-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| ...|
| ..''xxx'...|
|..'xx
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Glafkos Charalambous wrote:
> Hello,
>
Hi Glafkos,
>
>
> That definitely can be fixed easily with two lines of code but is still
> something that should have been prevented at earlier stages of "plugin"
> development
>
>
>
> "if (!empty($_SER
Hello,
That definitely can be fixed easily with two lines of code but is still
something that should have been prevented at earlier stages of "plugin"
development
"if (!empty($_SERVER['SCRIPT_FILENAME']) && 'akismet.php' ==
basename($_SERVER['SCRIPT_FILENAME']))
die ('Please do not load t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
majinboo wrote:
> Hello,
Hi
>
> this kind of "vulnerabilities" exists whenever a PHP scripts issue a
> fatal error on a poorly configured server. PHP should log errors in a
> local file and not on the client screen. With this configuration, you
> wi
Hello,
this kind of "vulnerabilities" exists whenever a PHP scripts issue a fatal
error on a poorly configured server. PHP should log errors in a local file
and not on the client screen. With this configuration, you will not see a
full path disclosure in each uncatched PHP exception. IMHO the secu
MS Internet Explorer 0day exploit for sale - remote code execution via
memory corruption.
Serious offers only - fred.vici...@gmail.com
--
Best wishes,
Freddie Vicious
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclo
The Drupal XML Sitemap module version 5.x-1.6 (
http://drupal.org/project/xmlsitemap) contains a cross site scripting
vulnerability because it fails to properly sanitize 'Path' output in the XML
Sitemap administration area. If you install XML Sitemap and click on
Administer, Site configuration, XM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Exists an call to add_action() without validate with function_exists().
When I run the php script directly, I get the full path of wp installation.
Example:
[+] http://www.marco2010.cl/wp-content/plugins/akismet/akismet.php
[+] http://www.marco2010.cl
===
Ubuntu Security Notice USN-838-1 September 28, 2009
dovecot vulnerabilities
CVE-2008-4577, CVE-2008-5301, CVE-2009-2632, CVE-2009-3235
===
A security issue affects the follow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-1897-1secur...@debian.org
http://www.debian.org/security/ Nico Golde
September 28th, 2009
Hello Full-Disclosure!
I want to warn you about Insufficient Anti-automation and Cross-Site
Scripting vulnerabilities in E107. I found XSS holes in October 2006 and
Insufficient Anti-automation in November 2007, and disclosed them at
30.01.2009.
Insufficient Anti-Automation:
Vulnerability is in
11 matches
Mail list logo