grep -r ACIDBITCHES *
This code has two very obvious detection bypass vulnerabilities:
1) It fails to scan dotfiles in the starting directory,
2) It can be tricked into not producing any output by creating a file
named -q in the starting dir.
Let me fire up my vulnerability research
Why dear, it's my penis.
On 02/12/2010 22:49, dave b wrote:
On 3 December 2010 08:11, Cal Leeming [Simplicity Media Ltd]
cal.leem...@simplicitymedialtd.co.uk wrote:
Is this a joke? :|
No I am 12 and what is this !
___
Full-Disclosure - We believe
I NEED AN ADULT
--Original Message--
From: Cal Leeming [Simplicity Media Ltd]
Sender: full-disclosure-boun...@lists.grok.org.uk
To: dave b
Cc: full-disclosure@lists.grok.org.uk
Cc: vulns...@hushmail.com
ReplyTo: cal.leem...@simplicitymedialtd.co.uk
Subject: Re: [Full-disclosure] New
It seems to be fairly well known that there are multiple unpatched
CSRF vulnerabilities in the administration interfaces for various
Linksys routers. Since the initial reports of these are from a few
years ago, and since some exploits are available, I have written
additional proof of concept
Any Exploit available for below description
DNS: Pointer Loop
This protocol anomaly is a DNS message with a set of DNS pointers that form
a loop. This may indicate a denial-of-service (DoS) attempt. This entry may
also trigger on non-DNS traffic transiting port 53, such as Peer to Peer,
Chat,
Curious.. Any POC code yet?
On 03/12/2010 16:36, Srinivas Naik wrote:
Any Exploit available for below description
DNS: Pointer Loop
This protocol anomaly is a DNS message with a set of DNS pointers that
form a loop. This may indicate a denial-of-service (DoS) attempt. This
entry may
Full Disclosure Members,
Does anyone have a valid contact email address for reporting application
vulnerabilities to ESRI GIS (www.esri.com)?
Thank you,
-
StenoPlasma at ExploitDevelopment.com
www.ExploitDevelopment.com
* Srinivas Naik:
A DNS packet with a pointer loop is a protocol anomaly which some programs
may not handle gracefully.
Try this:
00 00 00 00 00 01 00 00 00 00 00 00 C0 0C
--
Florian Weimerfwei...@bfk.de
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100
On Fri, Dec 3, 2010 at 11:15 AM, StenoPlasma @ ExploitDevelopment
stenopla...@exploitdevelopment.com wrote:
Does anyone have a valid contact email address for reporting application
vulnerabilities to ESRI GIS (www.esri.com)?
From RFC 2142, secur...@esri.com. From the WHOIS database, the
Have you the Contact Us section on the website? They have links to both
customer service and technical support. That might be a good place to start.
t
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
On Fri, Dec 3, 2010 at 11:59 AM, Thor (Hammer of God)
t...@hammerofgod.com wrote:
Have you the Contact Us section on the website? They have
links to both customer service and technical support. That might
be a good place to start.
Using the website (and hence their web submittal forms)
Jump through hoops? The customer service link is a simple submit form. It
also has a phone number. It also has a customer feedback submit form. No
acceptance of terms required (not that it would matter anyway). And I think
you completely understand what my point is... :)
t
-Original
Hello Full-Disclosure!
I want to warn you about Cross-Site Scripting, Insufficient Anti-automation
and Full path disclosure vulnerabilities in plugin Register Plus Redux for
WordPress. Register Plus Redux is a fork of plugin Register Plus.
-
Affected products:
ESRI support typically does not speak to people unless you have a support
contract. Historically they can be hard to contact even as a Site License
admin.
Let me know if you need any help.
-KF
On Dec 3, 2010, at 12:18 PM, Thor (Hammer of God) wrote:
Jump through hoops? The customer service
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
All,
Thanks for the input. I went to this list for help because ESRI support
has been non-responsive to outsiders.
Thanks!
-
StenoPlasma at ExploitDevelopment.com
www.ExploitDevelopment.com
TPTI-10-16: VMWare VMnc Codec Frame Decompression Remote Code Execution
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-16
December 3, 2010
-- CVE ID:
CVE-2010-4294
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
VMWare, Inc.
-- Affected Products:
VMWare, Inc.
On Fri, Dec 3, 2010 at 1:05 PM, StenoPlasma @ ExploitDevelopment
stenopla...@exploitdevelopment.com wrote:
All,
Thanks for the input. I went to this list for help because ESRI support
has been non-responsive to outsiders.
Quod erat demonstrandum
Original Message
From: KF
Hi All,
I'm looking for some stats on STUXNET. Specifically, if you've been
hosting a website or blog that contains information about STUXNET, have you
been receiving many hits from IRAN? If you can help please do, it would be
very much appreciated.
Simon Smith
Mus uni non fidit antro.
-Original Message-
From: Jeffrey Walton [mailto:noloa...@gmail.com]
Sent: Friday, December 03, 2010 10:24 AM
To: stenopla...@exploitdevelopment.com
Cc: KF (lists); Thor (Hammer of God); full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:247
http://www.mandriva.com/security/
I have been appropriately chastised offline for being an ass when a researcher
was simply doing their due diligence in obtaining contact info. My apologies.
t
-Original Message-
From: Thor (Hammer of God)
Sent: Friday, December 03, 2010 11:00 AM
To: 'noloa...@gmail.com';
Mak,
Network Miner is a Windows tool that can pull a lot of information from
pcap files. It gives you a list of hosts, known information about them
(open ports, OS, etc), and also extracts files and text from the capture.
http://networkminer.sourceforge.net/
~Robin
Hi All,
I was wondering if
http://sourceforge.net/apps/mediawiki/watobo/index.php?title=Main_Page
2010/12/3 Robin ro...@rbsec.net:
Mak,
Network Miner is a Windows tool that can pull a lot of information from
pcap files. It gives you a list of hosts, known information about them
(open ports, OS, etc), and also
Thanks for the input Mr. Weimer
I am planning to trigger this exploit and wandering how to construct such a
packet.
Ultimate goal is to make a client request which can cause this effect. If
possible, scripting ideas would be helpful.
Cheers,
Naik
On Fri, Dec 3, 2010 at 10:22 PM, Florian Weimer
25 matches
Mail list logo