Wat
2012/1/23 RandallM randa...@fidmail.com
Piracy retaliation taken on UFC.com
Pinging ufc.com [50.116.87.24] with 32 bytes of data:
Reply from 50.116.87.24: bytes=32 time=48ms TTL=52
Reply from 50.116.87.24: bytes=32 time=49ms TTL=52
Reply from 50.116.87.24: bytes=32 time=48ms TTL=52
He is a god-tier hecker, like better than Chippy1337. ICMP remote root 0day
imo.
2012/1/23 Laurelai laure...@oneechan.org
On 1/23/12 7:14 AM, Ian Hayes wrote:
On Mon, Jan 23, 2012 at 4:37 AM, Julius Kivimäki
julius.kivim...@gmail.com wrote:
Wat
2012/1/23 RandallMranda
Oh god, my linux server buried underground with five feet of concrete just
got rooted. This box has no internet connection, coincidence? I think not.
(Also I'm a derpcat and can't into mailinglists with gmail)
2012/1/23 Laurelai laure...@oneechan.org
On 1/23/12 9:34 AM, Julius Kivimäki wrote
Funny but no, this does not need a non-installed wordpress.
2012/1/25 Benji m...@b3nji.com
Dear full-disclosure
I wrote to you to tell you about serious serious vulnerability in all
Windows versions.
If you turn machine on before system is configured, then you be able to
set user password
Bandwidth bills.
2012/1/25 karma cyberintel karmacyberint...@gmail.com
Anonymous deletes CBS.com, solicits opinions on who to hack nextsources
form karmacyberintel.net
for more details
http://www.karmacyberintel.net/2012/01/anonymous-deletes-cbs-com-solicits-opinions-on-who-to-hack-next/
Anonymous is definitely not a group (as in a group that has actual
members), you should know better.
2012/1/25 karma cyberintel karmacyberint...@gmail.com
*UPDATE* After attacking several government sites to protest
controversial US legislation in past weeks, hacktivist group Anonymous is
I am pretty sure their host is gonna be suspending them after the DDoS that
just hit them.
(their real host that is, not the proxy.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
How does this compete with already existing tools?
2012/1/28 sandeep k sandeepk.l...@gmail.com
This is an automatic SQL Injection tool called as FatCat, Use of FatCat
for testing your web application and exploit your application more deeper.
FatCat Features that help you to extract the
Of course I wouldn't, downloading a car would be like stealing a car.
Piracy is horrible and all the boats used by the pirate scum should be
taken away.
2012/1/28 Laurelai laure...@oneechan.org
On this topic i saw this
https://thepiratebay.org/torrent/6960965/1970_Chevelle_Hot-Rod_3d_model
,
DDoS their boats.
2012/1/28 Laurelai laure...@oneechan.org
On 1/28/2012 3:13 PM, Julius Kivimäki wrote:
Of course I wouldn't, downloading a car would be like stealing a car.
Piracy is horrible and all the boats used by the pirate scum should be
taken away.
2012/1/28 Laurelai laure
Here is a short step by step guide on how to make a honeypot.
1.Acquire a pot, refer to some other guide on how to do this.
2.Acquire some honey, refer to some other guide on how to do this.
3.Put honey in pot, refer to some other guide on how to do this.
4.Congratulations you now have a
You do know that anyone can create a new archive format that antiviruses
will not detect... Right?
2012/2/2 Michel kareld...@yahoo.fr
hello,
Multiple vendor antivirus .kz archive format evasion/bypass vulnerability.
DESCRIPTION
.kz is a proprietary archive format from an Asian editor
And down goes exploitpack.com
2012/2/6 ctrun...@christophertruncer.com
This is purely spamming for the reason of trying to get someone to buy
this product. I haven't seen any value added from this account.
John Cartwright - isn't this in the charter that pure spamming will
cause your name
http://www.indianapolissuperbowl.com/view-release.php?id=42
2012/2/10 resea...@vulnerability-lab.com resea...@vulnerability-lab.com
Title:
==
Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities
Date:
=
2012-02-06
VL-ID:
=
418
Abstract:
=
Alexander
So, it appears that Sprint and T-Mobile are using 25.*.*.* and 28.*.*.* as
their phone network internal IPs.
