Next Page >>
On Sun
I hope that settles it...
Thanks,
-Amit
On Sun, Feb 8, 2009 at 6:29 PM, Razi Shaban <razishaban@gmail.com> wrote:
> On Sun, Feb 8, 2009 at 6:16 PM, Roman Medina-Heigl Hernandez
> <roman@rs-labs.com> wrote:
>> Razi Shaban escribi:
>>>> I am glad to release SFX-SQLi (Select For XML SQL injection), a new SQL
>>>> injection technique which allows to extract the whole information of a
On Sun, 17 Apr 2011 21:47:13 +0200
Jann Horn <jannhorn@googlemail.com> wrote:
> Hello,
> does anyone know how to contact the openssh guys without using a
> public mailinglist/IRC channel/...? I tried openssh@openssh.com, but
> I didn't get an answer. It's nothing big, but I'd like to make sure
> that they know about it and to hear their opinion.
>
> Jann Horn
On Sun, Jul 24, 2011 at 06:10:00PM +0200, Mango wrote:
> ###############################################################################
>
> phpMyAdmin 3.x Conditional Session Manipulation
>
> ###############################[ Advisory from ]###############################
>
> #########¨¨########¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨##¨¨¨¨¨#########.¨¨¨
> ¨¨'####:¨¨¨¨:###'¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨:##:¨¨¨¨¨'###¨¨'###.¨
> ¨¨¨¨'###.¨¨.##'¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨####¨¨¨¨¨¨###¨¨¨¨###¨
Then...when do you need a browser to launch a perl exploit?
Why do you include "TESTED ON: firefox 3"? Would you not be able to
trigger this bug using other browsers?
On Sun, May 31, 2009 at 8:53 PM, <y3nh4ck3r (at) gmail (dot) com [email concealed]> wrote:
> #!/usr/bin/perl
> #-----------------------------------------------------------------------
--------------------------------------------
> #(Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->
> #-----------------------------------------------------------------------
On Sun, Feb 8, 2009 at 6:16 PM, Roman Medina-Heigl Hernandez
<roman@rs-labs.com> wrote:
> Razi Shaban escribi:
>>> I am glad to release SFX-SQLi (Select For XML SQL injection), a new SQL
>>> injection technique which allows to extract the whole information of a
>>> Microsoft SQL Server 2005/2008 database in an extremely fast and efficient
>>> way.
>>
>> This isn't new, this is old news. It might be the first paper written
>> about the topic, but these methods have been used for years.
On Sun, 18 Nov 2007, Nils Toedtmann wrote:
> Mozilla based browsers (Firefox, Netscape, ...), Konqueror and Safari 2
> do not bind a user-approved webserver certificate to the originating
> domain name. This makes the user vulnerable to certificate spoofing by
> "subjectAltName:dNSName" extensions.
>
> ...
> In the end, the cert warning and the spoofing attempt get separated into
> two events which appear to the user as being unrelated. I consider this
> >> uncompressed bitmaps. Is there something I'm
> missing?
> >>
> >> -Travis
> >>
> >> On Sun, Jan 3, 2010 at 6:37 AM, Joxean Koret
> <joxeankoret@yahoo.es>
> wrote:
> >> > Hi all,
> >> >
> >> > I'm happy to announce the very first public
On Sun, Oct 23, 2011 at 01:06:07AM +0200, muuratsalo experimental hack lab wrote:
> jara 1.6 sql injection vulnerability
>
> download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip
>
> author muuratsalo
> contact muuratsalo[at]gmail.com
>
> exploit
> http://localhost/jara/view.php?id=[SQL Injection]
On Sun, Apr 03, 2011 at 12:15:12PM +0200, Henrik Strner wrote:
> Several cross-site scripting vulnerabilities have been identified in
> the Xymon systems- and network-monitoring tool available at
> http://sourceforge.net/projects/xymon/
>
> All versions prior to 4.3.1 (released April 3, 2011) are vulnerable.
