[Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption PoC

Exploit Title: AxMan ActiveX fuzzing <== Memory Corruption PoC Crash : http://imageshack.us/f/217/axman.jpg/ Date: July 28, 2012 Author: coolkaveh coolka...@rocketmail.com Https://twitter.com/coolkaveh Vendor Homepage: http://digitaloffense.net/tools/axman/ version : 1.0.0 Tested on: windows 7 SP1

[Full-disclosure] Quick note on requesting CVEs for public issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just a note if you need CVE's for open source security issues email oss-secur...@lists.openwall.com (http://oss-security.openwall.org/wiki/mailing-lists/oss-security). Please note that these requests are completely public (anyone can sign up to the oss

[Full-disclosure] ocPortal 7.1.5 <= | Open URL Redirection Vulnerability

1. OVERVIEW ocPoral CMS 7.1.5 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND ocPortal is the website Content Management System (a CMS) for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a way to accomplish your vision.

[Full-disclosure] Netasq UTM suffer from bypassing metacharacters filter

Aswome coolkaveh look what I found Title:Netasq UTM suffer from bypassing metacharacters filter coolkaveh Advisory coolka...@rocketmail.com Https://twitter.com/coolkaveh Product : Netasq utm Vendor Homepage: http://netasq.com Criticality level : High Description : A vulnerability has been discover

Re: [Full-disclosure] Linux - Indicators of compromise

On Thu, Jul 26, 2012 at 6:07 AM, Григорий Братислава wrote: > > Is first MustnLive watch really good movie and is use > quote from is movie: Funny, I now want to watch Goldeneye for some reason... > MusntLive is show you how you fail across many 'vertical' industries. Everything you mention a

Re: [Full-disclosure] Linux - Indicators of compromise

> I can't tell if I'm being trolled or not... Good question. >> Is I am on your network, good luck is find me especially in is post >> exploitation as I am is liable to float around is piggyback from one >> machine is to the next. You can is assume all you want about port >> security in is in fac

Re: [Full-disclosure] Transmission BitTorrent XSS Vulnerability

Tavis Ormandy wrote: > Justin Klein Keane wrote: > > > Impact - -- Clients loading a maliciously crafted .torrent file into > > Transmission and viewing the web client could be subject to arbitrary > > script injection, allowing an attacker to run arbitrary code in the > > context of the vi

Re: [Full-disclosure] Transmission BitTorrent XSS Vulnerability

Justin Klein Keane wrote: > Impact - -- Clients loading a maliciously crafted .torrent file into > Transmission and viewing the web client could be subject to arbitrary > script injection, allowing an attacker to run arbitrary code in the > context of the victim's web browser. This could lea

Re: [Full-disclosure] Pligg 0.9/1.x remote code execution

they should not have been fixed, as when exploit has been released they where not and looking at SVN no change has been made ( http://pligg.svn.sourceforge.net/viewvc/pligg/ ) no CVE has been asked for this vuln (at least from me), so none should has been assigned. And regarding your post been dele

Re: [Full-disclosure] Pligg 0.9/1.x remote code execution

On Sat, Jul 21, 2012 at 06:34:46PM +0200, BlackHawk wrote: > Exploit attached, info inside. 2.0 versions could still be affected > > http://pastebin.com/MSXFSvzA Do you know if these issues have been fixed in some version of Pligg and if these have CVE-identifiers? I tried to ask this from forum