Long, long time ago, we heard an interesting legend is www.google.com
will Pay for its vulnerability,so we want to try ...
lucky,A vulnerability has been caught by my friend
PZ[http://hi.baidu.com/p__z], this vul is base on 《Hacking with mhtml
protocol
Football field? More like dodgeball !!!
On Wed, Jan 26, 2011 at 10:33 AM, IEhrepus 5up3r...@gmail.com wrote:
Long, long time ago, we heard an interesting legend is www.google.com
will Pay for its vulnerability,so we want to try ...
lucky,A vulnerability has been caught by my friend
Hi all,
DllHijackAuditor v2.5 is released now. This is the FREE tool to Audit
any windows application for Dll Hijack Vulnerability.
Though DLL hijack vulns are out of the news channel now, you will
still find it useful for making sure that you new app is free from any
hidden dll hijack
Be sure to include malware, backdoors, rootkits, bootkits, hackits,
crackits as well!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On 01/25/2011 11:59 PM, Juan Sacco wrote:
Steve, yes you can! :-)
Let me know by email when you are ready! and I hope you could make a
personal review of Insect Pro 2.0 when you get a copy :P
BTW I will change that word licence is consufing i guess,
Thanks for support our software
I woudn't like to discourage ppl submitting vulns to vendors but this is the
response you'll most likely to get from those kind of vendors no matter what
you found in their system. I had more than a dozen similar experience like
yours. Now it's public + fixed and you gotta get nothing beside these
Hello list!
I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
Anti-automation and Abuse of Functionality vulnerabilities in SimpGB.
-
Affected products:
-
Vulnerable are SimpGB v1.49.02 and previous versions.
--
Send your shitty stuff to bugt...@securityfocus.com
If it's not obvious, no one give a shit here, seriously.
2011/1/27 MustLive mustl...@websecurity.com.ua
Hello list!
I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
Anti-automation and Abuse of Functionality
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities
Advisory ID: cisco-sa-20110126-csg2
http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml
Revision 1.0
For Public Release 2011 January 26 1600 UTC (GMT
ZDI-11-026: Novell Zenworks Handheld Management ZfHIPCnd.exe Opcode 2 Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-026
January 26, 2011
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Novell
-- Affected Products:
Novell Zenworks
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 2151-1secur...@debian.org
http://www.debian.org/security/ Martin Schulze
January 26th, 2011
Hi, Troll
Thanks for your review :-)
It's a pity that the tools you refer cost from $5000 to $3 usd
INSECT Pro is a tool for penetration testing that we'd created based on the
free classes we gave here in Argentina, listening to all the obstacles
people had using tools that we love like
Steve, yes you can! :-)
Let me know by email when you are ready! and I hope you could make a
personal review of Insect Pro 2.0 when you get a copy :P
BTW I will change that word licence is consufing i guess,
Thanks for support our software
Juan Sacco
--
XSS (Reflected) Bugs in login.htm and error.htm
PRTG V8.1.2.1809 (All OS Versions):
http://www.paessler.com/
I have discovered two XSS bugs within PRTG version 8.1.2.1809. These bugs
are in the login.htm and error.htm documents.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:019
http://www.mandriva.com/security/
See also
http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml
Cisco Bug ID CSCtk35917
If you or one of your budz had anything to do with this and are not
encumbered by NDA, please contact me off-list (or on -- it's all good).
This kind of thing is my specialty, so I have
I woudn't like to discourage ppl submitting vulns to vendors but this is the
response you'll most likely to get from those kind of vendors no matter what
you found in their system. I had more than a dozen similar experience like
yours. Now it's public + fixed and you gotta get nothing beside
On 01/26/2011 12:58 PM, Juan Sacco wrote:
The tool doesnt have any licence, we are using Python and Ruby. The
download size is 120mb
Thanks for your interest!
Juan Sacco
OK, let's clarify the reasoning behind the questions:
1) What is the license?
Under copyright law, I can't
Lmao @ WTFPL. I'm gonna use that :D
On Wed, Jan 26, 2011 at 6:19 PM, Steve Pinkham steve.pink...@gmail.comwrote:
On 01/26/2011 12:58 PM, Juan Sacco wrote:
The tool doesnt have any licence, we are using Python and Ruby. The
download size is 120mb
Thanks for your interest!
