Next Page >>
Kind regards
manipulating the security features in user interfaces, it requires a new
model dialog for HTTP authentication that should disseminate
the realm value from domain name. Restricting, the string length of
Realm value could be a good lead here.
Kind Regards
Aditya
Tim wrote:
> Hi Aditya,
(Note: A comparative test against Firefox has been placed in the video
itself)
Kind Regards
Aditya K Sood
http://www.secniche.org
that might yield you a process runing under UIC [80,80], with the username
BLACKLA...? As that is the owner the process runs under.
Probably not an authorized user, but I cannot tell from the demo account.
Kind Regards,
Nico
* https://www.hacking-lab.com/events/
Train your Brain - Explore Hacking-Lab with this free online security
competition.
Kind Regards
Ivan Buetler, E1
Results: XSS passing through "server_id" variable.
Impact: Remote attackers might be able to perform Cross-Site Scripting (XSS) attacks by various vectors.
Thanks in advance for your comments
Kind Regards
I think this can clear the point. Its the same point which I am
mentioning from long time. We just want that issues should be patched so
that users can have better experience.
Kind Regards
Aditya
>
> Thanks!
>
Test pattern for vulnerable versions:
"></script>alert(1)</script>
Kind Regards
Antonio San Martino
Please credit the discovery to Gizmore from wechall.net :)
Kind Regards
Gizmore
>
> The vulnerability can be triggered as :
>
> http://www.victime_site.org/modules.php?name=Downloads&d_op=search&query=[XSS]
> WHERE [XSS] = '';!--"[script]alert(document.cookie)[/script]
> Kind Regards
> SCHAP
> http://www.schap.org
>
--
More details are available here:
Advisory: http://www.matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Article: http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Kind Regards,
--
www.matousec.com Research
Different Internet Experience Ltd.
It can have diverse impact with more modularized codes in the future.
All for community purposes.
Kind Regards
Aditya K Sood
http://www.secniche.org
You can have a look at the screenshot at below mentioned link
http://www.secniche.org/goog_chr_auth_spoof.jpg
Kind Regards
Aditya
Tim wrote:
> Aditya,
Vulnerability details: just inject ' and you get sql eror
Thanks so much.
Kind Regards
Thanks to Protogenes and Nico Haase for testing and confirming the issue.
Kind regards,
Jan Schejbal
P.S.: Related technical reports, presentations and stuff available at:
http://www.gont.com.ar
Thanks!
Kind regards,
Fernando Gont
26457 <... futex resumed> ) = -1 EINTR (Interrupted system call)
26461 <... futex resumed> ) = -1 EINTR (Interrupted system call)
26460 <... select resumed> ) = ? ERESTARTNOHAND (To be restarted)
26462 <... rt_sigprocmask resumed> [HUP INT QUIT PIPE ALRM TERM TSTP], 8) = 0
With Kind Regards,
Nikolaos Rangos
E-Mail: kcope[at]googlemail.com
i. I would appreciate if you could take issues like this seriously in the future.
ii. Here's a solution: block POP access to a given account after 100 unsuccessful attempts in 2 hours, regardless of IP address (or unrelated successful authentications) and force image verification for that account for the next 2 hours. Give a meaningful error like "Too many unsuccessful attempts have been made to this account. Please use webmail to login."
You must admit, it doesn't look good when two people are pointing fingers at each other saying "he/she's wrong", and it does sound like Vicente has done some research. It'd pay to revise the algorithm(s) involved, in greater depth. That way, you either clear yourself or you don't look so arrogant if/when you're wrong.
Kind regards, Sebastian.
Any comments will be more than welcome! -- feel free to post them
here, or send them unicast to me at: fernando@gont.com.ar
Thanks!
Kind regards,
Fernando Gont
Therefore I will close the open source project Pi3Web for that reason, because wrong reports happened multiple times in the past.
My E-Mail to the original issuer of the report is attached below.
--
kind regards,
Holger Zimmermnn
Hi Hamid,
you can send me your input, and I could forward it to the tcpm@ietf.org
mailing-list).
Thanks!
Kind regards,
- --
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
has expired. To renew the account, please reply to this email
leaving the email body intact, so we know the account is still
used.
Kind regards,
the IT department
</message>
</query>
</iq>
vulnerabilities listed in the aforementioned advisory (available at:
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml).
Thanks!
Kind regards,
Fernando
They are also available at the LACNOG 2010 web site
(http://www.lacnog.org/en/meetings/lacnog-2010/agenda-lacnog-2010)
Thanks!
Kind regards,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Agreed. I will try to address the issues you raised in the next
revision of the draft.
Thanks!
Kind regards,
Fernando Gont
The deadline for posting your opinion is January 9th (next Friday).
Thanks so much!
Kind regards,
Fernando Gont
* Vassileios Vlachos, [Professor, TEI of Larissa]
* Yiorgos Adamopoulos, [Postmaster, Technical Chamber of Greece]
Kind regards,
AthCon organising committee
-------------------
Vendor Contact(s): December 20th, 2011
CVE assignment: February 21st, 2012
Public Disclosure: February 25th, 2012
Kind regards,
Dimitris Glynos
--
http://census-labs.com -- IT security research, development and services
Kind regards
POC2009
http://www.powerofcommunity.net
post your feeback here (please CC me), or send it unicast to
fernando@gont.com.ar , if you prefer.
Thanks!
Kind regards,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Please send your comments to tcpm@ietf.org (and please CC me).
Thanks!
Kind regards,
Fernando
Next Page>>
|
