Let me just rephrase what I understood
me, I am != FD
Let's add some more facts the world didn't know yet:
FB != me && FB != you
you != me
he != you
people != individual
this != that
Is there anything else to add... did I miss something?
2011/5/1 satyam pujari :
> //Read the post again !
>
>
Hello MustStfu,
I want to warn you about a heavy inform security bug which is can be
found in of any linux distribution. also, one can if he has, then you
can exploit it on windows and mac os X.
For this type of attack, which i classify as a new bug category:
fapwhilereseach, you can log in with a
2010/9/25 MustLive :
> Affected products:
>
> All versions of CMS MYsite before last one where vulnerabilities were fixed
> (mostly).
Sorry... what? What is last one where vulns?
Mostly lesser?
>
> Timeline:
>
> 2010.06.29 - announced at my site and later informed developers of CMS.
Bad boy!
>
Hi MustLive,
I can not reproduce this on Firefox 3.6.8. When a test-application
with one line of code gives the redirect, then nothing happens.
No page with a "here" link and no alert and whatnot.
maybe it's just your proxy or so..
/site.php?redir=javascript:alert(document.cookie)
=> Result: A
2010/8/2 MustLive :
> Hello Full-Disclosure!
>
> I want to warn you about security vulnerabilities in WordPress which I
> published at 30.07.2010 during my Day of bugs in WordPress 2 project.
>
Awesome! Let's see what you got, here...
>
> So in common case, when name of database, prefix and date
Sorry, but since when is n3td3v A.K.A. Andrew Wallace the person that
goes by the name Weev?
Sure sign that *he is not* weev, is that n3td3v is still tweeting..
http://twitter.com/xploitable
http://sites.google.com/site/n3td3v/
Oh and by the way.. he's still lobbying against FD, as you can see he
2010/5/31 MustDie :
> On Mon, 31 May 2010 14:41:52 +0200
> "Jan G.B." wrote:
>>
>> Hi 1337 r3s34|2ch3|2,
>>
>> Yeah, you're right! Bash should analyse the bash script, given
>> parameters to programs and alike and then change the amount to a
&
2010/5/31 Jan G.B. :
> 2010/5/28 MustDie :
Oh fuck- I didn't even realize this wasn't MustLive. I just was
shocked that he came through my killfile.
So... sorry for my response to this quite funny mail. ;-)
___
Full-Disclosure - We
2010/5/28 MustDie :
> On Fri, 28 May 2010 16:02:50 +0300
> "MustLive" wrote:
>
>> Hello Full-Disclosure!
>>
>> I want to warn you about security vulnerabilities in different browsers.
>>
>> -
>> Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
>>
You may write a "proxy" that sits between your client and your
internal databroker which only allows some defined methods and params?
What else was the question?
Regards
2010/5/6, Ed Carp :
> Just for clarification, the business wants to put client-side
> Javascript on a customer-facing web site,
Thanks for presenting this up to date collection of bugs from the
years 2007 and 2008.
I appreciate it - adding you to my killfile, now.
2010/4/9 MustLive :
> Hello Full-Disclosure!
>
> Last month I wrote new article Anthology of attacks via captchas, for which
> I made English version yesterday
2010/4/9 :
> On Fri, 09 Apr 2010 15:49:58 +0200, "Jan G.B." said:
>
>> And where's the point in reporting several projects that use a -say-
>> library which has a reported problem? (I mean, you've send quite the
>> same mail with a different softwar
2010/4/9 MustLive :
> Hello Full-Disclosure!
>
Quoting the list charter: "Gratuitous advertisement, product
placement, or self-promotion is forbidden."
And where's the point in reporting several projects that use a -say-
library which has a reported problem? (I mean, you've send quite the
same ma
Hi FD,
let's face it: "Andrew Wallace" a.k.a. "netd3v", also appearing as "James O'
Hare" is back on the list.
We all know that the email address he used to use is banned. We also know
that our inboxes are filled with crap since he returned some weeks ago.
What can we do?
Not much. He showed us
2010/3/23 james o' hare
> On Tue, Mar 23, 2010 at 11:13 AM, Jan G.B.
> wrote:
> > Full disclosure is not a blog where you're supposed to paste news you may
> > find interesting.
> > We don't need a BBC echo here. So get (this) off the list.
> > Thank
Full disclosure is not a blog where you're supposed to paste news you may
find interesting.
We don't need a BBC echo here. So get (this) off the list.
Thanks
2010/3/21 james o' hare
> Google provides US intelligence agencies with a record of its search
> engine results, the state-run news agenc
2010/3/22 james o' hare
> On Mon, Mar 22, 2010 at 9:51 PM, Christian Sciberras
> wrote:
> > Or you should get a .edu or .gov like all of us have!
>
> If everyone post on their .edu, .gov you would alienate everyone else
> who doesn't have one.
>
> That's why its an *idea* for Valdis to jump on a
2010/3/22 james o' hare
> On Mon, Mar 22, 2010 at 6:35 PM, Jan G.B.
> wrote:
> > Now STFU dude and don't forget to PISS OFF.
> You're a bitter bitter person who contributes nothing to this list.
