Not ISO's, but lots of good video material...
http://mirrors.easynews.com/blackhat/
http://mirrors.easynews.com/defcon/
http://mirrors.easynews.com/
--
Kristian Erik Hermansen
___
Full-Disclosure - We believe in it.
Charter:
On Sun, 12 Aug 2007, carl hardwick wrote:
Firefox Remote Variable Leakage
I'm afraid don't entirely follow this attack - though I might be wrong...
The PoC, in essence, enumerates all Javascript variables and functions
that are publicly declared by the browser in the context of the current
On Sun, 12 Aug 2007 21:41:05 +0530, Susam Pal said:
But I am the only one who is inserting the JavaScript in my blog. So,
I'll end up stealing the cookies set for my domain. Why would I steal
cookies set for my domain? I already know them because it is my website.
Obviously, your blog
On Aug 13, 2007 7:48 AM +0530 [EMAIL PROTECTED] said:
Obviously, your blog doesn't allow any users to comment...
Even if a blog allows users to comment, it is still not a
vulnerability. As per the report, blogspot.com allows the
JavaScript in the blog. JavaScript is *not* allowed in the
For precision, i also provide some exploits for : apache and sendmail. no list
given. you need to know what you want before mail me.
(maybe a full disclosure list dedicated for 0day tradding is interesting ?)
regards,
=
--
Powered by Outblaze
CNN and Fox
Nice
On 8/13/07, Tonu Samuel [EMAIL PROTECTED] wrote:
http://www.clpwn.com/2007/08/13/breaking-news-team-clpwn-hackers-compromise-cnncom/
___
Full-Disclosure - We believe in it.
Charter:
http://www.clpwn.com/2007/08/13/breaking-news-team-clpwn-hackers-compromise-cnncom/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On 8/13/07, h buffo [EMAIL PROTECTED] wrote:
[...]
(maybe a full disclosure list dedicated for 0day tradding is interesting ?)
You're joking?
--
Guasconi Vincent
Etudiant.
___
Full-Disclosure - We believe in it.
Charter:
Now we get to hear what OW! sounds like when said by both sides.
Geoff
Sent from my BlackBerry wireless handheld.
-Original Message-
From: James Matthews [EMAIL PROTECTED]
Date: Mon, 13 Aug 2007 09:45:55
To:Tonu Samuel [EMAIL PROTECTED]
Cc:full-disclosure@lists.grok.org.uk
Subject:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1354-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
August 13th, 2007
Bypassing servlet input validation filters (OWASP Stinger + Struts example)
~~~
0. ORIGINAL ADVISORY
http://o0o.nu/~meder/o0o_bypassing_servlet_input_validation_filters.txt
I. BACKGROUND
~
On Mon, 13 Aug 2007 23:08:35 +0800, h buffo said:
For precision, i also provide some exploits for : apache and sendmail. no
list given. you need to know what you want before mail me.
How useless. We need to know what the exploit is (and thus likely have access
to it already) in order to get
On 8/13/07, h buffo [EMAIL PROTECTED] wrote:
For precision, i also provide some exploits for : apache and sendmail. no
list given. you need to know what you want before mail me.
(maybe a full disclosure list dedicated for 0day tradding is interesting
?)
regards,
=
--
Powered by
Comments do not allow javascript. Safe!!!
On 8/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Sun, 12 Aug 2007 21:41:05 +0530, Susam Pal said:
But I am the only one who is inserting the JavaScript in my blog. So,
I'll end up stealing the cookies set for my domain. Why would I steal
Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH)
ETES GmbH Security Advisory; August 13, 2007
BACKGROUND
==
Dell Remote Access Card 4 (DRAC4) allows customers to effectively manage
servers in remote locations where no administrative IT staff exists. It
provides
On 8/13/07, h buffo [EMAIL PROTECTED] wrote:
(maybe a full disclosure list dedicated for 0day tradding is interesting ?)
here you go
http://groups.google.com/group/n3td3v
___
Full-Disclosure - We believe in it.
Charter:
carl hardwick wrote:
Found a lof of sites exploiting Firefox URI vulnerability!!!
Maybe I'm getting to these sites after they've been cleaned up, or maybe
I'm just missing it, but what exactly are they exploiting and how? I don't
see anything that looks like the recent announced Firefox URI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0043-1
Published: 2007-08-13
Rating: Minor
Updated Versions:
openssl=/[EMAIL PROTECTED]:devel//1/0.9.7f-10.7-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.8-1
References:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0043-1
Published: 2007-08-13
Rating: Minor
Updated Versions:
openssl=/[EMAIL PROTECTED]:devel//1/0.9.7f-10.7-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.8-1
References:
Diskeeper Remote Memory Disclosure
Credit: Pravus (pravus -a-t- hush -d-o-t- com)
Greetz: Scientology for making a remotely accessible disk
defragmenter. Felix, Jenna, and Isaac.
Vulnerability Description:
This vulnerability involves a memory comparison function that is
remotely, anonymously
You really have too much free time on your hands. :-)
From: [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] CISSP, Final Round
Date: Sat, 11 Aug 2007 01:14:14 -0400
Nobody paid them. It's not an official CISSP site. That one would be
found at www.isc2.org
===
Ubuntu Security Notice USN-497-1August 14, 2007
xfce4-terminal vulnerability
CVE-2007-3770
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Any sensitive data being leaked? A browser giving away
its properties to a script should not be termed
vulnerability.
Is it causing any of these...
1.) Loss of confidentiality
2.) Loss of integrity
3.) Loss of availability
--- carl hardwick [EMAIL PROTECTED] wrote:
Firefox Remote Variable
23 matches
Mail list logo