[Full-disclosure] The Cookie Tools v0.3 -- first public release

hi, I would like to announce you the first public release of The Cookie Tools project! included tools: ** cookiesniffer ** cookiesniffer is a simple and powerful cookie sniffer that recognizes (through heuristics) and reconstructs (through libnids) new and existing HTTP connections, parsing any

[Full-disclosure] Advisory: Websense XSS Vulnerability

December 10th, 2007 === Summary === Name: Websense XSS Vulnerability Release Date: 10 December 2007 Reference: LSD002-2007 Discover: Dave Lewis CVE:Pending Vendor: Websense Product: Websense Enterprise and Websense Web Security Suite Systems Affected: version 6.3 (as tested) Risk: Less

[Full-disclosure] WordPress Charset SQL injection vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-10 Source: Abel Cheung Affected version: WordPress escape($gpc); } Finally, escape() method belongs to wp-includes/wp-db.php: function

[Full-disclosure] Captive Portal bypassing

If there were an easy to use (gold standard == nmap) and robust tool capable of bypassing all commonly used captive portals, that would make for a great 'mischief enabler'. Some googled links for the lazy lurkers... http://en.wikipedia.org/wiki/Captive_portal

Re: [Full-disclosure] Captive Portal bypassing

There was a tool that would do exactly that, on a long-defunct TOR hidden service, and it was mentioned in this paper for bypassing captive portals at airports. The technique, and naturally the tool, was applicable in most situations involving payment portals. Unfortunately I don't remember

Re: [Full-disclosure] Captive Portal bypassing

Hi, I didn't read all of the documents in detail, but I noticed the first bunch mentioned spoofing/changing your MAC address to that of someone that is validated/authorized. This is of course assuming this is feasible and someone has authenticated already. Many of the hotspots will just simply

[Full-disclosure] WordPress Charset SQL injection vulnerability (resend)

version: WordPress = 2.3.1 Exploit type: Remote Risk: Moderate Reference: http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt 1. Summary 2. Detail 3. Proof of concept 4. Workaround 1. Summary Quoting from http://wordpress.org/: WordPress is a state-of-the-art semantic personal

[Full-disclosure] Secunia Research: Samba send_mailslot() Buffer Overflow Vulnerability

== Secunia Research 10/12/2007 - Samba send_mailslot() Buffer Overflow Vulnerability - == Table of Contents Affected

[Full-disclosure] rPSA-2007-0261-1 samba samba-swat

rPath Security Advisory: 2007-0261-1 Published: 2007-12-10 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote Root Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/3.0.27a-0.1-1 [EMAIL PROTECTED]:1/3.0.27a-0.1-1 rPath Issue

[Full-disclosure] CVE-2007-6205

Source: http://www.int21.de/cve/CVE-2007-6205-s9y.html Cross site scripting (XSS) in rss feed plugin of Serendipity 1.2 References http://www.s9y.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6205 Description The Serendipity blog system contains a plugin to display the content of

[Full-disclosure] Multiple vulnerabilities in BarracudaDrive 3.7.2

### Luigi Auriemma Application: BarracudaDrive Web Server http://barracudaserver.com/products/BarracudaDrive/ http://barracudaserver.com/products/HomeServer/ Versions:

[Full-disclosure] Filesystem access in DOSBox 0.72

### Luigi Auriemma Application: DOSBox http://dosbox.sourceforge.net Versions: = 0.72 and current CVS Platforms:Windows, Linux, *BSD and Mac Bug: access to the

[Full-disclosure] Multiple vulnerabilities in BadBlue 2.72b

### Luigi Auriemma Application: BadBlue http://www.badblue.com Versions: = 2.72b Platforms:Windows Bugs: A] PassThru buffer-overflow B] upload directory

[Full-disclosure] [ GLSA 200712-10 ] Samba: Execution of arbitrary code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] [USN-550-2] Cairo regression

=== Ubuntu Security Notice USN-550-2 December 10, 2007 libcairo regression https://launchpad.net/bugs/NN === A security issue affects the following Ubuntu releases:

[Full-disclosure] [SECURITY] [DSA 1427-1] New samba packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1427-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff December 10, 2007

Re: [Full-disclosure] Captive Portal bypassing

Even easier than running a special tool is to just setup SSHD or a proxy to listen on TCP 53. You can then tunnel out and do as you please without authenticating to the captive portal. Not everyone has access to something listening on 53 that is ready to be tunneled to. Nor is everyone

[Full-disclosure] ZDI-07-072: Novell Netmail AntiVirus Agent Multiple Overflow Vulnerabilities

ZDI-07-072: Novell NetMail AntiVirus Agent Multiple Heap Overflow Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-07-072.html December 10, 2007 -- CVE ID: CVE-2007-6302 -- Affected Vendor: Novell -- Affected Products: NetMail 3.5.2 -- TippingPoint(TM) IPS Customer Protection:

[Full-disclosure] [ MDKSA-2007:241 ] - Updated tomcat5 packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:241 http://www.mandriva.com/security/

Re: [Full-disclosure] Captive Portal bypassing

Of course you might want to keep the legal aspects in mind before doing any of that. On Monday 10 December 2007 12:04:05 gmaggro wrote: Bah. Who cares about that. Our governments have proven they do not respect the rule of law; why should we? Because what you espouse would result in

Re: [Full-disclosure] Captive Portal bypassing

Because what you espouse would result in general lawlessness, a situation that is worse for the common good than what we have now. That is both an arguable and accurate description of one of my goals. More specifically, the impact on captive portals would be an escalating arms race

[Full-disclosure] [ MDKSA-2007:242 ] - Updated e2fsprogs packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:242 http://www.mandriva.com/security/

[Full-disclosure] [ MDKSA-2007:243 ] - Updated MySQL packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:243 http://www.mandriva.com/security/

Re: [Full-disclosure] The Cookie Tools v0.3 -- first public release

On 10 Dec 07, at 05:45, michele dallachiesa wrote: why HTTPS is not the default in this type of services? this is a big silent hole. maybe, today is less silent :) The short version is because hosting things with SSL is still hard. There's a few things which are significantly holding back the

Re: [Full-disclosure] Captive Portal bypassing

On Dec 10, 2007 2:04 PM, gmaggro [EMAIL PROTECTED] wrote: ... Not everyone has access to something listening on 53 that is ready to be tunneled to. Nor is everyone clever enough to go about doing that sort of thing. if they've got a whitelist for UDP 53 you can openvpn out nicely. i get hit

Re: [Full-disclosure] The Cookie Tools v0.3 -- first public release

Andrew Farmer wrote: On 10 Dec 07, at 05:45, michele dallachiesa wrote: why HTTPS is not the default in this type of services? this is a big silent hole. maybe, today is less silent :) The short version is because hosting things with SSL is still hard. There's a few things which are

Re: [Full-disclosure] The Cookie Tools v0.3 -- first public release

On Dec 10, 2007 5:45 AM, michele dallachiesa [EMAIL PROTECTED] wrote: ... why HTTPS is not the default in this type of services? see http://www.kb.cert.org/vuls/id/466433 the big web service providers don't care about your privacy or security. it costs too much, and your commodity eyeballs