Next Page >>
Best Regards
also I've found this vulnerability 1 year ago during a pt and work fine
with url obfuscation. I've read that with owa 2007 this vulnerability is
patched but I don't have tried yet.
Best regards,
Piergiorgio
Giuseppe Gottardi ha scritto:
> Davide, let me comfort you...
If you have further questions, I'm glad to help.
Best Regards,
Rodrigo.
once a document is signed.
I also agree, that the severity of this is open to discussion, and
invite anybody interested in this discussion to contact me directly.
Best Regards,
Henrich C. Phls
> -----Ursprngliche Nachricht-----
> Von: Henrich C. Poehls [mailto:poehls@informatik.uni-hamburg.de]
> Gesendet: Freitag, 14. Dezember 2007 12:08
> Hi all,
> also I've found this vulnerability 1 year ago during a pt and work fine
> with url obfuscation. I've read that with owa 2007 this vulnerability is
> patched but I don't have tried yet.
>
> Best regards,
> Piergiorgio
>
>
> Giuseppe Gottardi ha scritto:
>> Davide, let me comfort you...
taken in a timely manner by Parallels.
I can provide root login to the test system on request, just need to
negotiate a timeframe because it's running in a VM behind a NAT router.
Best Regards,
Felix Buenemann
---snip---
Best Regards,
Felix Buenemann
Hi all,
also I've found this vulnerability 1 year ago during a pt and work fine
with url obfuscation. I've read that with owa 2007 this vulnerability is
patched but I don't have tried yet.
Best regards,
Piergiorgio
Giuseppe Gottardi ha scritto:
> Davide, let me comfort you...
I found this vulnerability 1 year ago during a penetration test
activity and I never reported before for my negligence :-)
https://owa/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttp%3A%2F%2Fwww.google.it&reason=0
Best regards,
oveRet
On ven, 2008-10-17 at 21:07 +0200, Davide Del Vecchio wrote:
Hi,
}
}
}
Best Regards,
Charalambous Glafkos ( nowayout )
__________________________________________
ASTALAVISTA - the hacking & security community
www.astalavista.com
www.astalavista.net
#Hi to all Indian Hacker$, Andhra/ Telangana Hacker$ ;)
# Praveen Darshanam
#############END PYTHON###########################
Hi to all Indian Hacker$, Andhra/ Telangana Hacker$ ;)
Best Regards,
Praveen Darshanam,
Security Researcher
If an admin makes a new custom template with custom html code, then that admin can put <script>alert('omg xss')</script> if he wants to. It's simply just functionality not bugs.
I hope you understand my concern and why it is important for me to say that this is not a bug.
Best Regards,
MaXe - InterN0T.net
FYI
Waiting for your review
Best Regards
Yossi Yakubov
This vulnerability was discovered and exploited by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT).
Best Regards,
Rodrigo.
--
Rodrigo Rubira Branco
It is not apache issue. You recrive 403 status, so charset is set in Header. Charset should not be in meta tags. Issue exist, when apache send response without charset in header AND meta tags. Probably you are using old browser without standard settings.
Best Regards,
Maksymilian Arciemowicz
securityreason.com
you can find bug fixed version on:
http://sourceforge.net/projects/infinix/
Thanks.
Best Regards,
rbk
The best way to defend against any Cross Site Scripting attacks is to sanitize all inputs and outputs properly on your website and perhaps run NoScript as an extra safety precaution as well.
If it was possible to execute system() commands directly through the browser and not javascript nor html then that would be a vulnerability since One could almost do anything with a malicious site, if the input in this example to this function wouldn't be sanitized of course.
Best Regards,
MaXe
> To bypass protection from JavaScript code execution via refresh header it's
> needed to use data: URI, which will be containing requisite JS code.
> [...] After I informed Mozilla, they declined to fix this vulnerability.
This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT).
Best Regards,
Rodrigo.
--
Rodrigo Rubira Branco
This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT).
Best Regards,
Rodrigo.
--
Rodrigo Rubira Branco
opportunity to send questions to the moderated painel and to have access
to the video recording afterwards.
Best Regards,
Rodrigo.
like include "..\..\..\..\..\..\../../../../../etc/passwd"
We do not guarantee that it still works.
--
Best Regards,
------------------------
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib) <cxib@securityreason.com>
sub 4096g/0889FA9A 2008-08-22
Hey thor,
I would love if you had something for IPtables to do this.
Best Regards,
Lawrence Pingree
On Jan 13, 2010, at 12:28 PM, "Thor (Hammer of God)" <thor@hammerofgod.com> wrote:
With all the hubbub around China yet again, I would like to remind you of the utilities available at Hammer of God that allow one to completely block any or all traffic to or from China or any other country in the world via ISA/TMG.
Discovered By Linux_Drox
LeZr.Com
Best Regards ,,,
If the ftp service is set to "manual" startup in services control
manager the service
needs to be restarted manually.
IIS 5.0 and 6.0 were tested and are affected.
Best Regards,
Nikolaos Rangos
It is possible to make DoS (block all sockets/memory exe.). (more in Xploit magazin)
Reason: Use PHP via a CGI interpreter with RLimit* directives.
Anyone how use PHP as an in-process script interpreter, can be dangerous.
Best Regards,
Maksymilian Arciemowicz
securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
This vulnerability was discovered by Michael Golub and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT).
Best Regards,
Rodrigo.
--
Rodrigo Rubira Branco
which will be held in Berlin, Germany, October 28-29, 2010.
Please feel free to distribute this announcement. We apologize
if you receive multiple copies of this message.
Best Regards,
The EC2ND 2010 Organization Committee
* * * * * *
up in Cancun on 3rd of December for a special H2HC edition in Mexico
with simultaneous translations for ALL the talks between English-Spanish.
Best Regards,
Rodrigo (BSDaemon).
http://192.168.1.2/exec/"><iframe
src="http://192.168.1.2/level/15/configure/-/hostname/BUGGY/CR">
Best Regards,
Zloss
>
php_getuid() is a abstract function for php.
--
Best Regards,
------------------------
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib)
<cxib@securityreason.com>
sub 4096g/0889FA9A 2008-08-22
I tested it earlier and your proof of concept works 100%.
Very nice find :-)
Best Regards,
MaXe
This vulnerability was discovered by Michael Golub and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT).
Best Regards,
Rodrigo.
--
Rodrigo Rubira Branco
Next Page>>
|