This causes a ton of security issues, why would they do this?
___
Full-Disclosure - We believe in it.
Charter:
I hope you guys are not seriously suggesting these.
-- Edelleenlähetetty viesti --
Lähettäjä: rancor theran...@gmail.com
Päiväys: 28. helmikuuta 2012 13.28
Aihe: Re: [Full-disclosure] Best DoS Tool
Vastaanottaja: Ramo r...@goodvikings.com
Kopio: full-disclosure@lists.grok.org.uk
Oh, in that case he should totally use
while true; do wget target; done
28. helmikuuta 2012 14.07 rancor theran...@gmail.com kirjoitti:
I just thought we where name dropping stuff =(
2012/2/28 Julius Kivimäki julius.kivim...@gmail.com:
I hope you guys are not seriously suggesting
Yes but nobody gives a fuck, they are just people who could not secure
themselves while playing the save the world and cure corruption by
defacing sites game.
29. helmikuuta 2012 17.46 Dan Dart dand...@googlemail.com kirjoitti:
There are arrests? Sorry, I've been living in a hole.
What list are you talking about? Are you perhaps implying that these kids
would be capable of things other than ordering some pizzas to people?
29. helmikuuta 2012 18.16 Dan Dart dand...@googlemail.com kirjoitti:
The sort of people who are responsible for these arrests are going on
the list
Go back to your elite hacker club anonops then. Come back with something
real these kids have done.
29. helmikuuta 2012 18.57 Dan Dart dand...@googlemail.com kirjoitti:
Are you perhaps implying that these kids would be capable of things
other than ordering some pizzas to people?
Much, much
You mean a concept.
-- Edelleenlähetetty viesti --
Lähettäjä: Erik Falor ewfa...@gmail.com
Päiväys: 7. maaliskuuta 2012 20.54
Aihe: Re: [Full-disclosure] Full disclosure is arrest of Sabu
Vastaanottaja: full-disclosure@lists.grok.org.uk
On Wed, Mar 07, 2012 at 10:45:45AM +1100,
Someone who likes all the three things being compromised at the same time.
16. maaliskuuta 2012 18.30 Jerry dePriest jerr...@mc.net kirjoitti:
**
They had a DoS of mail, www and shell. They state a switch went out. who
runs mail, www and shell on the same switch?
(This might be a trick
What's the payload?
16. maaliskuuta 2012 18.01 kyle kemmerer krkemme...@gmail.com kirjoitti:
Not my code, just sharing it here.
http://pastebin.com/UzDKcCQy
___
Full-Disclosure - We believe in it.
Charter:
Where's the csrf? All I see here is an useless bruteforce attack.
2012/5/17 Fernando A. Lagos B. ferna...@zerial.org
LinkedIn uses a Token into the login form which can be used many times
for different usernames. You can do it using the same IP or differents
IP, the token will not be
This man knows too much, we'll have to get rid of him.
2012/5/31 RandallM randa...@fidmail.com
..if flame was hidden in angry birds
--
been great, thanks
RandyM
a.k.a System
___
Full-Disclosure - We believe in it.
Charter:
This vulnerability appears to be extremely serious and should be patched
ASAP, it appears that it has great potential to be remotely exploited.
2012/6/6 Григорий Братислава musntl...@gmail.com
Hello full disclosure!! !! (is I forget another !!)
I want to warn you about is vulnerability in
Where exactly is the vulnerability here? I am unable to see it myself, it
appears that you are using an eval function to evaluate code which isn't
exactly a security issue.
2012/8/17 research resea...@reactionis.co.uk
Summary
===
There is an arbitrary command execution vulnerability in
Seriously?
2012/8/25 kaveh ghaemmaghami kavehghaemmagh...@googlemail.com
Exploit Title: yahoo messenger 11.5.0 (d3d10.dll) DLL Hijacking Exploit
Date: 2012-08-23
Author: coolkaveh
coolka...@rocketmail.com
Https://twitter.com/coolkaveh
Vendor Homepage: http://www.yahoo.com/
Version:
Did you guys seriously just send five different advisories on five
different vulnerable parameters on one vulnerable script?
