[Full-disclosure] [ISecAuditors Security Advisories] Insecure Direct Object Reference in tuenti.com allow to read of any message user

2010-09-22 Thread ISecAuditors Security Advisories
= INTERNET SECURITY AUDITORS ALERT 2010-008 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4/10 (CVSSv2 Base Scored) = I.

[Full-disclosure] [ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail v6.2.0

2010-09-22 Thread ISecAuditors Security Advisories
= INTERNET SECURITY AUDITORS ALERT 2010-009 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 (CVSSv2 Base Scored) = I.

[Full-disclosure] monitoring the media monitors for fun and profit!

2010-09-22 Thread omfgomfg
monitoring the media monitors for fun and profit! http://www.robtex.com/ip/64.38.235.186.html http://www.robtex.com/ip/64.38.235.189.html http://www.robtex.com/ip/173.201.177.83.html http://www.robtex.com/dns/ns01.fiberconnexion.com.html#shared CLASSY STUFF:

Re: [Full-disclosure] monitoring the media monitors for fun and profit!

2010-09-22 Thread Benji
what On Tue, Sep 21, 2010 at 7:25 PM, omfgo...@hushmail.com wrote: monitoring the media monitors for fun and profit! http://www.robtex.com/ip/64.38.235.186.html http://www.robtex.com/ip/64.38.235.189.html http://www.robtex.com/ip/173.201.177.83.html

Re: [Full-disclosure] Freepbx

2010-09-22 Thread Tyler Borland
Hello Marsh, I had found one of the previous holes. http://seclists.org/fulldisclosure/2010/Jul/180 Don't forget to check out the includes for that file. http://www.freepbx.org/trac/browser/freepbx/trunk/amp_conf/htdocs/admin/cdr/lib/defines.php?rev=10274 On Tue, Sep 21, 2010 at 3:33 PM, Marsh

Re: [Full-disclosure] Freepbx

2010-09-22 Thread Marsh Ray
On 09/22/2010 11:17 AM, Tyler Borland wrote: Hello Marsh, I had found one of the previous holes. http://seclists.org/fulldisclosure/2010/Jul/180 Yep. After having seen that, I figured that people actually would be interested in bugs in this codebase. So I posted here. Don't forget to check

[Full-disclosure] Cisco Security Advisory: Cisco IOS SSL VPN Vulnerability

2010-09-22 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS SSL VPN Vulnerability Advisory ID: cisco-sa-20100922-sslvpn http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml Revision 1.0 For Public Release 2010 September 22 1600 UTC (GMT

[Full-disclosure] Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities

2010-09-22 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20100922-cucmsip http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucmsip.shtml Revision 1.0 For Public Release 2010

[Full-disclosure] [ MDVSA-2010:187 ] squid

2010-09-22 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:187 http://www.mandriva.com/security/