Full Disclosure

XSS in mtvindia.com

Tue, 09 Feb 2010 15:06:31 GMT

Posted by sachin shinde on Feb 09

XSS is present in mtvindia.com

url:http://www.mtvindia.com/vjhunt/about.php

in this page under phone # XSS is present.

Hacktics Advisory Feb09: XSS in Oracle E-Business Suite

Tue, 09 Feb 2010 13:04:09 GMT

Posted by Ofer Maor on Feb 09

Hacktics Research Group Security Advisory
http://www.hacktics.com/#view=Resources%7CAdvisory

By Gil Cohen, Hacktics.
9-Feb-2010

===========
I. Overview
===========
During a penetration test performed by Hacktics' experts, certain
vulnerabilities were identified in an Oracle E-Business Suite deployment.
Further research has identified that a web interface showing user errors are
vulnerable to reflected cross site scripting attacks.

A friendly...

Baidu XSS Zero Day

Tue, 09 Feb 2010 10:08:01 GMT

Posted by Beatyou Man on Feb 09

Baidu.com is the bigest search engineen provider in China. After
been hacked by Iran Cyberarmy. There is another vulnerbility been found on index.baidu.com.

Description of Vulnerability:

-----------------------------

There is a XSS vulnerability exist on baidu.com which found by a Internet user.

Impact:

-------

No more repeat about such types of vulnerabilities

Mitigating factors:

-------------------

Proof of concept:

-----------------...

[ MDVSA-2010:034 ] kernel

Mon, 08 Feb 2010 19:14:20 GMT

Posted by security on Feb 08

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:034
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kernel
Date : February 8, 2010
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Some...

Re: about jit and dep+aslr

Mon, 08 Feb 2010 16:27:35 GMT

Posted by Christian Sciberras on Feb 08

That's a Google feature!! (remembering the Google<->China issue ;) )

2010/2/8 Thor (Hammer of God) <Thor () hammerofgod com>:

Re: about jit and dep+aslr

Mon, 08 Feb 2010 16:25:56 GMT

Posted by Thor (Hammer of God) on Feb 08

Well, *I* made the mistake of trying to be witty with one of those "google translate" Chinese tags and it didn't go so
well for me. I ended up offending a couple of people and got a few "Sun your mother" emails myself. :)

t

Re: about jit and dep+aslr

Mon, 08 Feb 2010 16:14:47 GMT

Posted by Christian Sciberras on Feb 08

Is it so difficult to do some translation prior, just as Larry did?
Sure, some members on FD are gits, but please do respect the rest, will you?

Regards,
Chistian Sciberras.

2010/2/8 Larry Seltzer <larry () larryseltzer com>:

Re: about jit and dep+aslr

Mon, 08 Feb 2010 16:02:54 GMT

Posted by Larry Seltzer on Feb 08

Google translates this as “Sun your mother!”

Larry Seltzer
Contributing Editor, PC Magazine

larry_seltzer () ziffdavis com

http://blogs.pcmag.com/securitywatch/

From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of
yuange
Sent: Monday, February 08, 2010 10:30 AM
To: vpn.1.fanatic () gmail com; charles.skoglund () bitsec se
Cc: full-disclosure
Subject: Re: [Full-disclosure]...

Re: about jit and dep+aslr

Mon, 08 Feb 2010 15:35:05 GMT

Posted by yuange on Feb 08

太阳你妈妈!

Date: Mon, 8 Feb 2010 14:48:06 +1100
Subject: Re: [Full-disclosure] about jit and dep+aslr
From: vpn.1.fanatic () gmail com
To: charles.skoglund () bitsec se
CC: yuange1975 () hotmail com; ravi.borgaonkar () gmail com; full-disclosure () lists grok org uk

No u.

Yuange - opt out you useless dogshit.

2010/2/5 Charles Skoglund <charles.skoglund () bitsec se>

Ravi stop being a douchebag

My native language is not...

[Hacking Event] Night Da Hack 2010 : Call For Proposals

Mon, 08 Feb 2010 13:49:30 GMT

Posted by m . mahdjoub on Feb 08

- Night Da Hack 2010

Date: June 19-20 2010
Time: 4 PM - 7 AM
Location: Paris, France

What is Night da Hack?
“Night da Hack” comes from a rough translation from French “Nuit du Hack”. Started in 2003 by Hackerz Voice team, and
inspired by world famous DEF CON, “Nuit du Hack” is one of the oldest French underground hacking conference.

Around computer security related talks, workshops and contests, Night da Hack aims at bringing...

CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability

Mon, 08 Feb 2010 13:36:19 GMT

Posted by Security on Feb 08

|------------------------------------------------------------------|
| __ __ |
| _________ ________ / /___ _____ / /____ ____ _____ ___ |
| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |
| \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ |
|...

Re: Samba Remote Zero-Day Exploit

Mon, 08 Feb 2010 10:22:13 GMT

Posted by Stefan Kanthak on Feb 08

Dan Kaminsky wrote on February 06, 2010 6:43 PM:

OUCH!
No, creating junctions (as well as the Vista introduced symlinks)
DOESN'T need admin rights!

[snip]

Stefan

The true power of cache

Mon, 08 Feb 2010 10:07:59 GMT

Posted by MustLive on Feb 08

Hello participants of Full-Disclosure!

As I wrote in January in my article The true power of cache
(http://www.webappsec.org/lists/websecurity/archive/2010-02/msg00024.html),
the cache of search engines can be useful tool in skilful hands. There are
many possibilities of using of cache for hackers.

Possibilities of cache of search engines:

1. Search for vulnerabilities of the site in cache.
2. Search for vulnerabilities of the site in snippet....

Vulnerability in Tagcloud for DataLife Engine

Mon, 08 Feb 2010 10:06:40 GMT

Posted by MustLive on Feb 08

Hello Full-Disclosure!

I want to warn you about Cross-Site Scripting vulnerability in Tagcloud
plugin for DataLife Engine (DLE). Which I found at 07.01.2010.

It is similar to XSS vulnerability in 3D Cloud for Joomla
(http://websecurity.com.ua/3883/). About millions of flash files
tagcloud.swf which are vulnerable to XSS attacks I mentioned in my article
XSS vulnerabilities in 34 millions flash files
(...

XSS vulnerability in NEW orkut.

Mon, 08 Feb 2010 09:33:48 GMT

Posted by sachin shinde on Feb 08

hi,

XSS is present in NEW orkut(NEW only) profile page under "cuisines" text.
please see attached image.

regards,