Juan Sacco
On 01/26/2011 01:25 PM, Juan Sacco wrote:
Steve, is a lot easier get donation and rent a good hosting. Sorry Im
going to pass your offer.
Juan Sacco
Sure, I understand. Unfortunately, that puts you back in the liar
catagory about whether or not the software is actually free.
Too bad, I
Hi Juan,
Can you please confirm if your release of Insect Pro 2.0 contains
any propriety code that you or the development team have written (other than
the standard UI stuff). If so, can you elaborate on this further, and also
explain what makes this product unique?
Cheers
Cal
On Wed, Jan 26,
On 01/26/2011 01:40 PM, Juan Sacco wrote:
Thanks again, dont forget to donate because you didnt But Im ok with
that :-)
For clarity, the $20 was for a unmetered, 100Mb/s VPS so I could make
good on my part of the deal if you weren't lying about it being free.
I haven't given you any
Steve, Insect Pro 2.0 is redistributable and I even talked with Microsoft (
they called me ) about that and there are no issues when it comes to
copyrights.
Ruby, Python, Metasploit and Our exploits are redistributables.
Again, thanks for your time and interest!
If you have any further question
===
phpMyAdmin 3.4.x, 3.4.0 beta 2 = Stored Cross Site Scripting (XSS)
Vulnerability
===
1. OVERVIEW
The phpMyAdmin web application
Reference: http://www.vsecurity.com/resources/advisory/20110126-1/
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description
- ---
- From [1]:
OpenOffice.org 3 is the leading open-source office software suite for word
processing
ZDI-11-027: Novell GroupWise Internet Agent TZID Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-027
January 26, 2011
-- CVE ID:
CVE-2010-4325
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Novell
-- Affected Products:
Novell
ZDI-11-027: Novell GroupWise Internet Agent TZID Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-027
January 26, 2011
-- CVE ID:
CVE-2010-4325
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Novell
-- Affected Products:
Novell
===
Ubuntu Security Notice USN-1052-1 January 26, 2011
openjdk-6, openjdk-6b18 vulnerability
CVE-2010-4351
===
A security issue affects the following Ubuntu releases:
Ubuntu
RLY?
YARLY.
(wasn't me of course)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hello,
Polycom SoundPoint IP devices (IP phones) are vulnerable to Denial of
Service attacks. Sending HTTP GET request with broken Authorization
header effect a device restart after ~60 seconds.
It was tested on:
SoundPoint IP 335 (Version: 3.2.4.1734)
SoundPoint IP 430 (Version: 3.2.3.1734)
Obviously this problem is not clear. A very similar problem ,like the
HTTP Response Splitting ,Whose vulnerability? webapp or Server-side
language?
so we come back this vul need two Conditions
1.www.google.com app don't filter the CRLF
2.IE support mhtml protocol handler to render the mhtml
...and for those of you who didn't get the opportunity to read it before they
took it down, here's a mirror:
http://i.imgur.com/0Yxgg.jpg
Apparently goatse security weren't the only ones out for 'max lols' :-P
- Original Message -
From: Andrew Kirch trel...@trelane.net
To: Full
Phrack and the blackhats.
You are an army I am one.
The only lasting.
I am your conscience.
I am always behind you,
every day from morning to late,
I am near you
no matter
where you go
I'm the bad feeling
that you get the one or the other day.
And you without difficulty
Simply push aside
On
-
www.ExploitDevelopment.com 2010-WEB-002
(CERT VU#870532) (Security Focus BID 45985)
-
TITLE:
Lomtec ActiveWeb Professional 3.0
Lmao at the shout out to Harry Pearce ;p
On 27/01/2011 02:56, Ryan Sears wrote:
...and for those of you who didn't get the opportunity to read it before they
took it down, here's a mirror:
http://i.imgur.com/0Yxgg.jpg
Apparently goatse security weren't the only ones out for 'max lols' :-P
1.www.google.com app don't filter the CRLF
This is not strictly required; there are other scenarios where this
vulnerability is exploitable.
2.IE support mhtml protocol handler to render the mhtml file format,
and this is the why mhtml: is designed
The real problem is that when mhtml: is
36 matches
Mail list logo