Re: [Full-disclosure] MS13-102: NtConnectPort() LPC

1. Impersonate the server 2. you can use com's callback , ConnectionPoint. Date: Sun, 15 Dec 2013 03:16:02 +1100 Subject: MS13-102: NtConnectPort() LPC From: rhysk...@gmail.com To: yuanrengu...@360.cn; yuange1...@hotmail.com; yuange1...@139.com Hi Yuan, Good find for the NtConnectPort() Maximum

[Full-disclosure] URL Redirector Abuse and XSS vulnerabilities in WordPress

Hello list! As I've announced earlier (http://seclists.org/fulldisclosure/2013/Nov/219), I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes (they were placed at my site for your attention). And this is translation of

[Full-disclosure] Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities

Document Title: === Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1172 Release Date: = 2013-12-19 Vulnerability Laboratory ID (VL-ID): ==

[Full-disclosure] [SECURITY] [DSA 2824-1] curl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2824-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 19, 2013

[Full-disclosure] [ MDVSA-2013:295 ] gnupg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:295 http://www.mandriva.com/en/support/security/ __

Re: [Full-disclosure] [CVE-2013-6986] Insecure Data Storage in Subway Ordering

Hello, I'm on your side. You are right in both how you are handling the case and you conclusion. They failed in a few business aspects, thus responsible for outcome. After all, legal side of our work is not less important than IT and InfoSec technologies we use. Good luck Mikhail Utin, CISSP,

[Full-disclosure] Apache Santuario security advisory CVE-2013-4517 released

A new security advisory CVE-2013-4517 has been released for the Apache Santuario project. Full details are available here: http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com ___

[Full-disclosure] XSS in HP Operations Orchestration Central version 9.06

Name: XSS in HP Operations Orchestration Central version 9.06 Systems Affected: HP Operations Orchestration version 9.06 Severity: High Vendor: Hewlett-Packard References: CVE-2013-6191, CVE-2013-6192, SSRT101342 Author: Bart Leppens Date: 20130919 I. BACKGROUND HP Operations Orchestratio

[Full-disclosure] [SECURITY] [DSA 2821-1] gnupg security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2821-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst December 18, 2013