Dear An,
Referrer: scriptalert(1)/script
Yes, but... seems not all echo's get a Referer passed to them.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( _ ) Y Y \
/__ /\___|__ / \___ /|__|_| /
\/ \/.-.\/ \/:wq
Dear Lists,
I'm happy (and proud) to announce that the registrations for H2HC Cancun
are finally available online.
This is the first year of the conference in Cancun/Mexico (on 3rd of
december) and the 7th year of the Conference in São Paulo/Brazil (on
27-28 of november). We are growing fast
Dear Riyaz,
The mere mention of fcgi-bin/echo in your first mail is enough for anybody
to derive the PoC. Here's what I found in under a minute:
*/fcgi-bin/echo/scriptaler('xss')/script*
Sorry, that is a different issue: the one you mention was patched by
Oracle a long time ago. (All the
===
Ubuntu Security Notice USN-1005-1 October 19, 2010
poppler vulnerabilities
CVE-2010-3702, CVE-2010-3703, CVE-2010-3704
===
A security issue affects the following Ubuntu
===
Ubuntu Security Notice USN-1006-1 October 19, 2010
webkit vulnerabilities
https://launchpad.net/bugs/660075
===
A security issue affects the following Ubuntu releases:
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
--
Gruezi, This is CVE-2010-3847.
The dynamic linker (or dynamic loader) is responsible for the runtime linking of
dynamically linked
Hello Andriy and Bugtraq!
It's interesting issue in LiqPAY. Which was quickly fixed by Privat Bank
after your disclosure.
Even if they denied to fix it (as not issue in their opinion) at 22 March
2010, when you officially informed them, already at 27 March 2010 they fixed
it, by adding site's
Date: 2010-10-19
Application: Linux Kernel
Versions: 2.6.30 - 2.6.36-rc8
Severity: High
Author: Dan Rosenberg drosenberg (at) vsecurity (dot) com
Vendor Status: Patch Released [3]
CVE Candidate: CVE-2010-3904
Reference: http://www.vsecurity.com/resources/advisory/20101019-1