-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2156-1 secur...@debian.org
http://www.debian.org/security/ Steve Kemp
January 31, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-2153-1 secur...@debian.org
http://www.debian.org/security/ dann frazier
January 30, 2011
With the latest autocomplete google search feature filtering torrent keywords,
what happens when illegal data is split into many pieces and Google caches them.
If the site hosting the illegal data is forced to remove it, what about google?
The original file can still be reassembled from the
Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
TSL ID: FSC20100727-01
1. Affected Software
Symantec Antivirus Corporate Edition 10.1.8.8000 and possibly prior
Symantec System Center 10.1.8.8000 and possibly prior
Reference:
Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow
TSL ID: FSC20110125-06
1. Affected Software
Novell ZENworks Handheld Management 7.0
Reference: http://www.novell.com/products/zenworks/handhelds
2. Vulnerability Summary
A buffer overflow vulnerability exists in Novell
Symantec Antivirus Intel Alert Handler Service Denial of Service
TSL ID: FSC20101213-06
1. Affected Software
Symantec Antivirus Corporate Edition 10.1.8.8000 and possibly prior
Symantec System Center 10.1.8.8000 and possibly prior
Reference:
CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache CouchDB 0.8.0 to 1.0.1
Description:
Apache CouchDB versions prior to version 1.0.2 are vulnerable to
cross site scripting (XSS) attacks.
Mitigation:
Yeah I got a mail from them stating the db's have been compromised, they're
doing password resets.
Sal Rinder
Date: Fri, 28 Jan 2011 10:23:25 +0100
From: extraexpl...@gmail.com
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] sourceforge entry point seems still active.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2154-1 secur...@debian.org
http://www.debian.org/security/ Stefan Fritsch
January 30, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2154-2 secur...@debian.org
http://www.debian.org/security/ Stefan Fritsch
January 30, 2011
Hey,
I've tried reporting issues to Harvard University tons of times in the past
but they rarely respond and even more rarely commend researchers for finding
vulnerabilities so I decided that full-disclosure was the way to get Harvard
off of their crimson asses and patch this vulnerability.
PoC
Hello list,
Stumbled across this today. It appears Excel spreadsheets store
printer information including the PIN you might use when trying to do
a secure print.
http://insecureprinting.com/Microsoft_Excel_Spreadsheets_Expose_User_PIN_Used_for_Confidential_Secure_Printing.pdf
The paper is
*claps*
On Mon, Jan 31, 2011 at 12:22 AM, Hack Talk hacktalkb...@gmail.com wrote:
Hey,
I've tried reporting issues to Harvard University tons of times in the past
but they rarely respond and even more rarely commend researchers for finding
vulnerabilities so I decided that full-disclosure
I know there's been posts in the passed about honeypot related issues.
I just wanted to share one of the more fun sessions I've had until
today.
http://george.hedfors.com/content/worlds-worst-hacker
--
George Hedfors
http://www.linkedin.com/in/georgehedfors
PGP: 0xE2AE9749/66C3 1A01 240F 3AF4
This is so funny, almost laughed my ass off :)
Enjoy!
Hello all,
I am sitting on a plane as I type this in flight some place between
SFO (San Francisco) and JFK (New York). I am not flying economy as
this is a work trip and I have laptops and other things sprawled
all over the place in my
Wtf, I've never heard heard of a 'secure' print :S
On Mon, Jan 31, 2011 at 8:01 AM, Ed Murphy ed.b.mur...@gmail.com wrote:
Hello list,
Stumbled across this today. It appears Excel spreadsheets store
printer information including the PIN you might use when trying to do
a secure print.
from http://www.gogoinflight.com/gogo/content/FAQ_Service.do
also noteworthy that the privacy policy link is broken:
http://www.gogoinflight.com/gbp/privacy.do
snip
Is it safe to use Wi-Fi in flight?
Passenger security and safety is of utmost importance to Gogo. Before
allowing our service to
HAHA that made my day. Thanks for sharing...
On Sat, Jan 29, 2011 at 8:03 AM, George Hedfors
george.hedf...@gmail.com wrote:
I know there's been posts in the passed about honeypot related issues.
I just wanted to share one of the more fun sessions I've had until
today.
I am truly amazed. He was actually HIRED by someone who is paying travel
expenses? Wonders never cease.
He's probably trying to merge his Vulnerability Prediction System with
Getting Off the Patch. You know, I wouldn't be surprised.
t
-Original Message-
From:
How about you fuck off and go listen to more Bright Eyes? You little emo
faggot. I'll send you some razor blades.
Sincerely,
storm (gonullyourself.org)
From: HI-TECH . isowarez.isowarez.isowarez () googlemail com
Date: Thu, 27 Jan 2011 05:22:49 +0100
Phrack and the blackhats.
You
What's your real name?
Since goatsec is a reputable security firm, certainly you have no issue if we
pull up your info?
Aerojam
--- On Fri, 1/28/11, Leon Kaiser litera...@gmail.com wrote:
From: Leon Kaiser litera...@gmail.com
Subject: [Full-disclosure] Andrew trelane Kirch EXPOSED
To:
Found this search box last month which is not sanitizing any input :
http://www.emersonnetworkpower.com/en-US/SearchCenter/Pages/AllResults.aspx?k=%3Cscript%3Ealert(document.cookie)%3C/script%3Es=Network%20Power%20Content_en-US_en-US
Have contacted the owner but there isn't any response. May be
When in doubt, unleash internet-tough-guy on your adversaries.