>
> I would like to thank David Ferrest for notifying me of this issue.
>
>
---> >
---> > Cheers,
---> > Denis
---> >
---> >
---> > On Sun, 13 Jan 2008 21:31:34 +0530
---> > "crazy frog crazy frog" <i.m.crazy.frog@gmail.com> wrote:
---> >
---> > ---> Hi,
---> >
---> > --->
>> I would largely assume that your algorithm, as is, works best on
>> uncompressed bitmaps. Is there something I'm missing?
>>
>> -Travis
>>
>> On Sun, Jan 3, 2010 at 6:37 AM, Joxean Koret <joxeankoret@yahoo.es> wrote:
>> > Hi all,
>> >
>> > I'm happy to announce the very first public release of the open source
>> > project DeepToad, a tool for computing fuzzy hashes from files.
>> >
On Sun, 13 Jan 2008, crazy frog crazy frog wrote:
> http://secgeeks.com/what.zip
> password is 12345
> can somebody guide/help me what is this and how can i remove it?
te file you sent here contains a bunch of embeded nulls (every other
character is 00). stripping those out reveals ...
that it's a collection of browser exploits. by the looks of it it's MPack
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 28 Sep 2008 01:11:06 -0400 Aditya K Sood
<0kn0ck@secniche.org> wrote:
>*Severity:*
>High
Would you care to explain why this is even REMOTELY high severity?
> On Sun, Sep 28, 2008 at 08:14:16AM -0600, Theo de Raadt wrote:
> >
> > the only workaround is to buy a seperate machine for the other uses.
> >
>
> No.
>
> > So you buy a machine that can be split up into different machines, and
> > guess what, you still have to buy extra ones because it doesn't
> > work.
Double check what are you posting before actually doing it please.
Regards
--- On Sun, 1/4/09, l1un@hotmail.com <l1un@hotmail.com> wrote:
> From: l1un@hotmail.com <l1un@hotmail.com>
> Subject: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏
> To: bugtraq@securityfocus.com
> Date: Sunday, January 4, 2009, 11:39 AM
On Sun, Sep 28, 2008 at 08:36:17PM -0600, Theo de Raadt wrote:
>
> Oh I get it.
>
No you don't.
> You can use a "trust relationship with your
> administrators" to get around the fact that Sun sold a piece of
> hardware which does not provide the isolation they promised in their
Completely stolen/copied.
http://packetstormsecurity.org/0909-exploits/wxguestbook-sqlxss.txt 29598ed23c2831346a48aeb6fbdb3605 WX Guest Book version 1.1.208 suffers from remote SQL injection and cross site scripting vulnerabilities. Authored By <a href="mailto:damagicalhacker[at]gmail.com">learn3r</a>
On Sun, Dec 13, 2009 at 12:45:17PM -0000, admin@ekin0x.com wrote:
> ###########################################
> # WX Guest Book 1.1.208 Vulns #
> # By xxHackerXzX hacker from nepal #
> # admin@ekin0x.comm #
> ###########################################
--->
---> Cheers,
---> Denis
--->
--->
---> On Sun, 13 Jan 2008 21:31:34 +0530
---> "crazy frog crazy frog" <i.m.crazy.frog@gmail.com> wrote:
--->
---> ---> Hi,
---> --->
---> ---> Recently on opening one of my site,my antivirus pops up saying that
Dmitry Yu. Bolkhovityanov
The Budker Institute of Nuclear Physics
Novosibirsk, Russia
On Sun, 7 Feb 2009, jplopezy@gmail.com wrote:
> Application: Nokia N95-8
> OS: Symbian
> ------------------------------------------------------
> 1 - Description
On Sun, Dec 30, 2007 at 07:13:24AM -0500, Memisyazici, Aras wrote:
> >>The researchers found that they can use Google to retrieve the hashed password of the hacker. Google has become so big that it actually allows efficient encrypted passwords lookup.
