ESA-2012-026: RSA Access Manager Session Replay Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2012-026: RSA� Access Manager Session Replay Vulnerability EMC Identifier: ESA-2012-026 CVE Identifier: CVE-2012-2281 Severity Rating: CVSSv2 Base Score: 6. 8 (AV:A/AC:H/Au:N/C:C/I:C/A:C) Affected Products: �RSA Access Manager Server version 6

Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities

Title: == Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities Date: = 2012-06-14 References: === http://www.vulnerability-lab.com/get_content.php?id=614 VL-ID: = 614 Common Vulnerability Scoring System: 6.5 Introduction: =

Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities

Title: == Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities Date: = 2012-06-13 References: === http://www.vulnerability-lab.com/get_content.php?id=605 VL-ID: = 605 Common Vulnerability Scoring System: 5.5 Introduction:

GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites

Title: == GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites Date: = 2012-06-11 References: === http://www.vulnerability-lab.com/get_content.php?id=601 VL-ID: = 601 Common Vulnerability Scoring System: 7.5 Introduction: ==

Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites

Title: == Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites Date: = 2012-06-10 References: === http://www.vulnerability-lab.com/get_content.php?id=606 VL-ID: = 606 Common Vulnerability Scoring System: 7 Introduction: =

.Net Framework Tilde Character DoS - Sorry, exploit-db link corrected

Link: http://soroush.secproject.com/downloadable/iis_tilde_dos.txt Exploit-db link: www.exploit-db.com/exploits/19575 Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGROUND - "The .

.Net Framework Tilde Character DoS

Link: http://soroush.secproject.com/downloadable/iis_tilde_dos.txt Exploit-db link: http://www.exploit-db.com/wp-content/themes/exploit/docs/19527.pdf Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGR

IIS Short File/Folder Name Disclosure by using tilde ~ character

Link: http://soroush.secproject.com/downloadable/iis_tilde_shortname_disclosure.txt Exploit-db link: www.exploit-db.com/exploits/19525/ Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND --

[SECURITY] [DSA 2507-1] openjdk-6 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2507-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff July 04, 2012

Just4meeting 3.0 - Lisbon/Portugal - 6 to 8 - July

Hi There, Follows details a Infosec Event in Portugal The 3rd edition of the Just4meeting event is aimed to all the professionals of InfoSec that want to update and strength their knowledge. The organization knows that this meeting is already a reference in this area in Portugal and strongly bel

Blind SQL Injection in Webmatic

Advisory ID: HTB23096 Product: Webmatic Vendor: valarsoft.com Vulnerable Version(s): 3.1.1 and probably prior Tested Version: 3.1.1 Vendor Notification: 13 June 2012 Public Disclosure: 4 July 2012 Vulnerability Type: Blind SQL Injection CVE Reference: CVE-2012-3350 CVSSv2 Base Score: 7.5 (AV:N/A

Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location

Hi @ll, the current "Microsoft Live Meeting 2007 client" (available from , referenced as update in , , ,

Forum Oxalis 0.1.2 <= SQL Injection Vulnerability

# Forum Oxalis 0.1.2 <= SQL Injection Vulnerability # Discovered by: Jean Pascal Pereira Vendor information: "Forum Oxalis is a minimalis GPL PHP forum using CSS." Vendor URI: http://developer.berli

plow 0.0.5 <= Buffer Overflow Vulnerability

# plow 0.0.5 <= Buffer Overflow Vulnerability # Discovered by: Jean Pascal Pereira Vendor information: "plow is a command line playlist generator." Vendor URI: http://developer.berlios.de/projects/p

From XSLT code execution to Meterpreter shells

Hello, in the last weeks, I demonstrated at HackInTheBox Amsterdam and HackInParis a Metasploit module used to gain Meterpreter shells from XSLT vulnerabilities. Given the questions I received, I chose to publish a blog-post explaining the overall concept and some implementation details. The arti

Cyberoam advisory

Vulnerability in Cyberoam DPI devices [30 Jun 2012] (CVE-2012-3372) === Cyberoam make a range of DPI devices (http://www.cyberoamworks.com/) which are capable of intercepting SSL connections. In common with all such devices, in order

[CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution

- Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution - author...: Egidio Romano aka EgiX mail.: n0b0d13s[at]gmail[dot]com softw

[ MDVSA-2012:101 ] libtiff

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:101 http://www.mandriva.com/security/ _