Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla

2012-02-10 Thread Martijn Broos
-boun...@lists.grok.org.uk] On Behalf Of valdis.kletni...@vt.edu Sent: vrijdag 10 februari 2012 15:48 To: Nick Boyce Cc: full-disclosure Subject: Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla On Fri, 10 Feb 2012 03:51:53 GMT, Nick Boyce said

Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla

2012-02-10 Thread Valdis . Kletnieks
On Fri, 10 Feb 2012 03:51:53 GMT, Nick Boyce said: > OT: They should just make FF quality high and the design impeccable - "Quality high" is always a nice concept. But there's always 5 quality issues and resources to fix only 3. Obviously, you want to fix the 3 that matter most to your users -

Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla

2012-02-09 Thread Nick Boyce
On Wed, Feb 8, 2012 at 9:12 PM, . . wrote: > > https://bugzilla.mozilla.org/show_bug.cgi?id=718066 > > what the hell is this?! I'll bite ... (I know your question was rhetorical) It's a very bad idea IMO. >From TFA: (https://wiki.mozilla.org/MetricsDataPing) "Mozilla has a critical need to

[Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla

2012-02-09 Thread . .
https://bugzilla.mozilla.org/show_bug.cgi?id=718066 what the hell is this?! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Bug on Facebook

2010-12-13 Thread Eyeballing Weev
Has a large 11mb .avi file in it, a text file with what looks like phished Facebook credentials and looks like a copy of a Facebook phishing site. I haven't looked at the HTML nor the avi. On 12/13/2010 08:23 AM, Martin Aberastegue wrote: > I would be nice if you provide additional information

Re: [Full-disclosure] Bug on Facebook

2010-12-13 Thread Martin Aberastegue
I would be nice if you provide additional information about this instead of just a link. -- Martín Aberastegue http://www.martinaberastegue.com/ On Sun, Dec 12, 2010 at 7:08 PM, Jbyte Security wrote: > hi  I find an bug ne Facebook here is the POC > >  http://www.mediafire.com/?2mfvk2emjfk1m

[Full-disclosure] Bug on Facebook

2010-12-13 Thread Jbyte Security
hi I find an bug ne Facebook here is the POC http://www.mediafire.com/?2mfvk2emjfk1mpq Saludos Jbyte ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hoste

[Full-disclosure] Bug in vde_plug, remote exploitation possible?

2010-09-02 Thread halfdog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vde (virtual distributed ethernet) is an ethernet compliant virtual network that can be spawned over a set of physical computers over the internet ... (see http://vde.sourceforge.net). The vde_plug (at least on ubuntu hardy) contains a bug, that is tr

[Full-disclosure] Bug in RealPlayer Plus 11

2009-12-22 Thread fabio ejp
It's possible to execute a local aplication when using RealPlayer Plus 11 Browser. The problem resides in the file rp*.exe which is loaded everytime a page is viewed.   Redirecting this filename with IFEO or overwriting the file makes it possible to execute already installed malware.   Note

[Full-disclosure] bug in Process Explorer (a gift for malware)

2008-05-04 Thread kris kaspersky
Hello full-disclosure! years ago I found a bug in Process Explorer tool, written by Mark Russinovich. well, not a bug, just misfeature :) Process Explorer tries to determine the start address of a thread, but does this wrong and under certain conditions gives us an incorrect result. I sent a repor

[Full-disclosure] Bug on web site of Italian Bank

2007-08-01 Thread corrado.liotta
-=[ADVISORY---]=- Italian Bank Author: CorryL[EMAIL PROTECTED] -=[---]=- -=[+] Bug type:

Re: [Full-disclosure] bug in oscomerce

2006-06-04 Thread Frank Laszlo
this would require access to the administrator panel to work, how is this a vuln? zeus olimpusklan wrote: ### #Advisory #2 Title: file Modification in osCommerce # # # Author: 0o_zeus_o0 # Contact: [EMAIL PROTECTED]

[Full-disclosure] bug in oscomerce

2005-12-27 Thread zeus olimpusklan
Advisory #2 Title: file Modification in osCommerce# # # Author: 0o_zeus_o0# Contact: [EMAIL PROTECTED] # Website: olimpusklan.org# Date: 27/12/2005# Risk: High # Vendor Url: http://www.oscommerce.com/# Affected Software: os

Re: [Full-disclosure] Bug with .php extension?

2005-12-06 Thread Matthew Murphy
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 z3n wrote: > Great Bug indeed! > > But don't you think this issue is kind of similar to issue 3 in this > (old) advisory: > http://archives.neohapsis.com/archives/bugtraq/2003-01/0203.html Indeed it appears that 2.0.44 did not completely plug th

Re: [Full-disclosure] Bug with .php extension?

