[Full-disclosure] IS-2010-006 - D-Link DAP-1160 formFilter buffer overflow

Security Advisory IS-2010-006 - D-Link DAP-1160 formFilter buffer overflow Advisory Information Published: 2010-07-14 Updated: 2010-07-14 Manufacturer: D-Link Model: DAP-1160 Firmware version: 1.20b06 1.30b10 1.31b01 Vulnerability Details

[Full-disclosure] DDoS attacks via other sites execution tool (DAVOSET)

Hello participants of Full-Disclosure! Last month I told you about my article Using of the sites for attacks on other sites (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html). In which I wrote particularly about creating of botnet from zombie-servers (which is a new type

Re: [Full-disclosure] DDoS attacks via other sites execution tool (DAVOSET)

On Jul 14, 2010, at 6:28 PM, MustLive wrote: In which I wrote particularly about creating of botnet from zombie-servers (which is a new type of botnets). A more appropriate name for this sort of attack might be an 'application reflection attack', as it's similar in concept to making use of

Re: [Full-disclosure] Google auto redirect

come on what's funny about encoding a url? you don't see this as a vuln? REALLY geez peace... From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Marshall Whittaker Sent: 13 July 2010 21:17 To:

[Full-disclosure] PR09-16: Juniper Secure Access series (Juniper IVE) Cross-Site Scripting Vulnerability

PR09-16: Juniper Secure Access series (Juniper IVE) XSS Vulnerability found: 12th October 2009 Severity: Medium (Script injection) Description: There is a Cross-site Scripting vulnerability on Juniper, IVE web interface. Procheckup has found by making a malformed request to the IVE Web

Re: [Full-disclosure] Google auto redirect

did you actually try the link? cause it worked for me... On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie eddie.mcg...@ncr.comwrote: come on what's funny about encoding a url? you don't see this as a vuln? REALLY geez peace... -- *From:*

Re: [Full-disclosure] Google auto redirect

In fact, open redirect is considered a vulnerability commonly involved in phishing attacks. http://www.owasp.org/index.php/Open_redirect On Wed, Jul 14, 2010 at 6:03 PM, Mario Vilas mvi...@gmail.com wrote: did you actually try the link? cause it worked for me... On Wed, Jul 14, 2010 at 12:14

Re: [Full-disclosure] Google auto redirect

On Wed, Jul 14, 2010 at 10:19 AM, Juan Galiana jgali...@gmail.com wrote: In fact, open redirect is considered a vulnerability commonly involved in phishing attacks. by people who have a cursory but non-thorough understanding of security. http://scarybeastsecurity.blogspot.com/ To be

Re: [Full-disclosure] Google auto redirect

On Wed, Jul 14, 2010 at 10:32 AM, Chris Evans scarybea...@gmail.com wrote: On Wed, Jul 14, 2010 at 10:19 AM, Juan Galiana jgali...@gmail.com wrote: In fact, open redirect is considered a vulnerability commonly involved in phishing attacks. by people who have a cursory but non-thorough

[Full-disclosure] [ MDVSA-2010:132 ] python

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:132 http://www.mandriva.com/security/

[Full-disclosure] Outlook PR_ATTACH_METHOD file execution vulnerability

Outlook PR_ATTACH_METHOD file execution vulnerability Yorick Koster, October 2009

Re: [Full-disclosure] Google auto redirect

sure you've probably all already worked this out, but if not * search?q=%79%61%68%6F%6F* searches for yahoo and * btnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79* tells google you're feeling lucky. safe. On Wed, Jul 14, 2010 at 10:14 AM, McGhee, Eddie eddie.mcg...@ncr.comwrote:

[Full-disclosure] Pwnie Awards 2010

The Pwnie Awards ceremony will return for the fourth consecutive year to the BlackHat USA conference in Las Vegas. The award ceremony will take place during the BlackHat reception on Thr, July 29, 2010. The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of

[Full-disclosure] [SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2070-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 14, 2010

[Full-disclosure] [SECURITY] [DSA 2071-1] New libmikmod packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2071-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 14, 2010

[Full-disclosure] Drupal OG Menu Module XSS Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OG Menu 6.x-2.0 XSS Vulnerability CVE-2010-1747 This disclosure has also been posted at http://madirish.net/?article=467 Description of Vulnerability: - - Drupal (http://drupal.org) is a robust content management system

Re: [Full-disclosure] ZDI-10-121: Command Injection Remote Code Execution Vulnerability

Is the affected product Secure Backup accidentally missing from the subject line and the advisory title, i.e. the correct title is Oracle Secure Backup Administration selector Command Injection Remote Code Execution Vulnerability? Juha-Matti ZDI Disclosures [zdi-disclosu...@tippingpoint.com]