I can't see any differences with the original advisory apart the title
tag with your website address.
What's the point at posting this on FD...?
2013/11/19 MustLive mustl...@websecurity.com.ua
Hello list!
I want to warn you about Denial of Service vulnerability in Internet
Explorer. This is
Freedom of speech and freedom of anonymous speech is protected by the first
amendment..
https://www.eff.org/issues/anonymity
2013/6/11 Philip Whitehouse phi...@whiuk.com
Seems like some people spend way to much time focusing on the second
amendment rather than the first one...
Well this
Why is the Prims program such a big deal today? Most of us knew about
echellon and the patriot act didnt we? This program was unconstinutional at
the first place and should have raised indignation when it was approved at
that time...
Seems like some people spend way to much time focusing on the
http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/
Finding the vulnerability in this code is left as an exercise to the reader.
PS: *Your comment will be awaiting moderation forever.*
___
Full-Disclosure - We believe in it.
it shouldn't be surprising, he's a
undergrad. But even most grad students make these sorts of mistakes...
academicware ;-)
Cheers,
Harry
On 03/05/2013 08:46 PM, laurent gaffie wrote:
http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/
Finding the vulnerability
In regards to the code exec;
Ever heard of whitelisting ?
Le 19 déc. 2012 14:39, security-n...@drupal.org a écrit :
View online: http://drupal.org/SA-CORE-2012-004
* Advisory ID: DRUPAL-SA-CORE-2012-004
* Project: Drupal core [1]
* Version: 6.x, 7.x
* Date: 2012-December-19
*
Hey Sparky,
One of the many many thing you didn't understand during the past 5 years is
that you should probably try to identify and fix your stuff on *your*
website, before spamming this ML with your crap.
cf:
http://www.zone-h.org/mirror/id/11367858
e-tard.
Not a google vuln.
Hunt down MSFT to pay for your bug.
Oh wait they dont pay for free research.. 0noz, you wont get any candy !
2011/1/27, IEhrepus 5up3r...@gmail.com:
Security is a general,Many security issues are composed of many
different vulnerabilities of different factory.
like
Send your shitty stuff to bugt...@securityfocus.com
If it's not obvious, no one give a shit here, seriously.
2011/1/27 MustLive mustl...@websecurity.com.ua
Hello list!
I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
Anti-automation and Abuse of Functionality
No sign at all he was crazy at the first place;
Question *could be* why is he supposed to be in a psyco hospital by now ?
Anyways, who is the source on that one ?
Who have a clue, and on what do we rely to have an opinion ?
_Blah_ we'll probably never know.
Sounds like classic stuff here.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Full-Disclosure!
I want to warn you about a Denial of Service in every browser finaly !!!
It actually affect every browser with a javascript engine build in !!!
Adobe may be vulnerable to
PoC :
html
headtitle0n0z/title/head
body
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry Mustlive,
i understand you need to see this in clear text finaly.
I guess ascii is the best to communicate with you;
Hello Full-Disclosure!
I want to warn you about a Denial of Service in every browser finaly !!!
It actually affect every
Should be kweel for UTesting
http://g-laurent.blogspot.com/2009/11/releasing-icmpv4ip-fuzzer-prototype.html
Enjoy.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Hell no
random.randrang - randrange(_) rtfm.
and yeah u'r welcome.
2009/11/23 Andrew Farmer andf...@gmail.com
On 22 Nov 2009, at 19:48, laurent gaffie wrote:
Should be kweel for UTesting
http://g-laurent.blogspot.com/2009/11/releasing-icmpv4ip-fuzzer-prototype.html
...
Dont forget
=
- Release date: November 11th, 2009
- Discovered by: Laurent Gaffié
- Severity: Medium/High
=
I. VULNERABILITY
-
Windows 7 * , Server 2008R2 Remote Kernel Crash
II. BACKGROUND
Bonjour Fionnbharr Davies!,
I'm glad to make your life easier with the shasum full path, really.
Regarding the Grossly misdiagnosed bug;
That's some funny words to describe one of the most difficult bug to exploit
in 2009 (http://seclists.org/dailydave/2009/q4/2)
Laurent
Bonjour!
Is this
For the record :
/usr/bin/shasum advisory.txt
9fefeeb9d3ebf7c6822961e59ae94cfb655bcd53 advisory.txt
Regards,
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
=
- Date: October 22th, 2009
- Discovered by: Laurent Gaffié
- Severity: Low
=
I. VULNERABILITY
-
Snort = 2.8.5 IPV6 Remote DoS
II. DESCRIPTION
-
A remote DoS
More explication on cve-2009-3103
http://g-laurent.blogspot.com/2009/10/more-explication-on-cve-2009-3103.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Advisory updated :
=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: High
=
I. VULNERABILITY
-
Windows Vista, Server 2008 R2, 7 RC :
SMB2.0 NEGOTIATE
=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: Medium/High
=
I. VULNERABILITY
-
Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
Nice find Kingcope,
As Thierry mentioned it, i guess it was a pain to find it, nice one as
always, your finding rocks.
Cheers
2009/8/31 r1d1nd1rty r1d1nd1...@hush.com
why would anyone write a 0day with...