>
"STFU" means "not to say (/write) anything".
Now STFU dude and don't forget to PISS OFF. Take your friends with ya.
2010/3/22 james o' hare
> On Mon, Mar 22, 2010 at 2:10 PM, julian steward
> wrote:
> > Who's the cunt ass leaking bitch who didn't pre-heat that fucking oven
> > properly ?
>
> Please join funsec and talk shit there I'm sure
2010/3/18 james o' hare :
> On Wed, Mar 17, 2010 at 10:09 PM, David Alanis wrote:
>> So zero day exploits are being posted on Twitt?
>>
>> SDA
>
> Yes, that's why I said:
>
> On Mon, Mar 15, 2010 at 8:35 PM,
>> We need a proper unbiased unmoderated comprehensive
>> directory of security researcher
2010/3/16 james o' hare
> On Tue, Mar 16, 2010 at 12:06 PM, Jan G.B.
> wrote:
> > install your damn wiki on localhost.
>
> Did you think people were about to create systems for monitoring
> Twitter and invite the public to sign up, that would be suicide for a
> com
No one here wants to found a new group or whatever you try here.
just accept that you have been banned and stop that twitter nonsense.
shove that bird up your fat arse and install your damn wiki on localhost.
there you can have great discussions with other personalities..
my best wishes
btw: you
2010/3/4 james o' hare
>
> You had the chance
>
[...]
>
> Andrew
>
>
Andrew, "we" (as in 'we', the community) know we had the chance to keep you
here.
But (if at all), there were just a few people who were against banning you.
There are reasons for that.
Please accept it and keep your worthles
#x27;]) ?
$_GET['start_date'] : '-00-00');
$end = (preg_match('/^\\d{4}-\\d{2}-\\d{2}$/', $_GET['end_date']) ?
$_GET['end_date'] : '-00-00');
Regards
PS: That site loads now, but there's no email contact listed. Sad f
OK, well - before I get 1 replies: the question was a rhetoric one.
2010/3/1 Benji
> http://crowdfavorite.com/ loads fine here.
>
> On Mon, Mar 1, 2010 at 4:03 PM, Jan G.B. wrote:
>
>> Hi there,
>>
>> I just noticed that authenticated users for the admin a
Hi there,
I just noticed that authenticated users for the admin area of a wordpress
blog may inject code into database queries, when the plugin "Analytics360"
is activated.
### BASIC INFORMATION ###
Plugin Name: Analytics360
Plugin URI:
http://www.mailchimp.com/wordpress_analytics_plugin/?pid=wo
What you see is not an issue or error. It is, what the application is
supposed to do.
* As you can see, these requests are not the same.
* Thinking about muiltiple POST requests on WP-Login or your "logs" below,
you could have guessed in the first place that the app is either trying
multiple Login
May I call your attention on this:
http://images.google.de/images?sourceid=chrome&q=arguing+on+the+internet ?
Regards
2009/12/16 Christian Sciberras
> I don't recall insulting anyone. How does that count as a "personal
> attack" to anyone?
> Regards,
> Christian Sciberras.
>
> On Wed, Dec 16, 2
is probably the last you'll see of the real n3td3v because there is
> sure to be a contract killer out to silence me.
>
Take care. (And don't forget the meds)
> I am saving the world [...]
This is serious the political elite are planning a cyber-event and it seems
> nobody
2009/11/19 kaibelf
> List,
>
> It has come to my attention that my client is being impersonated.
>
>
Your false statements doesn't revert the truth. He was trolling. The rest is
not of interest.
___
Full-Disclosure - We believe in it.
Charter: http://li
2009/10/15 Justin Klein Keane
> Drupal 6.14 with Site map 6.x-1.1 was tested and shown to be vulnerable.
[...]
> The Site map module contains a cross site scripting vulnerability
> because it does not properly sanitize output of titles before display.
>
[...]
> To carry out a Site map based XSS
Not that I think this is serious, but I like if, when the first thing a
include file does is to check if a defined term *is* defined.
Filenames can change. a definer like INCLUDE_DIR would rather not.
2009/9/29 Fernando A. Lagos B.
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Glafkos
2009/9/16 Lane Christiansen
> On Tuesday 15 September 2009 09:09:41 am Jan G.B. wrote:
> > 2009/9/14 Rohit Patnaik
> >
> > > We know that the FBI and the CIA can't even catch Osama bin Laden in
> > > Pakistan. Do you really think they're going
2009/9/14 Rohit Patnaik
> We know that the FBI and the CIA can't even catch Osama bin Laden in
> Pakistan. Do you really think they're going to bother with small-time
> credit card skimmers?
>
> --Rohit Patnaik
>
>
Rohit, we all know that the FBI was never interested in catching Osama bin
Laden.
Your advisory layout is teh shit. you're so great - you invented it..
everyone, bow down and kiss his feet. a new god raised out of
nowhere!!! omfg I'm part of it.
2009/6/23 Adriel T. Desautels
> SNOsoft - Blosoft - GLOsoft - Awesome!
