Next Page >>
Thu
GET /phpmyadmin/setup/index.php HTTP/1.1
Response
--------
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2011 16:42:17 GMT
Server: Apache/2.2.20 (Ubuntu)
X-Powered-By: PHP/5.3.6-13ubuntu3.2
Set-Cookie: phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf; path=/phpmyadmin/setup/; HttpOnly
Expires: Thu, 01 Dec 2011 16:42:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
. D 0 Mon Feb 1 20:29:12 2010
.. D 0 Mon Feb 1 20:29:12 2010
initrd.img.old 7646184 Mon Jan 18 13:15:48 2010
boot.ini 18832 Mon Feb 1 20:29:12 2010
home D 0 Mon Jan 18 13:08:24 2010
initrd.img 8007195 Thu Jan 21 21:51:26 2010
.cache DH 0 Sat Jan 23 14:19:08 2010
opt D 0 Sat Jan 30 11:39:59 2010
lib D 0 Thu Jan 21 21:13:01 2010
usr D 0 Sun Jan 31 22:08:11 2010
.libs DH 0 Thu Jan 21 12:30:48 2010
On Thu, 20 Sep 2007, Joey Mengele wrote:
> Dear Fatboy,
>
> Let's put aside for a minute the fact that you have no idea what
You like people on the heavy side? Psst... call me.
> you are talking about and let's also, for the benefit of this very
> valuable debate, assume your definition is correct. First, please
HEAD /../../etc/passwd HTTP/1.0
HTTP/1.1 400 Bad Request
Content-Type: text/html
Server: Shttp/ServerKit
Date: Thu, 25 Oct 2007 16:31:30 GMT
Connection: close
HEAD /../../var/log/messages HTTP/1.0
On Thu, Sep 15, 2011 at 7:11 PM, Michael Schmidt <mschmidt@drugstore.com> wrote:
> Someone’s just not reading the bulletins – Note the term “Remote” –
> including webdav, so a share that could be fully controlled by the
> exploiter. At least that is what I am understanding.
>
>
>
> Updates released on September 13, 2011
>
> Microsoft Security Bulletin MS11-071, "Vulnerability in Windows Components
original url: http://retrogod.altervista.org/rgod_imageshack_hack.html
rgod-tsid-pa-he-ru-ka
-
stay tuned with us ...
http://retrogod.altervista.org/join.html
security feeds, radio streams, techno/drum & bass stations to come
-->
<html>
- --- 0.Description ---
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.
- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---
The XSS(UTF7) exist in mod_autoindex.c . Charset is not defined and we can provide XSS attack using "P" option available in apache 2.2.4 by setting Charset to UTF-7.
Header injection
http://server/opennms/event/query?%0D%0AInjectedHeader:%20BugSec
Server response
HTTP/1.1 302 Moved Temporarily
Date: Thu, 25 Sep 2008 11:30:05 GMT
Server: Apache/2.2.3
Location: http://server/opennms/event/list?
InjectedHeader: BugSec=
Content-Length: 0
Connection: close
On Thu, 2007-11-29 at 23:19 +0100, Valdis.Kletnieks@vt.edu wrote:
> On Thu, 29 Nov 2007 14:46:06 +0300, 3APA3A said:
> > In order to exploit this vulnerability you need to force victim to run
> > attacker-supplied BAT file. It's like forcing user to run
> > attacker-supplied .sh script under Unix.
>
> And oddly enough, the *very next mail* from Bugtraq said:
>
> > FreeBSD-SA-07:10.gtar Security Advisory
----- Original Message -----
From: "Susan Bradley"
To: "Bob Fiero"
Cc: bugtraq@securityfocus.com
Subject: Re: Insufficient Authentication vulnerability in Asus notebook
Date: Thu, 14 May 2009 12:35:33 -0700
Oh please. Corporations build images of machines that don't have this.
If you have this issue in your corporation, go talk to your IT guys
>
> I will not answer anymore uninformed questions on this topic.
>
> Thanks, Tavis.
>
> On Thu, Jun 10, 2010 at 09:02:37AM -0700, Susan Bradley wrote:
>
>> I'm not asking about disclosure. I'm asking what happened to the level
>> of communication between you and MSRC that after 4 days you posted this?
>>
>> Tavis Ormandy wrote:
Obviously some people are far more articulate than me.
---------- Forwarded message ----------
Date: Thu, 1 Nov 2007 16:47:17 -0400
From: PinkFreud <pf-botnets@mirkwood.net>
To: Gary Flynn <flynngn@jmu.edu>
Cc: botnets@whitestar.linuxbox.org
Subject: Re: [botnets] re MAC trojan
As long as I can make an .exe that visually looks pixel for pixel like
a .ppt, the security model you imagine (that the desktop can
differentiate between code execution and document editing) doesn't
exist. This work is better, if incomplete.
On Thu, Jun 2, 2011 at 9:32 AM, Mitja Kolsek <mitja.kolsek@acros.si> wrote:
>
> Thor, the "Online Proof of Concept" section of the blog post points you to a *remote*
> exploit (without any warning) but let me repeat the link here:
>
> http://www.binaryplanting.com/demo/XP_2-click/test.html
J.
