|
|
Prev week |
Colapse all |
Post message
Re: Google Chrome: HTTP AUTH Dialog Spoofing through Realm Manipulation (Restated) 2010-08-24 Aditya K Sood (0kn0ck secniche org) ZDI-10-155: Cisco WebEx Player ARF String Parsing Remote Code Execution Vulnerability 2010-08-23 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-155: Cisco WebEx Player ARF String Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-155 August 23, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Cisco -- Affected Products: Cisco WebEx -- TippingPoint(TM) IPS Customer Pro [ more ] [ reply ] London DEFCON - DC4420 - August meet - Wednesday 25th August 2010 2010-08-24 Major Malfunction (majormal pirate-radio org) allegedly, it's that time of the month again... as all our speakers are either dying from strep throat having spent more hours than is medically advisable in the company of desert heat and/or air conditioning, or are sunning themselves on some far away beach where dc4420 is the last thing on the [ more ] [ reply ] TPTI-10-08: Novell iPrint Client Browser PluginGetDriverFile Uninitialized Pointer Remote Code Execution Vulnerability 2010-08-23 ZDI Disclosures (zdi-disclosures tippingpoint com) TPTI-10-08: Novell iPrint Client Browser PluginGetDriverFile Uninitialized Pointer Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-10-08 August 23, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- T [ more ] [ reply ] ZDI-10-159: IBM Lotus Notes Autonomy KeyView WK3 Parsing Remote Code Execution Vulnerability 2010-08-23 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-159: IBM Lotus Notes Autonomy KeyView WK3 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-159 August 23, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: IBM Autonomy -- Affected Products: IBM Lotus Notes Autonomy KeyView - [ more ] [ reply ] Re: 2Wire Broadband Router Session Hijacking Vulnerability 2010-08-23 Mike Duncan (Mike Duncan noaa gov) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good to hear, but hard to see how this will really fix anything. Unlike most modern application and devices, these routers do not update firmware automatically or allow for the user to update them in any real world scenario. Hell, most ISPs who use the [ more ] [ reply ] Re: Google Chrome: HTTP AUTH Dialog Spoofing through Realm Manipulation (Restated) 2010-08-24 Tim (tim-security sentinelchicken org) Aditya, > First of all, the dialog spoofing issue still works in Google Chrome and > it has not been patched. I'm not surprised. There didn't seem to be a lot of interest in these issues from any browser vendor when I brought them to their attention. > A lot of tests have been > conducted consi [ more ] [ reply ] [security bulletin] HPSBGN02569 SSRT100200 rev.1 - HP MagCloud iPad App, Remote Unauthorized Access to Data 2010-08-24 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02478639 Version: 1 HPSBGN02569 SSRT100200 rev.1 - HP MagCloud iPad App, Remote Unauthorized Access to Data NOTICE: The information in this Security Bulletin should be acted upon as soon as poss [ more ] [ reply ] Re: Google Chrome: HTTP AUTH Dialog Spoofing through Realm Manipulation (Restated) 2010-08-23 Aditya K Sood (0kn0ck secniche org) Hi Tim First of all, the dialog spoofing issue still works in Google Chrome and it has not been patched. A lot of tests have been conducted considering different variants spoofing. I missed your paper previously. I must say its a very good read. A similar issue about Google URL obfuscation, which s [ more ] [ reply ] [security bulletin] HPSBST02536 SSRT100057 rev.3 - HP StorageWorks Storage Mirroring, Local Unauthorized Access 2010-08-24 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02056045 Version: 3 HPSBST02536 SSRT100057 rev.3 - HP StorageWorks Storage Mirroring, Local Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as [ more ] [ reply ] ZDI-10-158: IBM Lotus Notes Autonomy KeyView WK3 Parsing Remote Code Execution Vulnerability 2010-08-23 