# bug found exploited by Kingcope, kcope2atgooglemail.com
# Affects IIS6 with stack
=
- Release date: August 10th, 2009
- Discovered by: Laurent Gaffié
- Severity: Medium
=
I. VULNERABILITY
-
WordPress = 2.8.3 Remote admin reset password
II. BACKGROUND
wordpress/wordpress-mu = 2.8.3
Regards Laurent Gaffié
2009/8/10 laurent gaffie laurent.gaf...@gmail.com
=
- Release date: August 10th, 2009
- Discovered by: Laurent Gaffié
- Severity: Medium
=
I
On Mon, 10 Aug 2009, laurent gaffie wrote:
Errata:
V. BUSINESS IMPACT
-
An attacker could exploit this vulnerability to compromise the admin
account
of any wordpress/wordpress-mu = 2.8.3
--
V. BUSINESS IMPACT
-
An attacker
your admin access
in risk.
:-P to me , this vulnerability is more BUZZ then real deal. LOL
2009/8/10 laurent gaffie laurent.gaf...@gmail.com
Hi there,
This wasn't tested on the 2.7* branch.
It as been tested on the 2.8.* branch, with php 5.3.0 php 5.2.9 as an
Apache 2.2.12 module
Well, i dont think so, that's why i published this.
It very limitated.
It's true, someone can make a loop script and avoid any possibility to log
back on your wordpress blog, but you also can avoid that functionality
easily, you just need to comment out 1 line.
Anyways, a patch should come out
: http://preachsecurity.blogspot.com
- LinkedIn: http://www.linkedin.com/in/rmlos
- Twitter: http://twitter.com/RafalLos
*From:* laurent gaffie laurent.gaf...@gmail.com
*Sent:* Monday, August 10, 2009 9:09 PM
*To:* full-disclosure@lists.grok.org.uk
*Subject:* [Full-disclosure
Rafal M. Los
Security IT Risk Strategist
where ?
@home ?
oh boy.
2009/8/11 Rafal M. Los ra...@ishackingyou.com
Empty reply... on purpose or...?
.
Rafal
*From:* laurent gaffie laurent.gaf...@gmail.com
*Sent:* Monday, August 10, 2009 11:43 PM
*To:* Rafal M. Los ra
Dude, your email is more funny, than serious.
It's a pure troll.
What ever from now on.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
or put your admin
access in risk.
:-P to me , this vulnerability is more BUZZ then real deal. LOL
2009/8/10 laurent gaffie laurent.gaf...@gmail.com
Hi there,
This wasn't tested on the 2.7* branch.
It as been tested on the 2.8.* branch, with php 5.3.0 php 5.2.9 as
an
Apache
***this also affect any joomla! 1.5.* ***
2009/7/28 YGN Ethical Hacker Group (http://yehg.net) li...@yehg.net
==
TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple
Vulnerabilities
Hi there,
First of all i dont care about antisec, antisex, anti-sec, n3td3v trolls,
and anti-se*
But i'll be speaking only about FACTS :
You have to prove by A+B, that this man {who ever he is} was really behind
his computer while this crime was done, and that his computer wasn't
compromised by
First of all i dont care about antisec, antisex, anti-sec, n3td3v trolls,
and anti-se*
What's you dont understand in this ?
i dont freakin care about you, you're a waste of time.
2009/7/28 andrew.wallace andrew.wall...@rocketmail.com
Hi there,
Stop bringing my name into this or face
Ok? Well, then have a nice day and
don't hold your breathe waiting for the OpenSSH 0day. 0pen0wn.c
(http://www.nopaste.com/p/aDTdT5s1C) was it!
ya the hex encoded irc bot rm -rf ? :)
2009/7/20 the.defa...@hushmail.com
Hi,
My name is DeadlyData. I enjoy long walks on the beach, getting
Soulseek 157 NS 13e 156.* Remote Peer Search Code Execution
=
- Release date: July 02, 2009
- Discovered by: Laurent Gaffié ; http://g-laurent.blogspot.com/
- Severity: critical
=
I. VULNERABILITY
Hi WebDEVIL,
You base your PoC on this plugin (http://www.codeplex.com/msecdbg) for
windbg (as copy/pasted), but i wonder, what make you think it's really
exploitable (on quicktime) ?
Have you tried that PoC on Itunes ?
Itunes, use Quicktime as a module to read .mov files, but Itunes doesn't
have
-remote-distributed-search.html#comments
2009/5/25 Pete Licoln pete.lic...@gmail.com
Oh so you have a blog ...
http://g-laurent.blogspot.com/
2009/5/25 laurent gaffie laurent.gaf...@gmail.com
=
- Release date: May 24th, 2009
- Discovered
=
- Release date: May 24th, 2009
- Discovered by: Laurent Gaffié
- Severity: critical
=
I. VULNERABILITY
-
Soulseek 157 NS * 156.* Remote Distributed Search Code Execution
II.
Application: QuickTime = 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow
Web Site: http://www.apple.com/fr/quicktime/download/
Platform: Windows
Bug: Multiple Remote Stack Overflow
---
1) Introduction
2) Bug
3) Proof of concept
4)
40 matches
Mail list logo
