I can't see any differences with the original advisory apart the
tag with your website address.
What's the point at posting this on FD...?
2013/11/19 MustLive
> Hello list!
>
> I want to warn you about Denial of Service vulnerability in Internet
> Explorer. This is access violation.
>
> This e
Freedom of speech and freedom of anonymous speech is protected by the first
amendment..
https://www.eff.org/issues/anonymity
2013/6/11 Philip Whitehouse
>
> Seems like some people spend way to much time focusing on the second
> amendment rather than the first one...
>
> Well this relates mai
Why is the Prims program such a big deal today? Most of us knew about
echellon and the patriot act didnt we? This program was unconstinutional at
the first place and should have raised indignation when it was approved at
that time...
Seems like some people spend way to much time focusing on the
ldn't be surprising, he's a
> undergrad. But even most grad students make these sorts of mistakes...
> academicware ;-)
>
> Cheers,
> Harry
>
> On 03/05/2013 08:46 PM, laurent gaffie wrote:
> >
> http://resources.infosecinstitute.com/php-build-your-own-mini-port-sc
http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/
Finding the vulnerability in this code is left as an exercise to the reader.
PS: "*Your comment will be awaiting moderation forever."*
___
Full-Disclosure - We believe in it.
Ch
In regards to the code exec;
Ever heard of whitelisting ?
Le 19 déc. 2012 14:39, a écrit :
> View online: http://drupal.org/SA-CORE-2012-004
>
> * Advisory ID: DRUPAL-SA-CORE-2012-004
> * Project: Drupal core [1]
> * Version: 6.x, 7.x
> * Date: 2012-December-19
> * Security risk: Modera
Hey Sparky,
One of the many many thing you didn't understand during the past 5 years is
that you should probably try to identify and fix your stuff on *your*
website, before spamming this ML with your crap.
cf:
http://www.zone-h.org/mirror/id/11367858
e-tard.
_
Not a google vuln.
Hunt down MSFT to pay for your bug.
Oh wait they dont pay for free research.. 0noz, you wont get any candy !
2011/1/27, IEhrepus <5up3r...@gmail.com>:
> Security is a general,Many security issues are composed of many
> different vulnerabilities of different factory.
>
> like " m
Send your shitty stuff to bugt...@securityfocus.com
If it's not obvious, no one give a shit here, seriously.
2011/1/27 MustLive
> Hello list!
>
> I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
> Anti-automation and Abuse of Functionality vulnerabilities in SimpGB.
>
>
No sign at all he was crazy at the first place;
Question *could be* why is he supposed to be in a psyco hospital by now ?
Anyways, who is the source on that one ?
Who have a clue, and on what do we rely to have an opinion ?
_Blah_ we'll probably never know.
Sounds like classic stuff here.
2011/1/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry Mustlive,
i understand you need to see this in clear text finaly.
I guess ascii is the best to communicate with you;
Hello Full-Disclosure!
I want to warn you about a Denial of Service in every browser finaly !!!
It actually affect every brow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Full-Disclosure!
I want to warn you about a Denial of Service in every browser finaly !!!
It actually affect every browser with a javascript engine build in !!!
Adobe may be vulnerable to
PoC :
0n0z
for (i=0;i<65535;i++) {
alert('
I'm please to release this python fuzzing lib I've been working on for a
couple month, works perfectly for any layer * fuzzing.
Works even better on layer 5 fuzzing which allows you to not care about many
thing you should care about when fuzzing underlayer protocols...
This lib is pretty usefull fr
Here's a small technic to compromise via a SMB client side bug the PDC/DMB
by abusing the Browser protocol, with no user interaction at all.
Browser and NBNS abusing is well known since a long time, as theses
protocols wasn't developed with security in mind, this blog post is a simple
real case e
Hell no
random.randrang -> randrange(_) rtfm.
and yeah u'r welcome.
2009/11/23 Andrew Farmer
On 22 Nov 2009, at 19:48, laurent gaffie wrote:
> > Should be kweel for UTesting
> >
> http://g-laurent.blogspot.com/2009/11/releasing-icmpv4ip-fuzzer-prototype.html
>
Should be kweel for UTesting
http://g-laurent.blogspot.com/2009/11/releasing-icmpv4ip-fuzzer-prototype.html
Enjoy.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - ht
=
- Release date: November 11th, 2009
- Discovered by: Laurent Gaffié
- Severity: Medium/High
=
I. VULNERABILITY
-
Windows 7 * , Server 2008R2 Remote Kernel Crash
II. BACKGROUND
---
Bonjour Fionnbharr Davies!,
I'm glad to make your life easier with the shasum full path, really.
Regarding the "Grossly misdiagnosed bug";
That's some funny words to describe one of the most difficult bug to exploit
in 2009 (http://seclists.org/dailydave/2009/q4/2)
Laurent
Bonjour!
Is this
For the record :
/usr/bin/shasum advisory.txt
9fefeeb9d3ebf7c6822961e59ae94cfb655bcd53 advisory.txt
Regards,
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://
=
- Date: October 22th, 2009
- Discovered by: Laurent Gaffié
- Severity: Low
=
I. VULNERABILITY
-
Snort <= 2.8.5 IPV6 Remote DoS
II. DESCRIPTION
-
A remote DoS
More explication on cve-2009-3103
http://g-laurent.blogspot.com/2009/10/more-explication-on-cve-2009-3103.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http:/
Advisory updated :
=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: High
=
I. VULNERABILITY
-
Windows Vista, Server 2008 < R2, 7 RC :
SMB2.0 NEGOTIATE
=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: Medium/High
=
I. VULNERABILITY
-
Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
II
Nice find Kingcope,
As Thierry mentioned it, i guess it was a pain to find it, nice one as
always, your finding rocks.