2012/9/17 HTTPCS cont...@httpcs.com
**
HTTPCS Advisory : HTTPCS100
Product : FreeWebshop
Version : 2.2.9
Date : 2012-09-17
Criticality level : Highly Critical
{*} samba 3.x remote root by bla...@fail0verflow.com {*}
Give some credit to the guy who actually made this.
2012/9/24 k...@hushmail.me
Massive 0day hide all your printers.
http://pastebin.com/AwpsBWVQ
1. # finding targets 4 31337z:
2. # gdb /usr/sbin/smbd `ps auwx | grep smbd |
In fact, it's not a vulnerability in malware. It's a vulnerability in a
tool used to control computers infected by malicious software. But I can't
see that being relevant at all.
2012/10/11 valdis.kletni...@vt.edu
On Wed, 10 Oct 2012 23:25:50 +0200, Pascal Ernster said:
I suppose it turns
It reminds me my question from GNAA Security Team when i got seek
from their exploitions.
How can i make sure a software is not exploitable? (( The short answer is
simple assume every software is exploitable and remove it. ))
2012/10/29 kaveh ghaemmaghami kavehghaemmagh...@googlemail.com
It
Would you consider software that is used to open local documents and
crashes when you feed it corrupt data defective?
2012/10/29 Jeffrey Walton noloa...@gmail.com
On Mon, Oct 29, 2012 at 1:35 PM, Peter Ferrie peter.fer...@gmail.com
wrote:
How can i make sure a crash is not exploitable? ((
Next to nothing, creating facebook accounts en masse is trivial. It doesn't
even use captchas for registration.
2012/10/31 Georgi Guninski gunin...@guninski.com
We are discussing this question:
How much a million facebook passwords + lusernames would cost?
Am I the only one who noticed the linux local root exploit written in
whitespace?
2012/11/15 mohit tyagi mohittyagi.0...@gmail.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Is a privilege escalation vulnerability in Linux not a vulnerability if it
requires authentication?
2012/11/22 Gary Driggs gdri...@pdx.edu
On Nov 22, 2012, Manu sourvivor at gmail wrote:
Authenticate and browse to
How is this a vulnerability if it's behind an authentication wall?
I've
Dear all, I'd like to inform you that this exploit is vulnerable to a *
critical* XSS attack that can be used against users of the exploit.
Vendor did not respond to inquiries regarding this *severe* vulnerability.
Regards,
Hot Acid security research team.
Greetz 2:
Mustlive
Vulnerability Lab
United States law is opt-in for Fortune 500 companies.
2012/12/14 Jeffrey Walton noloa...@gmail.com
On Thu, Dec 13, 2012 at 7:52 AM, Philip Whitehouse phi...@whiuk.com
wrote:
I restate my email's second point.
Google is indexing robots.txt because (from all the examples I can see)
Aren't you a true master hacker trying (and failing) to DDoS sites and
posting XSS vulnerabilities on random sites to FD.
2012/12/22 tig3rhack tig3rh...@tormail.org
Onion Bazaar is an online auction site, exploits are filled in by those
who want to sell them, for hacktalk exploiting my dick.
After the demise of BS and TP, HTP isn't the only group that makes zines
anymore? (You just blew my mind)
On Dec 23, 2012 1:19 PM, blackh...@tormail.org wrote:
anyone seen this yet? its been floating around irc tonight. supposed to be
Dyne.org (the people who make the Dyne_Bolic OS) hacked.
Full path disclosure, vulnerability?
Ahahahahaha, good joke! You made my day.
2012/12/29 MustLive mustl...@websecurity.com.ua
Hello list!
Earlier I've wrote to the list about multiple vulnerabilities in multiple
themes for WordPress (http://seclists.org/fulldisclosure/2012/Dec/236). In
that
Hello list!
I want to warn you about multiple extremely severe vulnerabilities in
websecurity.com.ua.
These are Brute Force and Insufficient Anti-automation vulnerabilities in
websecurity.com.ua. These vulnerability is very serious and could affect
million of people.
-
How is Omnivox's security relevant when this kid is running DoS tools on
their sites? (Acunetix is a nice database heavy HTTP flood tool.)
