Full Disclosure mailing list archives

Re: DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

From: "MustLive" <mustlive () websecurity com ua>
Date: Thu, 23 Jun 2011 20:35:25 +0300

Dear Valdis!

Thank you for worrying about my MUA, but everything is fine with it. 
Everything is fine from 1998 with every version of OE which I've used.

These postings about vulnerabilities in Callisto 821+ are different letters 
about different vulnerabilities (and are not duplicates). So you've 
mistakenly took them as duplicates (maybe due to similar titles and similar 
intros which these letters had), but they were not. As you can see from the 
list of my postings about holes in Callisto 821+ 
(http://securityvulns.ru/news/ZTE/Callisto/821.html), I'm periodically 
changing titles (slightly) to let people see, that these letters are about 
different holes ;-).

It's also duplicated your posting regarding WordPress at least 3 times.


What concrete posting regarding WP you are talking about? Maybe it's the 
same situation as with Callisto router and actually there are no duplicates, 
but separate letters.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: <Valdis.Kletnieks () vt edu>
To: "MustLive" <mustlive () websecurity com ua>
Cc: <submissions () packetstormsecurity org>; 
<full-disclosure () lists grok org uk>
Sent: Friday, June 17, 2011 7:17 PM
Subject: Re: [Full-disclosure] DoS, CSRF and XSS vulnerabilities in ADSL 
modem Callisto 821+

On Fri, 17 Jun 2011 19:06:52 +0300, MustLive said:

Hello list!

I want to warn you about new security vulnerabilities in ADSL modem 
Callisto
821+ (SI2000 Callisto821+ Router).


Dear MustLive:

Please check the configuration of your MUA - your copy of Outlook Express
appears to have posted this same e-mail 11 times so far this month.  Looks
suspiciously like the problem described in RFC1047.  It's also duplicated 
your
posting regarding WordPress at least 3 times. 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ MustLive (Jun 17)
- Re: DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ Valdis . Kletnieks (Jun 17)
  - Re: DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ p8x (Jun 17)
  - Re: DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ MustLive (Jun 23)