>
> Could you please be more specific? Do you mean, Google had crawled an entire MySQL DB and had access to the contents of the password field in encrypted form? Or had the contents of a /etc/shadow file? Or has a huge rainbow table repo. to compare hashes against? Or... ?
I think this is the original report
http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/
which Bruce Schneier highlighted
http://www.schneier.com/blog/archives/2007/11/using_google_to.html
On Sun, Sep 25, 2011 at 02:14:37PM +0000, Amir@irist.ir wrote:
> #####################################################################################################################
> # #
> # Islamic Republic Of Iran Security Team #
> # #
> # Www.IrIsT.Ir #
> # #
> #####################################################################################################################
> # #
> # PunBB <== 1.3.6 Cross-Site Scripting Vulnerabilities #
happens. In either case, glibc heap protection probably makes this
very difficult or impossible to exploit anyway.
-Dan
On Sun, Oct 10, 2010 at 11:07 PM, watercloud watercloud
<watercloud@xfocus.org> wrote:
> Hi,all !
> I find xterm on ubuntu 10.04 have a local heap overflow,
> I don't known that can it be exploit on glibc 2.11 .
>
Cheers,
Denis
On Sun, 13 Jan 2008 21:31:34 +0530
"crazy frog crazy frog" <i.m.crazy.frog@gmail.com> wrote:
---> Hi,
--->
---> Recently on opening one of my site,my antivirus pops up saying that it
On Sun, Dec 18, 2011 at 02:08:19PM -0500, tom wrote:
> # Exploit Title: SASHA v0.2.0 Mutiple XSS
> # Date: 12/16/11
> # Author: G13
> # Software Link: http://sourceforge.net/projects/sasha/files/
> # Version: 0.2.0
> # Category: webapps (php)
> #
>
>
On Sun, Sep 05, 2010 at 07:27:53AM -0600, nikhil_uitrgpv@yahoo.co.in wrote:
> 1. Overview
> nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
Nmap is not vulnerable. DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default Windows DLL search path used for those apps. Nmap does
not, and never has, registered any Windows file extensions. So it
isn't vulnerable to this issue.
Why do you include "TESTED ON: firefox 3"? Would you not be able to
trigger this bug using other browsers?
On Sun, May 31, 2009 at 8:53 PM, <y3nh4ck3r@gmail.com> wrote:
> #!/usr/bin/perl
> #-------------------------------------------------------------------------------------------------------------------
> #(Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->
> #-------------------------------------------------------------------------------------------------------------------
> #
> #CMS INFORMATION:
On Sun, 25 Oct 2009, Pavel Kankovsky wrote:
> pavel might have detected this attack if he checked the number of
> hardlinks on "unwritable_file" between the chmod's. But he did not
> check that.
I stand corrected. He did it--in a comment:
> # check link count on unwritable_file. We would not want someone
> # to have a hard link to work around our permissions, would we?
Fernando
On Sun, Oct 24, 2010 at 6:33 PM, Fernando Gont <fernando.gont@gmail.com> wrote:
> Folks,
>
> I thought you might enjoy the slides of a talk about IPv6 security I
> gave last week at LACNOG (http://www.lacnog.org). The slides are
> available at: http://www.gont.com.ar/talks/lacnog2010/fgont-lacnog2010-ipv6-security.pdf
> On Sun, Sep 28, 2008 at 08:14:35PM -0600, Theo de Raadt wrote:
> >
> > OpenBSD of course cannot run in a Solaris zone.
> >
>
> Right. Glad that is clear.
>
> > OpenBSD can run in a hardware zone, and when something it does (which
> > we don't know yet) locks up that hardware zone, the only way to get
> > the hardware zone back is to POWER THE MACHINE OFF. That is a lack
On Sun, Sep 28, 2008 at 08:14:16AM -0600, Theo de Raadt wrote:
>
> the only workaround is to buy a seperate machine for the other uses.
>
No.
> So you buy a machine that can be split up into different machines, and
> guess what, you still have to buy extra ones because it doesn't
> work.
Next Page>>
|
