Posted by Stefan Kanthak on Oct 08

Lee “cant afford a surname” <curtlee2002 () gmail com> wrote:

Correct so far.

No, the OS is NOT the problem here.
The problem are the morons who build *.EXE to install software (or just
unpack some files) and hand these *.EXE to unsuspecting and unskilled
users, expecting them to actually EXECUTE them.
This really nasty behaviour of almost all developers/companies out
there trained users to execute almost anything they get their…

Posted by James Hodgkinson on Oct 08

Given enough bandwidth and a unique idea, anything is possible, it is
true.

You provided a 2MB text list of DNS servers, approximately 200,000 of
them. They sit across most of the v4 IP ranges available (and some IPV6
ones). This means upstream links won’t likely be saturated, and
filtering can likely be done on the server based on heuristics.

If you’re going to ask for 100% random non-existent domains you’re easy
to beat – if(…

Posted by Phil Ashby on Oct 08

This used to be a problem, 10+ years ago, since then there has been a lot of work done to protect larger DNS services
(root servers in particular) against DDoS:

https://en.wikipedia.org/wiki/Distributed_denial-of-service_attacks_on_root_nameservers

P.

—–Original Message—–
From: Fulldisclosure [mailto:fulldisclosure-bounces () seclists org] On Behalf Of Jeffrey Roberts
Sent: 05 October 2015 16:40
To: fulldisclosure () seclists org…

Posted by Pierre Kim on Oct 08

## Advisory Information

Title: Huawei 3G routers vulnerable to multiple threats
Advisory URL: https://pierrekim.github.io/advisories/2015-huawei-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2015-10-07-Huawei-routers-vulnerable-to-multiple-threats.html
Date published: 2015-10-07
Vendors contacted: Huawei, CNNVD
Release mode: Released
CVE: no current CVE
CNNVD: no current CNNVD

## Product Description

Huawei Technologies Co. Ltd. is a…

Posted by Sandeep Kamble on Oct 08

*Introduction*

*Oracle E*–*Business Suite* is a fully integrated, comprehensive suite of
business applications for the enterprise. Following purposes most of
organization uses Oracle E-business.

1. Customer Relationship Management
2. Financial Management
3. Human Capital Management
4. Project Portfolio Management
5. Advanced Procurement
6. Supply Chain Management
7. Service Management

*Vulnerable Version*

Oracle…

Posted by Sandeep Kamble on Oct 08

*Overview*

Recently, I was playing around with the Drupal CMS application code. Drupal
is an open source CMS application widely used for blog posting purpose,
Further details, to know more about Drupal
here <https://www.drupal.org/documentation>. Open source application
advantage being, the source code was at my disposal.

While fiddling around with the core Drupal Vendor Package I stumbled upon a
very interesting vulnerability of XSS. Now…

Posted by Shawn McMahon on Oct 08

On Mon, Oct 5, 2015 at 8:16 AM, Stefan Kanthak <stefan.kanthak () nexgo de>
wrote:

Perhaps it’s my ignorance talking, but I just don’t see how:

“Run this EXE that might contain bad stuff” is worse than:

“Install this .msi as Admin that might contain bad stuff” or “install this
RPM as root that might contain bad stuff” or “install this .pkg as root
that might contain bad stuff.”

The…

Posted by MustLive on Oct 08

Hello list!

After all my advisories about vulnerabilities in Callisto 821+
(http://seclists.org/fulldisclosure/2011/Aug/1) and recent advisory about
Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my
letters and subsequent my public disclosure of vulnerabilities and new
devices are vulnerable as well, so I disclosed vulnerabilities in Callisto
821+R3 ADSL Router.

These are Cross-Site Request Forgery vulnerabilities….

Posted by Onur Yilmaz on Oct 08

Information
——————–
Advisory by Netsparker.
Name: SQL Injection Vulnerability in TestLink 1.9.13
Affected Software : TestLink
Affected Versions: 1.9.1.3 and possibly below
Vendor Homepage : http://testlink.org/
Vulnerability Type : SQL Injection
Severity : Critical
Status : Fixed
CVE-ID : CVE-2015-7390
Netsparker Advisory Reference : NS-15-015

Description
——————–
If your web application is vulnerable to SQL injection, a…

Posted by Onur Yilmaz on Oct 08

Information
——————–
Advisory by Netsparker.
Name: Multiple XSS Vulnerabilities in TestLink 1.9.13
Affected Software : TestLink
Affected Versions: 1.9.1.3 and possibly below
Vendor Homepage : http://testlink.org/
Vulnerability Type : Cross-site Scripting
Severity : Important
Status : Fixed
CVE-ID : CVE-2015-7391
Netsparker Advisory Reference : NS-15-016

Description
——————–
By exploiting a Cross-site scripting…