2013/1/22 Jeffrey Walton noloa...@gmail.com
On Mon, Jan 21, 2013 at 5:42 PM, Philip Whitehouse phi...@whiuk.com
wrote:
Moreover, he ran it again after
This is normal
2013/1/22 Dan Dart dand...@googlemail.com
https://gist.github.com/4596868
Regards
Dan
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
If you as you say 'discovered' the exploit, how come you weren't the first
ones to publish it? And why did someone else publish it on the day you
claim you discovered it?
2013/2/18 Vulnerability Lab resea...@vulnerability-lab.com
Title:
==
Apple iOS v6.1 (10B143) - Code Lock Bypass
Why exactly is this a bug?
2013/3/15 secur...@nruns.com
n.runs AG
http://www.nruns.com/
security(at)nruns.com
n.runs-SA-2013.001 15-Mar-2013
___
Vendor: Polycom,
But sending 10 emails in a row is necessary?
2013/4/10 Erik Falor ewfa...@gmail.com
On Wed, Apr 10, 2013 at 11:44:22AM +0100, Peter W-S wrote:
Is it really necessary to spam the list with a separate email for every
issue you want to report? Perhaps one email a week with a link to the full
I really wonder if they even read the lists they spam
2013/4/19 l3thal l3t...@smashthestack.org
looks like you are still at it heh...
On Fri, Apr 19, 2013 at 11:12 AM, secur...@mandriva.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yeah it is when you are in the business of selling exploits.
2013/4/19 paul.sz...@sydney.edu.au
VUPEN Security Research advisor...@vupen.com wrote in
http://www.securityfocus.com/archive/1/526402
:
X. DISCLOSURE TIMELINE
2012-02-15 - Vulnerability Discovered by VUPEN
2013-03-06 -
Many ISPs do this, usually they hijack DoD ranges. It shouldn't cause any
issues.
2013/5/17 kyle kemmerer krkemme...@gmail.com
So today when trying to access a device on my network (172.30.x.x range) I
was taken to the web interface of a completely different device. This
baffled me at
So, wanna tell me what exactly is critical about you being able to inject
marquee tags into your savefile names?
2013/5/21 Vulnerability Lab resea...@vulnerability-lab.com
Title:
==
Sony PS3 Firmware v4.31 - Code Execution Vulnerability
Date:
=
2013-05-12
References:
Doubt it, PS3 doesn't really seem to have the concept of system commands.
2013/5/22 Milan Berger m.ber...@project-mindstorm.net
Hi,
So, wanna tell me what exactly is critical about you being able to
inject marquee tags into your savefile names?
didn't test the POC yet, but I guess the
I went and dug out my PS3 and tested this. Results: particularly crappy
HTML execution, useless. I don't know what world you live in, but calling
this a security vulnerability would be a wild exaggeration.
2013/5/21 Vulnerability Lab resea...@vulnerability-lab.com
Title:
==
Sony PS3
Well, they don't exactly state that they're going to pay you either.
2013/5/29 Źmicier Januszkiewicz ga...@tut.by
Hmm, interesting.
For some reason I fail to find the mentioned age requirements at the
official bug bounty page located at
So you made a perl script to make GET requests on a list of URLs? Brilliant.
2013/6/18 MustLive mustl...@websecurity.com.ua
Hello participants of Mailing List.
If you haven't read my article (written in 2010 and last week I wrote about
it to WASC list) Advantages of attacks on sites with
So basically this results in client sending HTTP GET requests very slowly.
How will that lead to DoS? (We aren't in 1980 anymore)
2013/6/27 MustLive mustl...@websecurity.com.ua
**
*Hello Ryan!*
Attack exactly overload web sites presented in endless loop of redirects.
As I showed in all
Swap out tripwire/ossec/whatever you use?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Why am I not surprised vulnlab is the first one to post here to advertise
themselves?
2013/7/24 Vulnerability Lab resea...@vulnerability-lab.com
http://www.evolution-sec.com
International Team, Top Researchers and Consultants, Certified
Consultants, Public References and Information.
~bkm
All of the domains involved just happen to be registered on markmonitor by
PayPal. Really doubt this has anything to do with phishing.
