Next Page >>
Administrator of Websecurity
attention that he didn't write to Bugtraq about all these holes in XAMPP, so
I decided to write about them by myself :-).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: advisories@intern0t.net
To: bugtraq@securityfocus.com ; MustLive
1.7.1, when I informed them, and didn't answer if they fixed the holes (so
it's possible that these holes are still not fixed).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: S?bastien H?nar?s
To: MustLive
Which must give you a ground for thoughts.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Susan Bradley" <sbradcpa@pacbell.net>
To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
> time
> ago" and have more and more days to fix these holes.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ----- Original Message -----
> From: "Susan Bradley" <sbradcpa@pacbell.net>
> To: "MustLive" <mustlive@websecurity.com.ua>
worry, because with every day they become more and more "informed long time
ago" and have more and more days to fix these holes.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Susan Bradley" <sbradcpa@pacbell.net>
To: "MustLive" <mustlive@websecurity.com.ua>
> This
> decision I made in August 2009 and it's final decision.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ----- Original Message -----
> From: "Susan Bradley" <sbradcpa@pacbell.net>
> To: "MustLive" <mustlive@websecurity.com.ua>
letters. But as said, I'll not be more informing them about DoS holes. This
decision I made in August 2009 and it's final decision.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Susan Bradley" <sbradcpa@pacbell.net>
To: "MustLive" <mustlive@websecurity.com.ua>
version) and two paid ones. And the hole in 3D user cloud module (in all its
versions) is still not fixed.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: JoomlaJabber
To: MustLive
as it can be at not powerful computers. And many people in the world have
not so powerful computers.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Jeremiah Gowdy" <Jeremiah.Gowdy@freedomvoice.com>
To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
that in Firefox 3.5 he had no problems (with this exploit). And maybe he has
last Firefox 3.5.1. After that he answered me and confirmed it.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
> -----Original Message-----
> From: MustLive [mailto:mustlive@websecurity.com.ua]
> Sent: Sunday, July 19, 2009 10:33 AM
ignoring and not fixing, or badly fixing, or hiddenly fixing without
thanking me, like it was with securityfocus.com in 2006 and many others.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Susan Bradley" <sbradcpa@pacbell.net>
To: "MustLive" <mustlive@websecurity.com.ua>
> ignoring and not fixing, or badly fixing, or hiddenly fixing without
> thanking me, like it was with securityfocus.com in 2006 and many others.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ----- Original Message ----- From: "Susan Bradley" <sbradcpa@pacbell.net>
> To: "MustLive" <mustlive@websecurity.com.ua>
> Cc: <bugtraq@securityfocus.com>
>
> Which must give you a ground for thoughts.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ----- Original Message ----- From: "Susan Bradley" <sbradcpa@pacbell.net>
> To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
> Sent: Tuesday, May 18, 2010 8:38 PM
vulnerability in XP Home. So I'm planning to investigate different versions
of Windows Vista to be sure.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Susan Bradley" <sbradcpa@pacbell.net>
To: "MustLive" <mustlive@websecurity.com.ua>
> versions
> of Windows Vista to be sure.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ----- Original Message ----- From: "Susan Bradley" <sbradcpa@pacbell.net>
> To: "MustLive" <mustlive@websecurity.com.ua>
> Cc: <bugtraq@securityfocus.com>
concerning this kind of vulnerabilities in browsers. How the attack can be
elevated from XSS to CE.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Hans Wolters" <j.wolters@piramide.nl>
To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
uses another method to work with sessions and for it another code must be
used (for clearing of session).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Matteo Valenza" <ilmetu@gmail.com>
To: "Susan Bradley" <sbradcpa@pacbell.net>
http://site/?fun=-1
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
developers. Everyone who want can create such PoC from exploit provided in
above-mentioned article from MoBiC project.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
> provided in
> above-mentioned article from MoBiC project.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
With setting of large values of width and height it's possible to create
large load at the server.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
http://site/Widgets/FlashTagCloud/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Just after disclosure of these vulnerabilities, I also found new
vulnerabilities in DS-Syndicate which I wrote about in separate advisory.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
With setting of large values of width and height it's possible to create
large load at the server.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Referer:
http://www.google.com/search?q=xss"><script>alert(document.cookie)</script>
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
There is no "Arbitrary File Upload" class not in WASC TC v.1, not in TC v.2.
And in my work I'm using only WASC TC v.1 and TC v.2.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Salvatore Fresta aka Drosophila" <drosophilaxxx@gmail.com>
To: "MustLive" <mustlive@websecurity.com.ua>; "Bugtraq"
Client-side Attacks (TC v.1), but to Logical Attacks (TC v.1) and is using
against site itself. And it can be used for different malicious actions.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Re: Vulnerability in CB Captcha for Joomla and Mambo Apr 16 2010 02:04PM
nant joomlapolis com
With setting of large values of width and height it's possible to create
large load at the server.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Vulnerable is Hydra Engine 1.0.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Vulnerable are all versions of Abton before the version where developers
fixed these holes.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Next Page>>
|
