-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I found a way to abuse "*" in bash. I can make an arbitrary code
execution attack.
This is a well-known problem, but it still surprises a lot of people.
It's been discussed on this list before:
http://seclists.org/fulldisclosure/2011/Sep/190
Yes it is a vector.
Imagin the following:
you go to a "friend". there you log in to your site.
before you leave, you forgotten to logout.
at home you change your password.
but your friend can still use your account.
greetings
Am 23.06.2014 20:21, schrieb Christian K.:
> Hi,
>
> i have a question
Dear Christian,
obviously you have a cookie in your browser on computer A. Assumed, that
kleinanzeigen.ebay.de does not match the IP addresses of different attemts to
access the user page, this seems to be the only way to verify, that you are
still you. So, you could take a look into your cookie
Hi Christian,
as you first logged in on Computer A, you authenticated yourself by showing
possession of the current password. Afterwards the application created a
session for you with a unique Session-ID and maybe some more session data. From
that point on your browser gets access to the applic
*R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES*
As part of our project Master Thesis, we have discovered several UDP
amplifications which can be used on distributed reflection denial of
service attacks (DRDoS). We found vulnerabilities on mobile games, SIP,
and Citrix ICA
On May 27th our research labs discovered a vulnerability (CVE-2014-3868)
in an e-commerce shopping cart application known as "ZeusCart". The
same day,
we reported this vulnerability to mitre.org and the CVE was assigned.
We were
able to get in touch with the vendor with a confirmed response relat
OK, this is more fun than any immediate risk...
Those of you who follow web security topics probably remember that
until mid-2010, you could extract very substantial chunks of one's
browsing history by applying distinctive styling to thousands of
off-screen :visited links and then reading that inf
