Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ en-us (c) Gossamer Threads Inc. All rights reserved. 13 Feb 2012 01:41:14 -0800 120 75 23 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg On Sat, Feb 11, 2012 at 2:23 PM, <farthvader@hush.ai> wrote: > _________________________________________________________________________ > "Use Tomat 12 Feb 2012 14:42:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85023 They should at least consider providing an option to disable the static pin only or disable it after an hour if the future is activated by the user. 12 Feb 2012 14:30:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85022 Interesting. Do you know if they stop advertising WPS support after they disable it? On Sun, Feb 12, 2012 at 10:11 AM, Rob Fuller <jd.mubix@gmail.co 12 Feb 2012 13:55:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85021 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 12 Feb 2012 12:23:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85020 On Sun, 12 Feb 2012 05:54:30 EST, Jeffrey Walton said: > For what its worth, pinning the certificate can usually remediate > these sorts of MitM atta 12 Feb 2012 07:55:35 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85019 I've tested a 6 models of Linksys, all of them appear to disable WPS completely as soon as a single wireless setting is set. I assume this would be th 12 Feb 2012 07:11:24 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85018 In case the OP hasn't seen this: http://boingboing.net/2012/02/10/iran-attacks-internet-access-o.html https://lists.torproject.org/pipermail/tor-talk 12 Feb 2012 07:02:40 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85017 Agree. -- 'Wag More, Bark Less' - Jen and Bren, CloudStar 'Did you ever feel like God has a finger on the Reset button, waiting?' - dccdave "using w 12 Feb 2012 05:53:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85016 Hi All, https://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972 In case folks are interested in t 12 Feb 2012 02:54:30 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85009 maybe it's time to get the old school substitution code books out. http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-online-to 12 Feb 2012 01:13:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85008 thought they filtered specific URLs, but now they filter all SSL (to defeat VPNs, Tor, etc). On 2012-02-11 9:51 PM, "Robert Kim App and Facebook Marke 11 Feb 2012 22:58:06 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85015 On Sun, Feb 12, 2012 at 00:50, Robert Kim App and Facebook Marketing <evdo.hsdpa@gmail.com> wrote: > Hasn't Iran and China always been filtering? I'm 11 Feb 2012 21:56:31 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85013 Hasn't Iran and China always been filtering? Do VPNs work in this case? On Thu, Feb 9, 2012 at 9:54 AM, Sai <sai@saizai.com> wrote: > I have pretty 11 Feb 2012 21:50:27 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85007 _________________________________________________________________________ "Use Tomato-USB OS on them." _______________________________________________ 11 Feb 2012 13:23:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85012 Title: ====== eFront Community++ v3.6.10 - SQL Injection Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab 11 Feb 2012 10:53:38 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85011 Title: ====== Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab.c 11 Feb 2012 10:51:42 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85010 It should be marked as spam. We do not care about "exploitpack.com" ... do not send more message with this business. On 2/10/12, runlvl <runlvl@gmai 11 Feb 2012 08:58:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85014 Hello All, ClubHack Magazine is seeking submissions for next issue, Issue 26 - March 2012. Topics:- 1. Web App Sec 2. OS Exploitation and Security 3 10 Feb 2012 22:22:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85004 See my post @ https://plus.google.com/u/0/103112149634414554669/posts/PT3eEF4u415 to stay updated. Copying over update: - Further testing done. Conc 10 Feb 2012 17:44:06 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85006 On Fri, Feb 10, 2012 at 4:33 PM, <Valdis.Kletnieks@vt.edu> wrote: > On Fri, 10 Feb 2012 14:41:37 EST, Dan Kaminsky said: > > > According to the Reave 10 Feb 2012 13:43:12 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85003 On Fri, 10 Feb 2012 14:41:37 EST, Dan Kaminsky said: > According to the Reaver people, DD-WRT doesn't support WPS at all :) The sort of people that 10 Feb 2012 13:33:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85002 Waidaminnit... Didn't you try to sell me a belkin the other day? Conflict of interest there Sent from my BlackBerry® wireless device -----Original M 10 Feb 2012 12:01:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85001 According to the Reaver people, DD-WRT doesn't support WPS at all :) On Fri, Feb 10, 2012 at 2:00 PM, Zach C. <fxchip@gmail.com> wrote: > Solution: 10 Feb 2012 11:41:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85000 Solution: use DD-WRT? Or is that vulnerable too? (Or are there worse problems? :)) On Feb 10, 2012 10:12 AM, "Dan