-----Original Message-----
From: Joey Mengele [mailto:joey.mengele@hushmail.com]
Sent: Thursday, September 20, 2007 3:34 PM
To: pdp.gnucitizen@googlemail.com; ge@linuxbox.org
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] 0day: PDF pwns Windows
Dear Fatboy,
File Date
CA Software Delivery r11.2 C1, C2, C3
dtscore11.dll
218376
THU APR 09 15:02:25 2009
CA Software Delivery r11.2 SP4
dtscore11.dll
218376
THU APR 09 15:19:47 2009
___
"If today I stand here as a revolutionary, it is as a revolutionary
against the Revolution."
On Thu, 20 Sep 2007 11:29:22 -0400 Gadi Evron <ge@linuxbox.org>
wrote:
>Impressive vulnerability, new. Not a 0day.
>
>Not to start an argument again, but fact is, people stop calling
>everything a 0day unless it is, say WMF, ANI, etc. exploited in
_____
From: Susan Bradley [mailto:sbradcpa@pacbell.net]
To: Bob Fiero [mailto:i.am@mentalfloss.net]
Cc: bugtraq@securityfocus.com
Sent: Thu, 14 May 2009 15:35:33 -0400
Subject: Re: Insufficient Authentication vulnerability in Asus notebook
Oh please. Corporations build images of machines that don't have this.
If you have this issue in your corporation, go talk to your IT guys and
Wolf Halton
Halton Security Institute
networkdefense.biz
On Thu, 2007-12-13 at 17:42 +0100, Naujoks, Hans-Dietmar wrote:
> Dear Mr. Poehls,
>=20
> I think Microsoft does not consider metadata attached to a document as pa=
rt of the document and so they decided not to include it in the content pro=
On Thu, Feb 28, 2008 at 06:28:51PM -0800, Jacob Appelbaum wrote:
> oc photon wrote:
> > n Thu, Feb 28, 2008 at 1:56 PM, Jacob Appelbaum <jacob@appelbaum.net> wrote:
> >> Moin moin Bugtraq readers,
> >>
> >> Bill Paul and I have discovered that LoginWindow.app doesn't clear
> >> credentials after a user is authenticated.
> > This has already been discovered in 2004. While the author only looks
> > at swap files, it is obvious that this is the same bug.
> >
>
> _____
> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
> To: Bob Fiero [mailto:i.am@mentalfloss.net]
> Cc: bugtraq@securityfocus.com
> Sent: Thu, 14 May 2009 15:35:33 -0400
> Subject: Re: Insufficient Authentication vulnerability in Asus notebook
>
> Oh please. Corporations build images of machines that don't have this.
>
> If you have this issue in your corporation, go talk to your IT guys and
Virginia Tech
________________________________
From: John Bailey [mailto:rekkanoryo@rekkanoryo.org]
Sent: Thu 9/18/2008 5:44 PM
To: Memisyazici, Aras
Cc: bugtraq@securityfocus.com; Siim Pder
Subject: Re: Pidgin IM Client Password Disclosure Vulnerability.
Cheers,
Mitja
>
> On Thu, Jun 2, 2011 at 9:32 AM, Mitja Kolsek <mitja.kolsek@acros.si> wrote:
>>
>> Thor, the "Online Proof of Concept" section of the blog post points
>> you to a *remote*
>> exploit (without any warning) but let me repeat the link here:
>>
I will not answer anymore uninformed questions on this topic.
Thanks, Tavis.
On Thu, Jun 10, 2010 at 09:02:37AM -0700, Susan Bradley wrote:
> I'm not asking about disclosure. I'm asking what happened to the level
> of communication between you and MSRC that after 4 days you posted this?
>
> Tavis Ormandy wrote:
> >Susan, I wish I had the time to hold your hand through getting up to
HTTP/1.1 200 OK
Content-Length: 361
Date: Fri, 05 Feb 2010 08:53:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Router>show version
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(15)T2, RELEASE SOFTWARE (fc7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 17-Jan-08 23:12 by prod_rel_team
Additional information about Cisco IOS software release naming is
available at the following link:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_white_paper09186a008018305e.shtml.
On Mon, 29 Sep 2008, bzhbfzj3001@sneakemail.com wrote:
> On Thu, 25 Sep 2008, lmfao@hotmail.com wrote:
>
> > Are you kidding ?
> >
> > As the PHP manual said "if you use double quotes there will be a need to
> > escape the variable names".
> >
> > In your example you use a function with double quotes, without escaping the
Works on Opera 10.70. Build 9049 for Linux, too.
On Thu, 23 Sep 2010 04:23:47 -0600
info@securitylab.ir wrote:
> Proof Of Concept:
>
> 1.html:
> <body>
> {}body{DOM:
does not give away the keys to the kingdom.
thanks
On 10/11/07, gboyce <gboyce@badbelly.com> wrote:
> On Thu, 11 Oct 2007, pdp (architect) wrote:
>
> > Thor, with no disrespect but you are wrong. Security in depth does not
> > work and I am not planning to support my argument in any way. This is
> > just my personal humble opinion. I've seen only failure of the
> > principles you mentioned. Security in depth works only in a perfect
Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
Version: cde200-2.5.3.8
Compiled 16:07:11 Jan 21 2010 by ipvbuild
Compile Time Options: KQ SS
System was restarted on Thu Jun 3 04:09:25 2010.
The system has been up for 2 hours, 11 minutes, 27 seconds.
cdn-cde#
Alternatively the Content Delivery System Manager home page gives a
Next Page>>
|