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-158: IBM Lotus Notes Autonomy KeyView WK3 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-158 August 23, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: IBM Autonomy -- Affected Products: IBM Lotus Notes Autonomy KeyView - [ more ] [ reply ] ZDI-10-156: IBM Lotus Notes Autonomy KeyView Word Parsing Remote Code Execution Vulnerability 2010-08-23 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-156: IBM Lotus Notes Autonomy KeyView Word Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-156 August 23, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: IBM Autonomy -- Affected Products: IBM Lotus Notes Autonomy KeyView [ more ] [ reply ] Re: Google Chrome: HTTP AUTH Dialog Spoofing through Realm Manipulation (Restated) 2010-08-23 Tim (tim-security sentinelchicken org) Hi Aditya, > Google Chrome ( 5.0.375.127 and previous versions) suffers from HTTP > Auth Dialog spoofing vulnerability due to possible > realm manipulation in the HTTP header. Previously, Google chrome has got > a similar bug which can be seen on the following link How is this significantly diffe [ more ] [ reply ] Secunia Research: Mono libgdiplus Image Processing Three Integer Overflows 2010-08-23 Secunia Research (remove-vuln secunia com) Re: 2Wire Broadband Router Session Hijacking Vulnerability 2010-08-21 YGN Ethical Hacker Group (lists yehg net) [SECURITY] [DSA 2095-1] New lvm2 packages fix denial of service 2010-08-23 Giuseppe Iuculano (iuculano debian org) XSS vulnerability in MAXdev 2010-08-22 advisory htbridge ch Vulnerability ID: HTB22563 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_maxdev.html Product: MAXdev Vendor: MAXdev ( http://www.maxdev.it/ ) Vulnerable Version: 1.0.83 and Probably Prior Versions Vendor Notification: 05 August 2010 Vulnerability Type: XSS (Cross Site Scripting) [ more ] [ reply ] Biblioteca 1.0 Beta Joomla Component Multiple SQL Injection Vulnerabilities 2010-08-21 Salvatore Fresta aka Drosophila (drosophilaxxx gmail com) Secunia Research: Novell iPrint Client "call-back-url" Buffer Overflow Vulnerability 2010-08-20 Secunia Research (remove-vuln secunia com) Re: [MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue 2010-08-20 MustLive (mustlive websecurity com ua) Hello Bugtraq! Regarding this XSS in WordPress 3.0.1 (http://www.securityfocus.com/archive/1/513101/30/30/threaded) I'll note about what I already wrote at my site last week. And already wrote to David. That for the attack it's needed to know token (_wpnonce), which designed to protect against [ more ] [ reply ] [Bkis-04-2010] Multiple Vulnerabilities in OpenBlog 2010-08-23 Bkis (minhbq bkav com vn) [Bkis-04-2010] Multiple Vulnerabilities in OpenBlog 1. General Information OpenBlog is a free software for developing blogging platform. OpenBlog is written on PHP language and available at http://www.open-blog.info. In August 2010, Bkis Security discovered some XSS, CSRF vulnerabilities on this s [ more ] [ reply ] Nagios XI Login XSS 2010-08-20 Adam Baldwin (adam_baldwin ngenuity-is com) Nagios XI Login XSS Advisory ID: NGENUITY-2010-007 Vulnerability Information Class: Cross-Site Scripting (XSS) Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Description The login page for the Nagios XI management interface [ more ] [ reply ] Directory Traversal in FTPGetter 2010-08-22 advisory htbridge ch Vulnerability ID: HTB22567 Reference: http://www.htbridge.ch/advisory/directory_traversal_in_ftpgetter.html Product: FTPGetter Vendor: FTPGetter Team ( http://www.ftpgetter.com/ ) Vulnerable Version: 3.51.0.05 and Probably Prior Versions Vendor Notification: 05 August 2010 Vulnerability Type: File [ more ] [ reply ] |
|
Privacy Statement |
You can have a look at the screenshot at below mentioned link
http://www.secniche.org/goog_chr_auth_spoof.jpg
Kind Regards
Aditya
Tim wrote:
> Aditya,
>
>
>> First of all, the dialog spoofing issue still works in Google Chrome and
>> it has not been patched.
>>
>
> I'm not surpr
[ more ] [ reply ]