On Fri, Jan 28, 2011 at 1:18 AM, Jack Ryan c0xforb...@hotmail.com wrote:
How about you fuck off and go listen to more Bright Eyes? You little emo
faggot. I'll send you some razor blades.
Sincerely,
storm (gonullyourself.org)
Thor, he's on your paycheck...taxes...
On Mon, Jan 31, 2011 at 4:25 PM, Thor (Hammer of God)
t...@hammerofgod.comwrote:
I am truly amazed. He was actually HIRED by someone who is paying travel
expenses? Wonders never cease.
He's probably trying to merge his Vulnerability Prediction
OK, Now it's not that funny.
From: Christian Sciberras [mailto:uuf6...@gmail.com]
Sent: Monday, January 31, 2011 7:32 AM
To: Thor (Hammer of God)
Cc: mad@hushmail.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Travel letter from Craig S. Wright
Thor, he's on your
Troy,
Since when were goats jumping on keyboards reputable hackers?
Cheerio
On Sat, Jan 29, 2011 at 6:40 PM, Troy Aerojam taero.secli...@yahoo.comwrote:
What's your real name?
Since goatsec is a reputable security firm, certainly you have no issue if
we pull up your info?
Aerojam
Yes, it comes in very handy for those who need to ensure that the documents
they placed on open shares be held at the printer for security.
I love this part: The adversary can then either print two copies of the
victim's file and leave
one on the printer for the victim, or print one copy of
xssed.com
On Mon, Jan 31, 2011 at 3:04 PM, Madhur Ahuja ahuja.mad...@gmail.comwrote:
Found this search box last month which is not sanitizing any input :
It depends on whether they are wearing Wellies on their hind legs.
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian
Sciberras
Sent: Monday, January 31, 2011 7:35 AM
To: Troy Aerojam
Cc: full-disclosure@lists.grok.org.uk
Thor, how about creating a fake copy of the office with a fake printer? The
attacker gets as much original/restricted copies as he wants to!(!)
On Mon, Jan 31, 2011 at 4:36 PM, Thor (Hammer of God)
t...@hammerofgod.comwrote:
Yes, it comes in very handy for those who need to ensure that the
On Fri, 28 Jan 2011 18:24:50 GMT, cyber flash said:
Is Google now liable because it's hosting illegal files on their servers.
At least in the US, this qualifies for the various Safe Harbor exemptions in
17 USC 512, where they're not liable as long as they respond to takedown
notices. If you've
Wtf, I've never heard heard of a 'secure' print :S
Most large multifunction devices do this .. it's not secure in the
traditional (crypto) sense of the word, it's just a part of the job sent
via the postscript driver. Look at the PSD files for any large
multifunction and you'll find the
On Sun, 30 Jan 2011 19:22:45 -0500
Hack Talk hacktalkb...@gmail.com wrote:
Hey,
I've tried reporting issues to Harvard University tons of times in the past
but they rarely respond and even more rarely commend researchers for finding
vulnerabilities so I decided that full-disclosure was the
On 1/31/2011 12:39 PM, peter wrote:
/../../../../../../../../../../../etc/passwd
Looks like it was fixed.
fixed here too, check your browser cache
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Yup fixed. Can confirm that it was showing as vuln earlier tho.
On Mon, Jan 31, 2011 at 5:51 PM, Andrew Kirch trel...@trelane.net wrote:
On 1/31/2011 12:39 PM, peter wrote:
/../../../../../../../../../../../etc/passwd
Looks like it was fixed.
fixed here too, check your browser cache
Well that was fast,
As some proof here's a screenshot of the /etc/passwd file:
http://i.imgur.com/HKA51.png
Luis Santana - Security+
Administrator - http://hacktalk.net
HackTalk Security - Security From The Underground
___
Full-Disclosure - We
ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-034
January 31, 2011
-- CVE ID:
CVE-2011-0276
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Hewlett-Packard
-- Affected
ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-034
January 31, 2011
-- CVE ID:
CVE-2011-0276
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Hewlett-Packard
-- Affected
ZDI-11-035: IBM DB2 db2dasrrm validateUser Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-035
January 31, 2011
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
IBM
-- Affected Products:
IBM DB2 Universal Database
-- Vulnerability Details:
ZDI-11-036: IBM DB2 db2dasrrm receiveDASMessage Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-036
January 31, 2011
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
IBM
-- Affected Products:
IBM DB2 Universal Database
-- Vulnerability
ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp
Eval Code Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-037
January 31, 2011
-- CVE ID:
CVE-2010-3719
-- CVSS:
8.5, (AV:N/AC:M/Au:S/C:C/I:C/A:C)
-- Affected
I assume it is embedded so that cancelled or queued jobs can still require
PIN. You can't have one job pause all other jobs in the queue, so it would
need some way of continuing from bypass. The whole vulnerability angle is
pretty lame.
How it works on our Xerox printers is you hit
Gotta love the team name ;)
http://www.goear.com/listen/570f6b5/debede-sumo
On Mon, Jan 31, 2011 at 10:17 PM, CORE Security Technologies
Advisories advisor...@coresecurity.com wrote:
7. *Credits*
These vulnerabilities were discovered and researched by Federico Muttis,
Sebastian Tello and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Description of Vulnerability:
- -
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL. The Drupal Panels module
(http://drupal.org/project/panels) allows a site administrator to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Description of Vulnerability:
- -
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL. The Drupal Custom Pagers module
(http://drupal.org/project/custom_pagers) allows
45 matches
Mail list logo