You are hereFeed aggregator / Categories / Technical Blogs
Technical Blogs
Re: Vulnerability-lab.com XSS
Full Disclosure - NB Contains harsh language - 7 hours 19 min ago
Posted by Ferenc Kovacs on Feb 05
Judging from the screenshot, it seems to be a reflected XSS through theUser-Agent field.
I would be curious how could this be exploited from the client side as you
can't manipulate other visitors User-Agent header.
Of course if the User-Agent is logged and the admin area which displays the
logs has the same defect, then this is a different story.
Categories: Technical Blogs
Re: Vulnerability-lab.com XSS
Full Disclosure - NB Contains harsh language - 7 hours 53 min ago
Posted by RandallM on Feb 05
Hell, his English teacher is...Categories: Technical Blogs
Re: can you answer this?
Full Disclosure - NB Contains harsh language - 10 hours 10 min ago
Posted by Valdis . Kletnieks on Feb 05
On Fri, 03 Feb 2012 02:58:52 CST, Fatherlaptop said:Simple - it probably came in from elsewhere, and it's asking an IP from an
address that it thought *was* in *its* trust scheme.
Categories: Technical Blogs
Re: Multiple vendor antivirus .kz archive format evasion/bypass vulnerability.
Full Disclosure - NB Contains harsh language - 12 hours 30 min ago
Posted by ZeroDay.JP on Feb 05
antivirusesDoes this ".kz" archiver have an SFX extractor? Because a new SFX type
of an archive file will raise support priority instead.
Yes, but AFTER being extracted beforehand (or maybe you can prove the
otherwise)
You can't be serious to expect every unknown archive format to be
supported by AV scanners..
Cheers
Sent to you by ZeroDay.JP via Google Reader: Re: Multiple vendor
antivirus .kz archive format evasion/bypass...
Categories: Technical Blogs
Advantech/Broadwin HMI/SCADA WebAccess universal network RPC exploit
Full Disclosure - NB Contains harsh language - 14 hours 23 min ago
Posted by Arthur Conan Doyle on Feb 05
New exploit for Broadwin/Advantexh HMI/SCADA was published by Zomb1E &amistox07.
Exploit is used undocumented features of SCADA.
See:
http://fuzzyd00r.blogspot.com/2012/02/advantechbroadwin-hmiscada-webaccess6xx.html
Categories: Technical Blogs
Re: can you answer this?
Full Disclosure - NB Contains harsh language - 14 hours 24 min ago
Posted by Fatherlaptop on Feb 05
Excellent idea. And yes I'm top posting hate snipping on iPhone!From: Randy
It's an iPhone Thang!
Was learning cursive necessary?
Categories: Technical Blogs
Re: can you answer this?
Full Disclosure - NB Contains harsh language - 14 hours 26 min ago
Posted by Granville Moore on Feb 05
Sorry - my "From" address was screwed up in my previous reply.Granville Moore
Nemesys Computer Consultants
www.nemesys.com
Categories: Technical Blogs
Re: [SECURITY] [DSA 2403-1] php5 security update
Full Disclosure - NB Contains harsh language - 14 hours 28 min ago
Posted by The:Paradox on Feb 05
Do you have Esser's site link reference about this?Il giorno 03/feb/2012 09:16, "Thijs Kinkhorst" <thijs () debian org> ha
scritto:
Categories: Technical Blogs
Vulnerability-lab.com XSS
Full Disclosure - NB Contains harsh language - 14 hours 29 min ago
Posted by lulzlab on Feb 05
vulnerability-lab XSS hahahahahaha ROTFLvulnerability lab kiddos!!!
Categories: Technical Blogs
Re: can you answer this?
Full Disclosure - NB Contains harsh language - Sun, 02/05/2012 - 22:58
Posted by Fatherlaptop on Feb 05
... Why? How is this IP asking for DHCP to another not in my trust IP scheme?From: Randy
It's an iPhone Thang!
Was learning cursive necessary?
Categories: Technical Blogs
Re: Multiple vendor antivirus .kz archive format evasion/bypass vulnerability.
Full Disclosure - NB Contains harsh language - Sun, 02/05/2012 - 22:57
Posted by Julius Kivimäki on Feb 05
You do know that anyone can create a new archive format that antiviruseswill not detect... Right?
