i hope it is not getting boring
http://www.gnucitizen.org/blog/xssing-the-lan-3

In my previous posts I mentioned that in order to compromise LAN
device from the Internet the attacker needs to exploit XSS
vulnerability in the device firmware. The limitations of this kind of
attack are quite obvious.

[ more ]  [ reply ]

> I'm having some trouble believing this hasn't been reported before. If you
> have a linksys router handy, please check to see whether it is vulnerable to
> this attack. It's possible that all of the linksys router web UIs have the
> same bug. Hopefully the problem is isolated to one particular

[ more ]  [ reply ]

Bypassing script filters with variable-width encodings

Author: Cheng Peng Su (applesoup_at_gmail.com)
Date: August 7, 2006

We've all known that the main problem of constructing XSS attacks is
how to obfuscate malicious code. In the following paragraphs I will

attempt to explain the concept of by

[ more ]  [ reply ]

On Friday 04 August 2006 16:06, pdp (architect) wrote:
> IMHO, if you want to do stuff on lower level, you need to think of
> something else. JavaScript, Flash and Java Applets are technologies
> that are designed to run on the WEB. This is why, IMHO, they are quite
> good platform for performing WE

[ more ]  [ reply ]

Cisco recommends a workaround which essentially sets a limit on the number of outstanding SA's and drops new SA requests if they exceed that limit (outlined in http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_
guide09186a0080229125.html)

It seems to me that this will not acc

[ more ]  [ reply ]

> -----Original Message-----
> From: Dude VanWinkle
> Sent: Monday, August 07, 2006 8:49 PM
> > So I might be able hide something, but I can't do anything.
>
> Well, there would be an access denied message for most AV scanners
> when it hit the file in question and couldnt even get a read.
>

As I

[ more ]  [ reply ]

Does anyone know of the correct security contact for PayPal? I have
contacted them via their customer service/security contact and only
received the normal electronic response that they received my message.

Sean

[ more ]  [ reply ]

## HeLiOsZ - Dark End Team - Internet Security Team
## Dragonfly CMS 9.0.6.1 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &
http://www.darkend.org
## Rish : Medium
## Type : web applet

## Creator: http://www.cpgnuke.com/

## Exploit:
- The vuln is in the search sect

[ more ]  [ reply ]

.:. Simple one-file guestbook 1.0 .:.

Date:

-----

August 08, 2006

Vendor:

-------

http://www.xeroxer.com/index.php?page=3

Description:

------------

This is my simple one-file guestbook.

It's made of one .php file (the script) and one .txt file (the entrystorage file).

It uses

[ more ]  [ reply ]

ADVISORY NAME:

CGI Script Source Code Disclosure Vulnerability in Apache for Windows

VULNERABLE SYSTEMS:

The vulnerability has been verified on Apache 2.2.2 running on Microsoft Windows XP, Version 2002, Service Pack 2.

FOUND BY:

Susam Pal

FOUND ON:

8th August, 2007

VULNERABILITY TYP

[ more ]  [ reply ]

--------------------- SUMMARY ---------------------

Name:

XennoBB "avatar gallery" directory transversal (10/8/2006)

Vendor / Product:

XennoBB Group

http://www.xennobb.com/

Description:

The world's most revolutionary and easy to use bulletin board.

Revo

[ more ]  [ reply ]

Vendor : www.vwar.de

Vuln. Ver. : 1.5.0 and lower

Dork : "Powered by : Virtual War v1.5.0"

intext:"www.vwar.de"

-------------------------------------------

Author : MFox

Homepage : Www.HackerZ.iR

Www.H4ckerZ.Com

Iran HackerZ Security Team

----------------------------------

[ more ]  [ reply ]

ComerSus ASP Shopping Cart

Vendor : Www.Compersus.Com

Credits : MFox

HomePage : Www.HackerZ.ir

Remote DataBase Getting !

Proof of Concept :

Http://[Target]/[Path]/database/comersus.mdb

[ more ]  [ reply ]

------------------------------------------------------------------------
-----------------

myBloggie 2.1.3 mybloggie_root_path Remote File Inclusion

------------------------------------------------------------------------
-----------------

Author : Sh3ll

Date : 2006/04/29

Location : Iran -

[ more ]  [ reply ]

Example (in Delphi):

===============ani.dpr===============

program ani;

{$APPTYPE CONSOLE}

const

FileName='file.ani';

Len=113;

Buf=#$52#$49#$46#$46#$00#$00#$00#$00#$41#$43#$4F#$4E#$00#$00#$00#$00#$24
#$00+

#$00#$00#$24#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00
#$00+

[ more ]  [ reply ]

The Netgear FVG318 (http://www.netgear.com/Products/VPNandSSL/WirelessVPNFirewallRouters/FV
G318.aspx) is vunerable to a Denial of Service attack where a flood of bad checksum TCP packets will lock the router up, forcing a hard reset.

This can be acheived with a program such as fragrouter or even

[ more ]  [ reply ]

.:[ insecurity research team ]:.

.__..____.:.______.____.:.____ .

.:. | |/ \:/ ___// __ \:/ _\.:.

: | | | \\____\\ ___/\ /__ :. .

..: |__|___| /____ >\___ >\___ >.:

.:.. .. .\/ .:\/:. .\/. .:\/:

. ...:. .advisory. .:...

:...........

[ more ]  [ reply ]

------------------------------------------------------------------------
-------------------

Mafia Moblog pathtotemplate Remote File Inclusion

------------------------------------------------------------------------
-------------------

Author : Sh3ll

Date : 2006/04/30

HomePage : http://www.

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]