Kaminsky" <dan@doxpara.com> wrote: 10 Feb 2012 11:00:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84999 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 10 Feb 2012 11:00:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84998 Hello, one of InfoSec Institute's security researchers reverse engineered a new botnet that is active for the Android platform. RootSmart has some uni 10 Feb 2012 10:56:17 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84997 Fecha y hora: Sabado, Febrero 11 2012 - 18:00 PM ( Hora Argentina GMT - 3:00 ) En el webinario veremos de forma practica y teorica como se ejecutan l 10 Feb 2012 10:24:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84996 Hello list! I want to warn you about new security vulnerabilities in D-Link DAP 1150 (Wi-Fi Access Point and Router). These are Cross-Site Request 10 Feb 2012 10:21:29 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84995 "Fixing a vulnerability like this with all the bureoucratic, QA and legal process wouldn't take no more than 2 weeks" If bureaucratic, QA, and legal 10 Feb 2012 10:11:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84994 Title: ====== Yahoo Messenger - Buffer Overflow Vulnerability [Video] Date: ===== 2012-02-10 References: =========== Download: http://www.vu 10 Feb 2012 09:41:17 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85005 *Advisory Information* Title: Zen-Cart Admin CSRF/XSRF - Delete / Disable Products Date published: 2012-02-10 01:59:45 AM upSploit Ref: UPS-2011-0018 10 Feb 2012 08:10:46 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84993 On Fri, 10 Feb 2012 07:40:03 GMT, farthvader@hush.ai said: > Don't buy Linksys Routers they are vulnerable to Wifi unProtected > Setup Pin registrar 10 Feb 2012 08:06:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84991 1. OVERVIEW The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce 10 Feb 2012 08:01:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84992 Hi, I can imagine that developers want to have a clue what they need to repair. I only have a problem the way they do it and the way my behavior is e 10 Feb 2012 07:52:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84990 On Fri, 10 Feb 2012 03:51:53 GMT, Nick Boyce said: > OT: They should just make FF quality high and the design impeccable - "Quality high" is always a 10 Feb 2012 06:48:23 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84989 Title: ====== Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities Date: ===== 2012-02-10 References: =========== http://www.vulnerabil 10 Feb 2012 06:25:56 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84988 Use Tomato-USB OS on them. A. On Fri, 10 Feb 2012 07:40:03 +0000, farthvader@hush.ai wrote: Don't buy Linksys Routers they are vulnerable to Wifi 10 Feb 2012 05:48:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84987 http://www.indianapolissuperbowl.com/view-release.php?id=42 2012/2/10 research@vulnerability-lab.com <research@vulnerability-lab.com> > Title: > === 10 Feb 2012 04:56:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84986 Title: ====== Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities Date: ===== 2012-02-06 VL-ID: ===== 418 Abstract: ========= Alexander 10 Feb 2012 03:28:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84984 *Advisory Information* Title: Astaro Security Gateway - bypass using whitelist domain pattern weakness upSploit Ref: UPS-2011-0041 *Advisory Summ 10 Feb 2012 03:00:20 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84985 Title: ====== Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities Date: ===== 2012-02-09 References: =========== http://www.vulnerability-la 10 Feb 2012 02:55:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84983 Title: ====== Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities Date: ===== 2012-02-09 References: =========== http://www.vulnerability-la 10 Feb 2012 02:54:52 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84982 Title: ====== OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities Date: ===== 2012-02-08 References: =========== http://www.vulnerability-lab.com/ge 10 Feb 2012 02:53:19 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84981 Title: ====== Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities Date: ===== 2012-02-07 References: =========== http://www.vulnerability-lab 10 Feb 2012 02:51:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84980 CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI Severity: Important Vendor: GLPI - http://www.glpi-project.org Versions Affected ================= All vers 10 Feb 2012 02:40:35 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84979 Celebrate with PenTest Magazine To celebrate the transformation of PenTest StarterKit edition into Auditing & Standards PenTest, we've decided to gi 10 Feb 2012 02:32:33 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84977 Well....in Germany...our law regarding security in general is very, very vague. It basically says that you have to go to prison if you produce or pub 10 Feb 2012 02:21:28 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84978 Don't buy Linksys Routers they are vulnerable to Wifi unProtected Setup Pin registrar Brute force attack. No patch or workaround exist at the making o 