2013/8/13 Jeffrey Walton noloa...@gmail.com
It looks like Paypal has suffered a break-in and phishing attempts are
being made on its users.
Time to sell you
Undoubtedly a case of untrained staff and pre-written email responses.
2013/8/13 Jeffrey Walton noloa...@gmail.com
On Tue, Aug 13, 2013 at 7:22 AM, Julius Kivimäki
julius.kivim...@gmail.com wrote:
All of the domains involved just happen to be registered on markmonitor
by
PayPal. Really
So, what exactly is this advisory supposed to be about? The lack of your
camera skills? Or perhaps about the fact that google sent you a letter?
Oh, and I really wonder how you calculated your CVSS. The NVD calculator
comes up with 0 for me.
2013/8/16 Vulnerability Lab
Heard of flash m8?
2013/8/22 xn...@xnite.org
**
That's a nice trick and all, but I don't see how it's valuable. In order
to trigger the XSS you need to modify your browser headers, therefore any
victim who you are trying to get to a page to execute your XSS would need
to also modify THEIR
If you're going to start posting this shit. I suggest you visit
http://www.exploit-db.com/google-dorks/ and try appending site:edu to all
of them.
2013/8/29 Vulnerability Lab resea...@vulnerability-lab.com
Title:
==
UTA EDU University ENG - SQL Injection Vulnerability
Date:
=
Pretty sure this is like the 50th time this year you send an email
regarding a vulnerability without actually specifying the vulnerability,
are you sure your client isn't cutting out parts of your messages?
2013/12/8 MustLive mustl...@websecurity.com.ua
Hello list!
Earlier I wrote about one
Saying that the malleability thing is an issue with bitcoins is like saying
that sql injection is an issue with mysql.
2014-03-07 15:58 GMT+02:00 Meaux, Kirk kirk.me...@ctcd.edu:
More to the point, has the transaction malleability issue been fixed
that caused Magic's downfall?
Even though
When did the ability to upload files of arbitrary types become a security
issue? If the file doesn't get executed, it's really not a problem.
(Besides from potentially breaking site layout standpoint.)
2014-03-13 12:43 GMT+02:00 Nicholas Lemonias. lem.niko...@googlemail.com:
Google
/Unrestricted_File_Upload
On Thu, Mar 13, 2014 at 1:39 PM, Julius Kivimäki
julius.kivim...@gmail.com wrote:
When did the ability to upload files of arbitrary types become a security
issue? If the file doesn't get executed, it's really not a problem.
(Besides from potentially breaking site
://www.google.com/settings/takeout
https://www.google.com/settings/takeout *
On Thu, Mar 13, 2014 at 4:09 PM, Julius Kivimäki
julius.kivim...@gmail.com wrote:
Did you even read that article? (Not that OWASP has any sort of
credibility anyways). From what I saw in your previous post you
(thousands of nodes and thousands of servers across the world). The files
are cached deep in the network structures to thousands of servers.
On Thu, Mar 13, 2014 at 4:20 PM, Julius Kivimäki
julius.kivim...@gmail.com wrote:
OWASP is recognized worldwide, so is CEH and a bunch of other morons
] Google vulnerabilities with PoC
To: Julius Kivimäki julius.kivim...@gmail.com
Julius Kivimaki, your disbelief in OWASP, CEH, Journalists and anything
you may, or may not be qualified to question amazes. But everyone's opinion
is of course respected.
I normally don't provide security lessons via e
Dude, seriously. Just stop.
2014-03-14 20:02 GMT+02:00 Nicholas Lemonias. lem.niko...@googlemail.com:
You can't even find a cross site scripting on google.
Find a vuln on Google seems like a dream to some script kiddies.
On Fri, Mar 14, 2014 at 6:00 PM, Nicholas Lemonias.
Wait, so remote code execution by social engineering wasn't a troll? I'm
confused.
2014-03-14 21:28 GMT+02:00 Nicholas Lemonias. lem.niko...@googlemail.com:
Then that also means that firewalls and IPS systems are worthless. Why
spend so much time protecting the network layers if a user can
72 matches
Mail list logo
