http://profile.ak.fbcdn.net/v229/1642/63/n680245330_5800.jpg
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On Mon, 31 May 2010 14:41:52 +0200
Jan G.B. ro0ot.w...@googlemail.com wrote:
Hi 1337 r3s34|2ch3|2,
Yeah, you're right! Bash should analyse the bash script, given
parameters to programs and alike and then change the amount to a
reasonable value of 1 decimals.
Btw - have you yet
Hi!
If you really want to go further you can read the Adobe PDF
documentation, I think you can find almost everything about it:
http://www.adobe.com/devnet/pdf/pdf_reference_archive.html
Cheers!
El 31/05/10 13:55, rajendra prasad escribió:
Hi List,
I am trying to understand the latest pdf
You should also mention:
- remote / local file inclusion
- directory traversal
- privilege escalation
greets
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Hello
I'm doing a test and I obtained a copy of the web.config file, the
interesting is that there is a line like that add key=PasswordFile
value=C:\Inetpub\site\Users.acl / this called my attention to be
on the inetpub folder and I was able to download it.
It's with base64, when decoding it is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jan Schejbal wrote:
PuTTY, a SSH client for Windows, requests the passphrase to the ssh key in the
console window used for the connection. This could allow a malicious server to
gain access to a user's passphrase by spoofing that prompt
That
Hi List,
I am putting my thoughts on this, please share your thoughts, comments.
Request length is less than the response length.So, processing small amount
of data is better than of processing bulk data. Response may have encrypted
data. Buffering all the client-server transactions and
Hi List,
For Top 25 Software Vulnerabilities, please have a look at
http://cwe.mitre.org/top25/archive/2010/2010_cwe_sans_top25.pdf. I feel this
categorization will help professionals as a check list for finding the
vulnerabilities of a software.
Thanks
Rajendra
You should make a show about it.
On Tue, Jun 1, 2010 at 6:07 AM, Rob Fuller jd.mu...@gmail.com wrote:
Couldn't this also be thwarted by having a MOTD? It generally displays
before the bashrc if I'm not mistaken.
--
Rob Fuller | Mubix
Room362.com | Hak5.org
On Mon, May 31, 2010 at 8:47
Wouldn't you if you were bubba's boytoy in the can?
Fra: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] På vegne af PsychoBilly
Sendt: 1. juni 2010 10:21
Til: full-disclosure@lists.grok.org.uk
Emne: [Full-disclosure] The_UT is repenting
Anders - i'm very sorry, you must of confused this mailing list with
astalavista forums. Please go away... or kill yourself, whichever you
prefer.. and in the interest of full-disclosure, I have my fingers
crossed for the latter :)
Thanks.
On Jun 1, 2010, at 2:47 AM, Jan Schejbal wrote:
PuTTY, a SSH client for Windows, requests the passphrase to the ssh key in
the console window used for the connection. This could allow a malicious
server to gain access to a user's passphrase by spoofing that prompt.
We assume that the
You're missing one point: Host IPS MUST be deployed with any Network
Security (Firewalls os NIPSs).
No security solution/technology is the miracle protection alone, so
that's the reason everybody is talking about defense in depth.
Cheers.
Nelson Brito
Security Researcher
Hello Full-Disclosure!
I want to warn you about Denial of Service vulnerability in Internet
Explorer. Which I already disclosed at my site in 2008 (at 29.09.2008). But
recently I made new tests concerning this vulnerability, so I decided to
remind you about it.
I know this vulnerability for a
Hi List,
I have started this discussion with respect to Network IPS.
Thanks
Rajendra
On Tue, Jun 1, 2010 at 1:08 PM, rajendra prasad
rajendra.paln...@gmail.comwrote:
Hi List,
I am putting my thoughts on this, please share your thoughts, comments.
Request length is less than the response
Nelson,
You're missing one point: Host IPS MUST be deployed with any Network
Security (Firewalls os NIPSs).
Please be aware this is a risk decision and not a fact. I don't use an host IPS
and no anti Virus either. Still I'm sure my laptop is perfectly safe. This is
because I do critical
Okay, but why did you mention AV as a client-side protection?
It leads to a discussion about client-side protection, anyways.
Cheers.
Nelson Brito
Security Researcher
http://fnstenv.blogspot.com/
Please, help me to develop the ENG® SQL Fingerprint™ downloading it
from Google Code
Comments are inline!
Nelson Brito
Security Researcher
http://fnstenv.blogspot.com/
Please, help me to develop the ENG® SQL Fingerprint™ downloading it
from Google Code (http://code.google.com/p/mssqlfp/) or from
Sourceforge (https://sourceforge.net/projects/mssqlfp/).
Sent on an iPhone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Full-Disclosure!
I want to warn you about a Denial of Service in every browser finaly !!!
It actually affect every browser with a javascript engine build in !!!
Adobe may be vulnerable to
PoC :
html
headtitle0n0z/title/head
body
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry Mustlive,
i understand you need to see this in clear text finaly.
I guess ascii is the best to communicate with you;
Hello Full-Disclosure!
I want to warn you about a Denial of Service in every browser finaly !!!
It actually affect every
Nelson,
I put my comments inline as well
Regards, Cor
...snip...
Nelson,
You're missing one point: Host IPS MUST be deployed with any Network
Security (Firewalls os NIPSs).
Please be aware this is a risk decision and not a fact. I don't use
an host IPS and no anti Virus either.
This had already been published
http://www.pewy.fr/hamster.html
Cluster #[[ Laurent Gaffie ]] possibly emitted,
@Time [[ 01/06/2010 16:00 ]] The Following #String **
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry Mustlive,
i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear colleague,
We are proud to announce the release of Onapsis Bizploit, the first opensource
ERP Penetration Testing framework.
Presented at the renowned HITB Dubai security conference, Bizploit is expected
to provide the security community with
I don't think UT is anyone's 'boy toy.' The guy is massive.
I'm sure he'll meet all kinds of experienced scam artists and criminals and
learn all sorts of neat things for use when he gets out.
-Travis
On Tue, Jun 1, 2010 at 6:13 AM, Anders Klixbull a...@experian.dk wrote:
I'm so sorry that
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
ZDI-10-090: Novell ZENworks Configuration Management Preboot Service Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-090
June 1, 2010
-- Affected Vendors:
Novell
-- Affected Products:
Novell Zenworks
-- TippingPoint(TM) IPS Customer Protection:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
33 matches
Mail list logo