09 Feb 2012 23:40:03 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84976 On Wed, Feb 8, 2012 at 9:12 PM, . . <kerdezdmeg@gmail.com> wrote: > > https://bugzilla.mozilla.org/show_bug.cgi?id=718066 > > what the hell is this?! 09 Feb 2012 19:51:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84975 Hey, anyone know why it's taking so long for the ImmunityInc forums to come back up? It's been weeks, man. __________________________________________ 09 Feb 2012 15:45:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84974 Title: ====== eFront Community++ v3.6.10 - Multiple Web Vulnerabilities Date: ===== 2012-02-09 References: =========== http://www.vulnerability-la 09 Feb 2012 10:01:12 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84973 -------------------------------------------------------------------------------------------------- CVE-2011-4367: Apache MyFaces information disclosu 09 Feb 2012 07:54:42 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84972 [Full-Disclosure] Mailing List Charter John Cartwright <johnc@grok.org.uk> - Introduction & Purpose - This document serves as a charter for the [F 09 Feb 2012 07:43:32 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84971 An InfoSec Institute Review on Creating backdoors using SQL Injection: http://resources.infosecinstitute.com/backdoor-sql-injection/ A novel t 09 Feb 2012 07:39:44 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84970 Vulnerability Report Description of Vulnerability: ----------------------------- Drupal (http://drupal.org) is a robust content management system (CM 09 Feb 2012 06:04:56 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84968 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 09 Feb 2012 05:58:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84969 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DS 09 Feb 2012 05:05:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84966 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DS 09 Feb 2012 04:07:23 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84965 Typically if you are in the US, are testing a server in the US owned by a company headquartered in the US it is legal to find Reflective XSS so long a 08 Feb 2012 21:05:28 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84963 On Wed, 08 Feb 2012 17:30:18 +0100, Info said: > A general question: is it legal to search for XSS vulnerabilities on > custom websites ? Yes. No. Ma 08 Feb 2012 18:23:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84962 Hello :-) I sent email stating the problem for the company, waited a few days and got no response, so I'm making the vulnerability public: Scan da 08 Feb 2012 17:10:21 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84964 I have pretty definitive proof that Iran is doing ip-and-port based filtering of SSL. Filtering is being done by 217.218.154.250 after a hop through 08 Feb 2012 16:54:25 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84961 I was working on a backdoor kernel land, using netfilter =] Kind regards, On Wed, Feb 8, 2012 at 10:17 PM, Levent Kayan <levonkayan@gmx.net> wrote: 08 Feb 2012 16:15:26 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84957 Hello, It is my pleasure to announce InfoSec Southwest 2012's final speaker selections. The following lectures will be given at this year's conferen 08 Feb 2012 14:24:56 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84956 On 02/08/12 22:55, Kryton Jones wrote: > Is this something like Port Knocking ?? you can see that kinda as port knocking yes. > > http://en.wikipedi 08 Feb 2012 14:17:08 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84955 privet, On 02/08/12 23:03, Kai wrote: > Hello, > >> trixd00r is an advanced and invisible userland backdoor based on TCP/IP >> for UNIX systems. It 08 Feb 2012 14:16:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84954 Hello, > trixd00r is an advanced and invisible userland backdoor based on > TCP/IP > for UNIX systems. It consists of a server and a client. The ser 08 Feb 2012 14:03:03 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84953 Is this something like Port Knocking ?? http://en.wikipedia.org/wiki/Port_knocking On 09/02/2012, at 8:29 AM, Levent Kayan wrote: > Hi there, > > 08 Feb 2012 13:55:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84960 Hi there, description =========== trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server a 08 Feb 2012 13:29:30 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84952 https://bugzilla.mozilla.org/show_bug.cgi?id=718066 what the hell is this?! _______________________________________________ Full-Disclosure - We bel 08 Feb 2012 13:12:23 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84967 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability http: 08 Feb 2012 09:46:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84951 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execu 08 Feb 2012 09:45:06 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84950 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerabil 08 Feb 2012 09:44:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84949 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vuln 08 Feb 2012 09:42:05 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84948 