2005-12-06 Thread Graham Reed
Christopher Kunz writes: Well, actually, I think this is some kind of "feature" and is associated with the behavior that is i.e. demonstrated on default installations of Apache (which have several index.html index.html.de .en .jp etc.), only that this time not mod_negotiation, but mod_mime is r

Re: [Full-disclosure] Bug with .php extension?

2005-12-06 Thread Christopher Kunz
z3n wrote: > Great Bug indeed! > > But don't you think this issue is kind of similar to issue 3 in this > (old) advisory: > http://archives.neohapsis.com/archives/bugtraq/2003-01/0203.html > Well, actually, I think this is some kind of "feature" and is associated with the behavior that is i.e. d

Re: [Full-disclosure] Bug with .php extension?

2005-12-06 Thread z3n
Great Bug indeed! But don't you think this issue is kind of similar to issue 3 in this (old) advisory: http://archives.neohapsis.com/archives/bugtraq/2003-01/0203.html Regards, Peter zenster ___ Full-Disclosure - We believe in it. Charter: http://list

Re: [Full-disclosure] Bug with .php extension?

2005-12-05 Thread Ron
Simon Richter wrote: > I would think this is related to "Options MultiViews", where a file > generally has many suffixes (file type, language, compression, ...). > Does this also happen to you (yes, I'm too lazy to try right now) if you > turn MultiViews off? > > Nevertheless, good idea that scrip

Re: [Full-disclosure] Bug with .php extension?

2005-12-05 Thread John Bond
recognixed extentions (txt, gif, html) or *not* interpreted as php on my machine, just as text. Apache/2.0.54 (Win32) PHP/5.0.4 On 05/12/05, John Bond <[EMAIL PROTECTED]> wrote: > http://localhost:8080/error%2e%70%68%70.log also works > ___ Full-Disclos

Re: [Full-disclosure] Bug with .php extension?

2005-12-05 Thread John Bond
http://localhost:8080/error%2e%70%68%70.log also works ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Bug with .php extension?

2005-12-05 Thread Krpata, Tyler
full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Bug with .php extension? I suppose this is a great bug. It work also on apache 2. If a user can upload a file and it's extension isn't associated to a mime-type, the server processes it as a php file.. Stanza On 12/5/05, Chris U

Re: [Full-disclosure] Bug with .php extension?

2005-12-05 Thread Michael Ligh
I think this is due to Apache's mod_mime_magic:http://httpd.apache.org/docs/1.3/mod/mod_mime_magic.html Lots of phishers are using files named *.php.rar recently. On 12/5/05, Simon Richter <[EMAIL PROTECTED]> wrote: Hello,Ron wrote:> In Apache 1.3.33 (untested on any other version), if you have a

Re: [Full-disclosure] Bug with .php extension?

2005-12-05 Thread Simon Richter
Hello, Ron wrote: In Apache 1.3.33 (untested on any other version), if you have a file called file.php.bak, and you navigate to it in the browser, it will run on the server as a .php file. This works with any extension that isn't known to the server (.rar, .bak, .test, .java, .cpp, .c, etc.)

Re: [Full-disclosure] Bug with .php extension?

2005-12-05 Thread Stanza
I suppose this is a great bug. It work also on apache 2. If a user can upload a file and it's extension isn't associated to a mime-type, the server processes it as a php file.. Stanza On 12/5/05, Chris Umphress <[EMAIL PROTECTED]> wrote: > On 12/4/05, Ron <[EMAIL PROTECTED]> wrote: > > I'm not sur

Re: [Full-disclosure] Bug with .php extension?

2005-12-04 Thread Chris Umphress
On 12/4/05, Ron <[EMAIL PROTECTED]> wrote: > I'm not sure whether this is something that's well known, but I've never > seen anything about it, and I nearly got burned by it, so I figured I'd > post it here. > > In Apache 1.3.33 (untested on any other version), if you have a file > called file.php.

[Full-disclosure] Bug with .php extension?

2005-12-04 Thread Ron
I'm not sure whether this is something that's well known, but I've never seen anything about it, and I nearly got burned by it, so I figured I'd post it here. In Apache 1.3.33 (untested on any other version), if you have a file called file.php.bak, and you navigate to it in the browser, it wil

[Full-disclosure] bug

2005-11-14 Thread sinneR
  ~~~ Application: Internet Explorer Vendors: http://www.microsoft.com Versions: 6.0.2900.2180.xpsp_sp2_rtm.040803-2158 Patched With: SP2; Platforms: Windows Bug: Remote File