2012/2/2 Michel <kareldjag () yahoo fr>
Categories: Technical Blogs
[SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update
Full Disclosure - NB Contains harsh language - Sun, 02/05/2012 - 22:47
Posted by Florian Weimer on Feb 05
-------------------------------------------------------------------------Debian Security Advisory DSA-2404-1 security () debian org
http://www.debian.org/security/ Florian Weimer
February 05, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : xen-qemu-dm-4.0
Vulnerability : buffer overflow
Problem...
Categories: Technical Blogs
Re: Tricky Shellcode
Full Disclosure - NB Contains harsh language - Sun, 02/05/2012 - 22:41
Posted by bashrc on Feb 05
Hello Joshua,your shellcode is basically decrypting some string using 8-bit XOR with
the key 0x41.
You can use ndisasm for analysing it. The code is easy to understand if
you know assembler.
Regards,
bashrc
$ ndisasm -b 32 SC
00000000 31C0 xor eax,eax
00000002 50 push eax ;push 0
00000003 6870797178 push dword 0x78717970 ; push string
00000008 6872772771 push dword 0x71277772
0000000D...
Categories: Technical Blogs
Re: Vulnerability-lab.com XSS
Full Disclosure - NB Contains harsh language - Sun, 02/05/2012 - 09:46
Posted by Valdis . Kletnieks on Feb 04
On Sat, 04 Feb 2012 08:06:47 +1100, doomxd said:Dale Carnegie is rolling over in his grave...
Categories: Technical Blogs
Re: when did piracy/theft become expression of freedom
Full Disclosure - NB Contains harsh language - Sun, 02/05/2012 - 04:43
Posted by Georgi Guninski on Feb 04
Just a quote:<quote>
In Germany they first came for the Communists,
and I didn't speak up because I wasn't a Communist.
Then they came for the Jews,
and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists,
and I didn't speak up because I wasn't a trade unionist.
Then they came for the Catholics,
and I didn't speak up because I was a Protestant.
Then they came for me -
and by...
Categories: Technical Blogs
[SECURITY] [DSA 2384-2] cacti regression
Full Disclosure - NB Contains harsh language - Sun, 02/05/2012 - 03:19
Posted by Luk Claes on Feb 04
-------------------------------------------------------------------------Debian Security Advisory DSA-2384-2 security () debian org
http://www.debian.org/security/
February 04, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : cacti
Vulnerability : several
Problem type : remote...
Categories: Technical Blogs
Re: can you answer this?
Full Disclosure - NB Contains harsh language - Sat, 02/04/2012 - 18:30
Posted by doc mombasa on Feb 04
aah doom has aspergers.. that explains a lot :)Den 3. feb. 2012 22.10 skrev doomxd () gmail com <doomxd () gmail com>:
Categories: Technical Blogs
Re: Vulnerability-lab.com XSS
Full Disclosure - NB Contains harsh language - Sat, 02/04/2012 - 18:28
Posted by doc mombasa on Feb 04
we fear your irc chan :(Den 3. feb. 2012 22.06 skrev doomxd () gmail com <doomxd () gmail com>:
Categories: Technical Blogs
Re: Vulnerability-lab.com XSS
Full Disclosure - NB Contains harsh language - Sat, 02/04/2012 - 07:22
Posted by doomxd () gmail com on Feb 03
Your the idiot here.. Boone,will give u guys crap ya cuntzzz and I hope yur havin great time tryin to figure out howbadly this list got owned,off yad do,forcing ppl to sho 0days,yet some ppl,nomatter how big yu may think,are anon,and
that's simple,yu fd a good bug,well it gets patched,yur ass gets kicks from any groups ya in,and remembr ,yur bases are
mine,and intercepting yu will be fun,been funny stall the latest bigs,sudo,etc,all...
Categories: Technical Blogs
Re: can you answer this?
Full Disclosure - NB Contains harsh language - Sat, 02/04/2012 - 07:16
Posted by doomxd () gmail com on Feb 03
Arserspeage.haha.Fku lamer.
----- Reply message -----
From: "Zach C." <fxchip () gmail com>
To: <james () zero-internet org uk>
Cc: "funsec" <funsec () linuxbox org>, "RandallM" <randallm () fidmail com>, <full-disclosure () lists grok org uk>,
<full-disclosure-bounces () lists grok org uk>
Subject: [Full-disclosure] can you answer this?
Date: Fri, Feb 3, 2012 8:04 pm
The...
Categories: Technical Blogs