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability ht 08 Feb 2012 09:40:04 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84946 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability 08 Feb 2012 09:38:22 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84945 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution http://www.zerodayiniti 08 Feb 2012 09:36:51 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84944 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vul 08 Feb 2012 09:32:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84943 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerabili 08 Feb 2012 09:31:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84942 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability http:/ 08 Feb 2012 09:29:35 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84947 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability http://www.zeroda 08 Feb 2012 09:21:59 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84941 A general question: is it legal to search for XSS vulnerabilities on custom websites ? Julien On 02/08/2012 04:37 PM, Packet Storm wrote: > On Tue 08 Feb 2012 08:30:18 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84959 On Tue, Feb 07, 2012 at 06:18:24PM -0500, b wrote: > What is the point of posting notifications of XSS vulnerabilities in > specific web sites instead 08 Feb 2012 07:37:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84939 Title: ------- Netbeans Jira Plugin does not check https certificates Disclosure Timeline: ----------------------------- [2012-01-02] Vulnerability r 08 Feb 2012 07:21:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84940 On Tue, Feb 7, 2012 at 4:18 PM, b <b@advisoryalerts.com> wrote: > What is the point of posting notifications of XSS vulnerabilities in > specific web 08 Feb 2012 06:13:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84958 Typically you will run into instances where a website is employing a custom CMS/plugin/module/whatever and as such there may not be a specific softwar 08 Feb 2012 05:55:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84938 I tried to report this to the vendor in 2009. SHODAN "OwnServer1.0": Results 1 - 10 of about 11832 for OwnServer1.0 country:US. -Jason Ellison ---- 08 Feb 2012 01:21:54 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84935 Dear All, ClubHack Magazine's Issue-25, Feb 2012 is released. The theme for this issue is Network Exploitation and Security. This issue covers follo 07 Feb 2012 21:25:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84934 Android Multiple Vulnerabilities Author: www.80vul.com [Email:5up3rh3i#gmail.com] Release Date: 2012/2/8 References: http://www.80vul.com/android/a 07 Feb 2012 20:36:04 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84933 Title: ====== Cyberoam Central Console v2.00.2 - File Include Vulnerability Date: ===== 2012-02-08 References: =========== http://www.vulnerabilit 07 Feb 2012 15:24:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84937 What is the point of posting notifications of XSS vulnerabilities in specific web sites instead of alerts of xss vulns in specific software packages? 07 Feb 2012 15:18:24 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84936 http://www.sendspace.com/file/f8pexd // insectpro when he rmd the other one, i just uploaded it again :-) and i wilm d so, until this product, is pu 07 Feb 2012 12:05:51 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84932 His story seemed rather odd and BS to begin with so thanks for cleaning that up for much entertainment and ownage. Excellent day to you good sir. On 07 Feb 2012 09:26:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84931 Title: ====== HITB2011KUL - Is The Pen Still Mightier Than The Sword Date: ===== 2012-01-18 References: =========== Download: http://www.vu 07 Feb 2012 08:57:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84930 Title: ====== HITB2011KUL - Chip & PIN - Protocol Analysis EMV POS Date: ===== 2012-01-26 References: =========== Download: http://www.vulne 07 Feb 2012 08:56:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84929 Title: ====== HITB2011KUL - Mobile Malware Analysis Date: ===== 2012-02-06 References: =========== Download: http://www.vulnerability-lab.co 07 Feb 2012 08:56:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84928 Title: ====== HITB2011KUL - Post Memory Corruption Analysis Date: ===== 2012-01-26 References: =========== Download: http://www.vulnerabilit 07 Feb 2012 08:55:52 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84927 Title: ====== Google Service Reward #1 - ClickJacking Vulnerability Date: ===== 2012-02-07 References: =========== Download: http://www.vuln 07 Feb 2012 08:38:20 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84926 Title: ====== Cyberoam Central Console v2.x - File Include Vulnerability Date: ===== 2012-02-05 References: =========== Download: http://www 07 Feb 2012 08:37:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84925 Title: ====== Dinama SMS Service - Persistent Web Vulnerability Date: ===== 2012-02-05 References: =========== http://www.vulnerability-lab.com/ge 07 Feb 2012 08:36:54 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84924