>
> Normally we wouldn't give an iota of attention to t
2009/5/7 Mark Sec :
> Well, Im looking info:
>
> 1) See all the traffic (Over botnet)
> 2) Administering many slaves (Lab) with the master (lab) via IRC, web,
> etc...
> 3) Probe attacks DDoS and DoS (Lab)
> 4) Probe remote and Local Exploits
> 5) Infected via remote , exploit, XSS etc.
>
> any1 ?
hmm, I'm jealous: where can we get this time-travel machine?
2009/4/2 Thierry Zoller :
> 13/03/2009 : Clamav responds that the bug is reproducible and will be
> fixed in 0.95 to be released the 23/03/2009
> 23/05/2009 : Asked clamav if the release was made and if credit was
>
Hi Andres,
thanks for your Ideas.
2009/3/31 Andres Riancho :
> Jan,
>
> On Tue, Mar 31, 2009 at 11:30 AM, Jan G.B. wrote:
>> Hi there,
>>
>> I've noticed that some weird requests are showing up in the error logs
>> of one of my apache webservers.
>>
Hi there,
I've noticed that some weird requests are showing up in the error logs
of one of my apache webservers.
The requests seem to have the following in common:
* GET Request on some random alphanumeric string like "GET /hDMe9NS"
* Referer has some randomized, invalid URL like
http://www.kSJn3
Yes, IT IS funny. I was thinking the same after reading the subject alone. ;-)
2009/3/26 Nam Nguyen :
> On Thu, 26 Mar 2009 12:30:16 +
> James Rankin wrote:
>
>> try n3td3v
>
> hah hah. very funny.
>
> cheers
> nam
>
>>
>> 2009/3/26 Nam Nguyen
>>
>> > Hi list
>> >
>> > We were alerted of a
2009/3/24 ascii :
> Pete Licoln wrote:
>> It's just a browser based Js redirection
>>
> http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://whatismyip.com
>
> and what makes it worst than an http redirection?
>
> http://www.nvidia.com/content/DriverDownload/dow
Cryptographp - a `free` captcha script
I contacted the author on 2009-02-11 via e-mail but I did not get a response.
I feel the need users of that script should be aware of such a bug.
The main include of that script has the following PHP code:
#
if (is_file($_GET['cfg']) and dirname($_GET['
2009/1/23 andrew.wallace :
> Though he
> propagandas against n3td3v constantly to turn the world against me or
> something.
There's no need for anyone to do this as you keep doing it yourself.
YOU ARE RESPONSIBLE FOR YOURSELF YOU FUCKING MORON. PEOPLE DISRESPECT
YOU BECAUSE OF YOUR OWN POSTINGS!
2009/1/22 andrew.wallace :
> Now that President Obama has been sworn in,
> This is your chance to speak to the new administration in Washington,
> what you say here *will* make a difference.
> Let the community know your thoughts.
> Andrew
FDs pupose isn't "DISCUSS YOUR OPINIONS".
I urge you to fo
2009/1/19 andrew. wallace :
> On Mon, Jan 19, 2009 at 7:23 PM, Prototype This wrote:
>> Shut the fuck up. It you who trashed this mailing list ,
>
> No it was one abusive person who didn't like me who trashed it!
>
Repeating a lie doesn't make it true.
> Let's get back to business.
You made tha
2009/1/19 andrew. wallace :
> I'm calling for the closure of political threads on full-disclosure so
> we can get back to business.
>
> Andrew
How hilarious - to hear that request from the most annoying OT poster ever seen.
Or wait - what did you mean with ''going back to business'' - posting
news
2009/1/14 andrew. wallace :
> If "cyber war" is just web site defacement then I don't think we ever
> need to take "cyber war" too seriously.
>
> It seems to me that "cyber war" just means protesters protesting and
> no actual cyber war is there, as a cyber war would mean two sides
> fighting, alth
stop arguing. that topic was discussed by dumbfuck lateley and there
was no insight or whatever.
just yellings.. "no, there is no such thing. meh I r teh MI5 - I know
it better and I know it's name"
now stop feeding?
2009/1/14 Costel Lupoaie :
> I' no expert in security but the first thing that I
2009/1/11 andrew. wallace :
>
> Trolls target people they know they can get a reaction out of thats
> why
you are here.
You made it again - another reply ;)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-char
At least I'm not an alias.
I just couldn't hold back any longer after reading your bullshit for month.
2009/1/9 n3td3v :
> On Fri, Jan 9, 2009 at 4:07 PM, j-f sentier wrote:
>> Ya well, 3/4 of this list doesn't like you at all
>
> A few aliases who have never talked about security you mean and ju
2009/1/6 n3td3v :
> I didn't think either three of you could come up with an intellectual
> reply thats on-topic with the thread, that would be asking too much
> from the usual clowns who follow me around.
I don't think that your post is on topic of this list. And I don't
think anyone is following
2009/1/6 Mark Andrews :
>
> In message <8a6b8e350901060333m75f10c89q1892d65370c29...@mail.gmail.com>,
> "Jame
> s Matthews" writes:
>
>> Full Disclosure is like free speech. We cannot have moderation if we want to
>> have freedom on the list. Thats life.
>
>But is expected that list member
52 matches
Mail list logo