-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello to everyone,
I want to report the follow question with Cisco DPC2420 Cablemodem
router used by many ISP's around the world.
Bests.
- -
##
## - DPC2420 Multiple
history.cgi is vulnerable to a buffer overflow due to the use of
sprintf with user supplied data that has not been restricted in size.
This vulnerability does not appear to be exploitable on the majority
of systems (due to stack cookies, the NX bit, etc).
In the process_cgivars function:
Any.Do transmits Passwords in plaintext.
==
Some of you may be interested to know that the Task Management and TODO-list
Application, Any.Do, happily transmits your password and just about everything
else in plaintext.
They were even so kind to include a README.md documenting exactly this
Hi list,
i tried to contact google, but as they didn't answer my email, i do forward
this to FD.
This security feature is not cleary a google vulnerability, but exposes
websites informations that are not really intended to be public.
(Additionally i have to say that i advocate robots.txt
In Deep Web has created a new online site a few days ago that allows you
to sell even exploits, malware, etc. etc..
The site works like Ebay so everything is auctioned.
you can get from tor: http://qatuopo4wmzkirlo.onion
Or by proxy (tor2web): https://qatuopo4wmzkirlo.tor2web.org
On 2012-12-10 12:25, Hurgel Bumpf wrote:
Hi list,
i tried to contact google, but as they didn't answer my email, i do
forward this to FD.
This security feature is not cleary a google vulnerability, but
exposes websites informations that are not really intended to be
public.
Hey,
Here is an example:
An admin has a public webservice running with folders containing
sensitive informations. Enter these folders in his robots.txt and
protect them from the indexing process of spiders. As he doesn't
want the /admin/ gui to appear in the search results he also