zerial.org
Jabber: zer...@jabberes.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
in/mini_httpd -d /usr/www -c
/cgi-bin/* -u roo
~ $
On 04/08/11 10:30, Zerial. wrote:
> I found two vulnerabilities on fiberhome hg-110 routers[1] and has not
> been reported nor fixed.
>
> XSS:
> -
> http://192.168.1.1:8000/cgi-bin/webproc?getpage=%3Cscript%3Ealert%28this%
HG110_BH_V1.6
- - Firmware Version : 1.0.0
This vulnerabilities can affect to other version and models of this vendor.
[1] http://www.minuevohogar.cl/wp-content/uploads/2011/03/Imagen-8.png
- --
Zerial
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.zerial.org
Jabber: zer...@jabbere
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/04/11 16:36, Erik Falor wrote:
> On Fri, Feb 04, 2011 at 04:18:53PM -0300, Zerial. wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 02/04/11 16:13, valdis.kletni...@vt.edu wrote:
>>> On Fri,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/04/11 16:13, valdis.kletni...@vt.edu wrote:
> On Fri, 04 Feb 2011 16:06:06 -0300, "Zerial." said:
>> what is the best way to encrypt the bash_history file?
>> I try using crypt/decrypt with GPG when login/logout. It work
-e "...UID..." .bash_history
cheers,
- --
Zerial
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.zerial.org
Jabber: zer...@jabberes.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http:/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
has been fixed
On 12/28/10 14:31, Zerial. wrote:
> Hi folks,
>
> Exists an SQL-Injection on http://people.joomla.org
>
> http://people.joomla.org/events.html?groupid=1%20or%201=0%20union
%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70;%20--
I hope which affect to any site that use this plugin, extension or
module too.
more info:
http://blog.zerial.org/seguridad/0-day-sql-injection-en-sitio-web-de-joomla/
cheers,
- --
Zerial
_
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
&
://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-xss-en-sitio-web-de-redbanc/
[0] http://en.wikipedia.org/wiki/Interbank_network
- --
Fernando A. Lagos Berardi - Zerial
Desarrollador y Programador Web
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.zerial.org
Skype
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
- --
Fernando A. Lagos Berardi - Zerial
Desarrollador y Programador Web
Seguridad Informatica
GNU/Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We have no privacy from FQL developers.
Anyone with facebook account can use FQL.
Then anyone can see our data.
http://mkdot.net/blogs/slavco/archive/2009/12/29/11338.aspx
- --
Fernando A. Lagos Berardi - Zerial
Desarrollador y Programador Web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've received an answer from security at wordpress:
"We consider path disclosures a server configuration error. WordPress
files don't protect against disclosing paths when directly loaded."
cheers
Zerial. wrote:
> Victor
, 8.58 (on target server)
- --
Fernando A. Lagos Berardi - Zerial
Desarrollador y Programador Web
Seguridad Informatica
Linux User #382319
Blog: http://blog.zerial.org
Skype: erzerial
Jabber: zer...@jabberes.org
GTalk && MSN: ferna...@zerial.org
-BEGIN PGP SIGNATURE-
Version: GnuPG
_______
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
- --
Fernando A. Lagos Berardi - Zerial
Desarrollador y Programador Web
Seguridad Informatica
L
21 matches
Mail list logo