Cheers
2009/8/31 r1d1nd1rty
> why would anyone write a 0day with...
>
> # bug found & exploited by Kingcope, kcope2googlemail.com
> # Affects IIS6 with stack cookie protection
>
e my day, and create a stupid script to flood with mutiple
> request to reset password.
>
> LOL
>
> 2009/8/10 Jeremy Brown <0xjbrow...@gmail.com>
>
> I'm guessing your not a Wordpress administrator, Fabio. Nice find
>> Laurent, as usual.
>>
>> On Mon,
Dude, your email is more funny, than serious.
It's a pure troll.
What ever from now on.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
"Rafal M. Los
Security & IT Risk Strategist"
where ?
@home ?
oh boy.
2009/8/11 Rafal M. Los
> Empty reply... on purpose or...?
> .
>
> Rafal
>
> *From:* laurent gaffie
> *Sent:* Monday, August 10, 2009 11:43 PM
> *To:* Rafal M. Los
> *Subject:*
.
>
> Rafal M. Los
> Security & IT Risk Strategist
>
> - Blog: http://preachsecurity.blogspot.com
> - LinkedIn: http://www.linkedin.com/in/rmlos
> - Twitter: http://twitter.com/RafalLos
>
> *From:* laurent gaffie
> *Sent:* Monday, August 10, 2009 9:0
Well, i dont think so, that's why i published this.
It very limitated.
It's true, someone can make a loop script and avoid any possibility to log
back on your wordpress blog, but you also can avoid that functionality
easily, you just need to comment out 1 line.
Anyways, a patch should come out soon
ing or put your admin access
> in risk.
>
> :-P to me , this vulnerability is more "BUZZ" then real deal. LOL
>
>
> 2009/8/10 laurent gaffie
>
>> Hi there,
>>
>> This wasn't tested on the 2.7* branch.
>> It as been tested on the
gt; On Mon, 10 Aug 2009, laurent gaffie wrote:
>
> > Errata:
> >
> > "V. BUSINESS IMPACT
> > -
> > An attacker could exploit this vulnerability to compromise the admin
> account
> > of any wordpress/wordpress-mu <= 2.8.3"
> &g
the admin account of
any wordpress/wordpress-mu <= 2.8.3"
Regards Laurent Gaffié
2009/8/10 laurent gaffie
> =
> - Release date: August 10th, 2009
> - Discovered by: Laurent Gaffié
> - Severity: Medium
> ==
=
- Release date: August 10th, 2009
- Discovered by: Laurent Gaffié
- Severity: Medium
=
I. VULNERABILITY
-
WordPress <= 2.8.3 Remote admin reset password
II. BACKGROUND
---
or face legal action, understood?
>
>
> http://news.cnet.com/8618-27080_3-10295688.html?communityId=2134&targetCommunityId=2134&blogId=245&messageId=8219055&tag=mncol;tback
>
> Thanks for understanding,
>
> Andrew
>
> On Wed, Jul 29, 2009 at 12:06 AM, l
Hi there,
First of all i dont care about antisec, antisex, anti-sec, n3td3v trolls,
and anti-se*
But i'll be speaking only about FACTS :
You have to prove by A+B, that this man {who ever he is} was really behind
his computer while this crime was done, and that his computer wasn't
compromised by s
***this also affect any joomla! >1.5.* ***
2009/7/28 YGN Ethical Hacker Group (http://yehg.net)
>
> ==
> TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple
> Vulnerabilities
>
> ==
"Ok? Well, then have a nice day and
don't hold your breathe waiting for the OpenSSH 0day. 0pen0wn.c
(http://www.nopaste.com/p/aDTdT5s1C) was it!"
ya the hex encoded irc bot & rm -rf ? :)
2009/7/20
> Hi,
>
> My name is DeadlyData. I enjoy long walks on the beach, getting
> pizzas delivered to
Soulseek 157 NS < 13e & 156.* Remote Peer Search Code Execution
=
- Release date: July 02, 2009
- Discovered by: Laurent Gaffié ; http://g-laurent.blogspot.com/
- Severity: critical
=
I. VULNERABILITY
-
Hi WebDEVIL,
You base your PoC on this plugin (http://www.codeplex.com/msecdbg) for
windbg (as copy/pasted), but i wonder, what make you think it's really
exploitable (on quicktime) ?
Have you tried that PoC on Itunes ?
Itunes, use Quicktime as a module to read .mov files, but Itunes doesn't
have
oulseek-p2p-remote-distributed-search.html#comments
>
> 2009/5/25 Pete Licoln
>
> Oh so you have a blog ...
>> http://g-laurent.blogspot.com/
>>
>> 2009/5/25 laurent gaffie
>>
>>> =
>>> - Relea
=
- Release date: May 24th, 2009
- Discovered by: Laurent Gaffié
- Severity: critical
=
I. VULNERABILITY
-
Soulseek 157 NS * & 156.* Remote Distributed Search Code Execution
II. BACKGRO
Application: QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow
Web Site: http://www.apple.com/fr/quicktime/download/
Platform: Windows
Bug: Multiple Remote Stack Overflow
---
1) Introduction
2) Bug
3) Proof of concept
4) Credi
42 matches
Mail list logo
