Ryan,
The blog post indicates severe security lapses; for example:
Why did the asterisks server have connectivity to the db? If there was
some kind of mashup I would expect it to have limited connectivity but
I'm not aware of anything like that.
If these guys are in the business of security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: https://www.isc.org/CVE-2011-1907 is the authoritative source
for this Security Advisory. Please check the source for any updates.
Summary: When a name server is configured with a response policy zone
(RPZ), queries for type RRSIG can trigger
Was anyone able to test and validate this?
Infolookup
http://infolookup.securegossip.com
www.twitter.com/infolookup
-Original Message-
From: Infant Overflow infant.overf...@gmail.com
Sender: full-disclosure-boun...@lists.grok.org.uk
Date: Thu, 5 May 2011 10:34:37
To:
Our advanced binary planting research goes on... and it's time to reveal some
interesting hacks, for instance how to exploit binary planting (or DLL
hijacking, if
you prefer the less suitable term) to execute remote malicious code through
Internet
Explorer 9 in protected mode on Windows 7 -
**
(+) Authors : d3hydr8
(+) WebSite : darkode.com
(+) Date : 06.05.2011
(+) Hour : 08:21 AM
(+) Targets : CCAvenue.com (Payment Gateway)
(+) Document: ESA.int Full Disclosure (UPDATED)
(+) Method : Hidden SQL Injection
But the encrypted everything right?
On Fri, May 6, 2011 at 5:33 PM, d3hydr8 D d3hy...@hotmail.com wrote:
**
(+) Authors : d3hydr8
(+) WebSite : darkode.com
(+) Date : 06.05.2011
(+) Hour : 08:21 AM
(+) Targets :
adu_id adu_user adu_pwd adu_status dept_id remote_access
mobile_number
. . .
Acc1041 Risk Risk A Acc
lol, definitely a risky guy
--
Cheers,
Kai
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2231-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
June 6, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2232-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
May 06, 2011
WTF ?
notebook:~$ ping www.compusa.com
PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 ms
notebook:~$ ping www.tigerdirect.com
PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
64
===
Imperva SecureSphere - SQL injection filter bypass
===
Affected Software : SecureSphere Web Application Firewall (WAF)
Severity : High
Local/Remote
**
(+) Authors : i:Spy
(+) WebSite : ispyteam.com
(+) Date : 06.05.2011
(+) Hour : 08:21 AM
(+) Targets : CCAvenue.com (Payment Gateway)
(+) Document: ESA.int Full Disclosure (UPDATED)
(+) Method : Hidden SQL Injection
[ + ] Date: Wed May 3 04:47:33 2011
...
--
Kindly disregard the previous report. I got the date all mixed up.
hah! You must be joking right! Also where exactly was the *hidden SQL
injection you said??
Cmon!
On Fri, May 6, 2011 at 6:49 PM, Gustavo gustavorober...@gmail.com wrote:
WTF ?
notebook:~$ ping www.compusa.com
PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1
ttl=64 time=0.019 ms
Same here ... this time on
**
(+) Authors : d3hydr8
(+) WebSite : darkode.com
(+) Date : 06.05.2011
(+) Hour : 08:21 AM
(+) Targets : CCAvenue.com (Payment Gateway)
(+) Document: ESA.int Full Disclosure (UPDATED)
(+) Method : Hidden SQL Injection
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/06/2011 11:15 PM, Nick Boyce wrote:
On Fri, May 6, 2011 at 6:49 PM, Gustavo gustavorober...@gmail.com
wrote:
WTF ?
notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net
(127.0.0.1) 56(84) bytes of data. 64 bytes from
16 matches
Mail list logo
