On 16 Mar 2014 23:36, T Imbrahim timbra...@techemail.com wrote:
The thread read Google vulnerabilities with PoC. From my understanding
it was a RFI vulnerability on YouTube, and I voiced my support that this
is a vulnerability.
I also explained a JSON Hijacking case as a follow up, and you
==Advisory: GNUboard SQL Injection VulnerabilityAuthor: claepo.w...@dbappsecurity.com.cnAffected Version: GNUboard5(the latest version)Vendor URL: http://sir.co.kr/Vendor Status: Unfixed(I know little about Korean, so i do not know how to describe this vul to the
Please stop changing hats, it's embarrasing.
On Sat, Mar 15, 2014 at 7:36 PM, T Imbrahim timbra...@techemail.com wrote:
Is this treated with the same way that says that Remote File Inclusion is
not a security issue ?
You don't follow? Implying ?
I understand why nobody likes Google. If I
ROFL
[image: Inline image 1]
On Mon, Mar 17, 2014 at 11:07 AM, T Imbrahim timbra...@techemail.comwrote:
What drugs are you on Pedro Ribeiro I wonder ...?
I express my views, if you don't like don't watch them. You responses so
far have only been assy speculations so don't tell me Im wrong
What drugs are you on Pedro RibeiroI wonder...?I express myviews, if you don't like don't watch them. You responses so farhave only been assy speculations so don't tell me Im wrong, and please don't say thing like that. I don't know who the other peopleis,but what is true in security I support.
Ooh goodie, where and what happened to N3td3v, he used to crack me up :D :D
On 3/17/14, Mario Vilas mvi...@gmail.com wrote:
ROFL
[image: Inline image 1]
On Mon, Mar 17, 2014 at 11:07 AM, T Imbrahim
timbra...@techemail.comwrote:
What drugs are you on Pedro Ribeiro I wonder ...?
I
Hi,
The only probable way of exploiting it I can see would be if the servers
at Google where the files are uploaded would perform some specific tasks
with such files that could result in exploiting a vulnerability in any
of the used software (and this is something the discoverer failed to
probe).
Hey,
At least to me I am security paranoid. Remote File Inclusion of files to a
trusted network, seems like a well backed up vulnerability. I think we are
talking about Google here not your favourite's pizza website. I personally
congratulate to the author for finding it, whether probing it or
Especially considering that all three use Tor to post on the list. I wonder why.
Other header/content details can be interesting as well...
2014-03-17 10:24 GMT+01:00 Pedro Ribeiro ped...@gmail.com:
On 16 Mar 2014 23:36, T Imbrahim timbra...@techemail.com wrote:
The thread read Google
On Mon, Mar 17, 2014 at 2:25 PM, T Imbrahim timbra...@techemail.com wrote:
I definitely would patch my computer if I discovered that somebody could
upload files to my computer, even thought if couldn't 'probe' them.
1) I don't think you understood the meaning of the word probe in this
Few hr Left to Start Webcast.
Data, data, data! I can't make bricks without clay
Thanks you member of Mailing List for registering for
Garage4hacker'shttp://www.garage4hackers.com/showthread.php?t=5875p=13159Ranchoddas
Series. Below are details for the online presentation.
*Speaker*: Gynvael
On 17 Mar 2014 13:39, Źmicier Januszkiewicz ga...@tut.by wrote:
Especially considering that all three use Tor to post on the list. I
wonder why.
Other header/content details can be interesting as well...
Good catch, I didn't even remember checking the headers.
Have a look at the comments
Let's try some scenarios and if those can be pulled out then I'd say it's
safe to assume this is an issue:
1. Upload a webshell (in a war, php, asp[x], jsp or similar file) and have
it executed by YouTube;
2. Upload a malicious file (pdf, swf, jar or similar file which exploits a
known or unknown
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:062
http://www.mandriva.com/en/support/security/
On Mon, Mar 17, 2014 at 3:11 PM, Ulisses Montenegro
ulisses.montene...@gmail.com wrote:
Should YouTube restrict file uploads to known valid mime types? Sure, but
that's only how you got the data in there to begin with. It's what happens
after the data is in that will make all the difference.
Hello all,
There is less than 1 hour now remaining for the start of the webinar.
Catch it at http://www.garage4hackers.com/pages.php?pageid=4
QA will handled through :
1. IRC at #g4h on freenode
2. @garage4hackers on twitter
3. mail to sand...@garage4hackers.com
On Fri, Mar 7, 2014 at 5:35
Just wanted to post a follow-up to this and provide some context to
make it known:
* Bank of the West was contacted in 2011 to report a security issue
* No response for 2 years
* In late 2013, I receive a breach notification saying my own
sensitive personal information was compromised via the
On Mon, Mar 17, 2014 at 12:15 PM, Kristian Erik Hermansen
kristian.herman...@gmail.com wrote:
Just wanted to post a follow-up to this and provide some context to
make it known:
* Bank of the West was contacted in 2011 to report a security issue
* No response for 2 years
* In late 2013, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:063
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:064
http://www.mandriva.com/en/support/security/
Dear All, There has been a issue with hangout service as the Google
servers. Hence use below given link to join the webinar. Apologies for the
inconvenience and delay.
We have changed webcast link.
please join us : http://www.twitch.tv/gyndream/
On Fri, Mar 7, 2014 at 5:35 PM, Sandeep Kamble
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2880-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
March 17, 2014
22 matches
Mail list logo