hello full disclosure!
After six months from the first contact with Adobe security team, important
adobe.com subdomain is still vulnerable to SQL injection attacks. We hope that
this time, serious people will try to solve the problem.
proof: http://blog.ariko-security.com/
regards,
Ariko-Sec
On Sat, Dec 18, 2010 at 11:58 AM, Maciej Gojny wrote:
> hello full disclosure!
>
> After six months from the first contact with Adobe security team, important
> adobe.com subdomain is still vulnerable to SQL injection attacks. We hope
> that this time, serious people will try to solve the problem
plets were still the hip thing, you'd see the same thing about that.
Victor Rigo, CISSP
Computer Security Consultant
+5411-4316-1900
Buenos Aires, Argentina
--- On Sat, 12/18/10, Jeffrey Walton wrote:
From: Jeffrey Walton
Subject: Re: [Full-disclosure] adobe.com important subdomain
+5411-4316-1900
> Buenos Aires, Argentina
>
> --- On *Sat, 12/18/10, Jeffrey Walton * wrote:
>
>
> From: Jeffrey Walton
> Subject: Re: [Full-disclosure] adobe.com important subdomain SQL injection
> again!
> To: "Maciej Gojny"
> Cc: full-disclosure@lists.grok.o
:
>
>
> From: Jeffrey Walton
> Subject: Re: [Full-disclosure] adobe.com important subdomain SQL injection
> again!
> To: "Maciej Gojny"
> Cc: full-disclosure@lists.grok.org.uk
> Date: Saturday, December 18, 2010, 5:53 PM
>
> On Sat, Dec 18, 2010 at 11:58
On Sat, 18 Dec 2010, Victor Rigo wrote:
> It's not ineptness, it's what you get when you right software that can
> actually do stuff.
The bad news is security's made of the stuff one CAN'T do.
--
Pavel Kankovsky aka Peak / Jeremiah 9:21\
"For death is come up in
On Sun, Dec 19, 2010 at 3:04 PM, Pavel Kankovsky
wrote:
> On Sat, 18 Dec 2010, Victor Rigo wrote:
>
>> It's not ineptness, it's what you get when you right software that can
>> actually do stuff.
>
> The bad news is security's made of the stuff one CAN'T do.
:)
___
On 12/18/2010 05:30 PM, Victor Rigo wrote:
> Let's see, flash is:
>
> - Cross-platform
> - Cross-architecture
> - Has it's own programming language
> - Is embedded on websites
> - Access to javascript to popup, local caches, etc.
Not on my machine?
> It's not ineptness, it's what you get when you
"Personally, I kind of like Flash. It gives me a single kill switch for
90% of the useless blinking crap and popups on the internet. Flash is a
really appropriate name for exactly what I don't want to see on a web
page. I hope it remains the platform of choice for those who develop
such things." -
on Firefox and enjoy real internet.
Victor Rigo, CISSP
Independent Computer Security Consultant
Buenos Aires, AR
+5411-4316-1901
--- On Sun, 12/19/10, Christian Sciberras wrote:
From: Christian Sciberras
Subject: Re: [Full-disclosure] adobe.com important subdomain SQL injection
again!
To:
I think the number of vulnerabilities (According to CVE data by NVD) related
to Flash Player and Adobe products should give an idea about what's going
on :
Number of CVE entries related to any Adobe product :
2006 : 31
2007 : 35
2008 : 64
2009 : 95
2010 : 207
More details : http://www.cvedetai
disabling flash extension on Firefox and enjoy real internet.
Victor Rigo, CISSP
Independent Computer Security Consultant
Buenos Aires, AR
+5411-4316-1901
--- On Sun, 12/19/10, Christian Sciberras wrote:
From: Christian Sciberras
Subject: Re: [Full-disclosure] adobe.com important subdomain SQL
on, it's like the titanic.
-Original Message-
From: Marsh Ray
To: Victor Rigo
Cc: full-disclosure@lists.grok.org.uk
Sent: Sun, Dec 19, 2010 8:32 pm
Subject: Re: [Full-disclosure] adobe.com important subdomain SQL injection
again!
On 12/18/2010 05:30 PM, Victor Rigo
On 12/19/2010 09:32 PM, John Jester wrote:
>
> Sandboxing the plug-in from your system fixes it I believe. It's so
> futile sandboxing it was key.
OK, so if sandboxing works, then why not just let devs build x86/x64
code in the first place? In the same category as Native Client or ActiveX.
Maybe
SP.
>
Computer Security Consultant
> +5411-4316-1900
> Buenos Aires, Argentina
>
> --- On *Sat, 12/18/10, Jeffrey Walton * wrote:
>
>
> From: Jeffrey Walton
> Subject: Re: [Full-disclosure] adobe.com important subdomain SQL injection
> again!
> To: "Maciej Gojny
On Mon, 20 Dec 2010, Marsh Ray wrote:
> OK, so if sandboxing works, then why not just let devs build x86/x64
> code in the first place? In the same category as Native Client or ActiveX.
And get rid of the only good feature (or perhaps one of the few good
features) of Flash (its ability to prese
on Firefox and enjoy real internet.
>
> Victor Rigo, CISSP
> Independent Computer Security Consultant
> Buenos Aires, AR
> +5411-4316-1901
>
> --- On *Sun, 12/19/10, Christian Sciberras * wrote:
>
>
> From: Christian Sciberras
> Subject: Re: [Full-disclosure] adobe.
17 matches
Mail list logo
