Re: [Full-disclosure] Geeklog = v1.6.0sr2 - Remote File Upload

Files with .jpg extensions can be uploaded, but these file can contain anything, like javascript or PHP code. Using FireFox you can upload any jpg extension and it will be accepted since FireFox sets the mime type based on file extension. Uploading usually requires that you first create a

Re: [Full-disclosure] [EquipoFraude] Full Path Disclosure in most wordpress' plugins [?]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Victor Antonio Torre Villahoz wrote: This not only happens in the plugins, all files in wp-admin/import/ have errors like it. I'm fix it using: if ( defined('WP_ADMIN') or defined('WP_USE_THEMES') ){ ;//coninue } else{ die(); } I've

Re: [Full-disclosure] Exploiting memory corruption vulnerabilities on Internet Explorer 8

On Thu, Oct 1, 2009 at 6:44 PM, Freddie Vicious fred.vici...@gmail.comwrote: Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no DEP/ASLR there... But as you said, so far there's no known catch-all technique against IE8. Along with other security features (

Re: [Full-disclosure] So weev...

I disagree. The usage of Alleged and Likelihood (sic) are qualifiers. Illegal criminal, however, is a double positive. I'd like to make a break in the conversation to say that Weev loves is a security risk not just to government but to businesses and people. Do the right thing. Submit all

[Full-disclosure] n3td3v banned from full-disclosure mailing list

TheLearner mrxisapl...@hush.com wrote: This will not stand. The Information Security community has absolutely no tolerance for censorship. where have you been for the last 10 months? ___ Full-Disclosure - We believe in it. Charter:

[Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo Doc(TM) revision #1]

Eyeballing Weev, An informative dossier. = By FeelTheBurn Udmncrmnl Version = Revision #1 Purpose = You can edit this document and submit it back as a new revision. An effort by community citizens to

Re: [Full-disclosure] Weev, AKA Andrew Auernheimer [ Fullinfo Doc(TM) revision #1]

Ah, pardon then. Didn't mean to insult the intelligence community. On Sun, 04 Oct 2009 01:53:43 + full-censors...@hushmail.com wrote: TheLearner mrxisapl...@hush.com wrote: Andrew is a troll in his early 20's who has hacked into various websites, harasses innocent people and companies

Re: [Full-disclosure] Exploiting memory corruption vulnerabilities on Internet Explorer 8

Yeah that's prrety obvious that there's one way or another to bypass DEP and ASLR but if you chose not to share it and don't have anything useful to say, it'll be better not to say anything. On Thu, Oct 1, 2009 at 12:55 PM, Berend-Jan Wever berendjanwe...@gmail.comwrote: FYI: ASLR DEP can be

[Full-disclosure] n3td3v mentioned in a book?

if this guy is mentioned in a book and we banned him? http://f0rb1dd3n.com/links.php i'm calling for a serious review of whats going on with the ban list. ___ Full-Disclosure - We believe in it. Charter: