Hi list,
I would like to inform you that the latest available Linksys WRT110 firmware is
prone to root shell command injection via cross-site request forgery. This
vulnerability is the result of the web interface's failure to sanitize ping
targets as well as a lack of csrf tokens.
Hi,
I've often found this behaviour during security assessments for corporate
Clients.
It should indeed be considered a vulnerability, especially in enterprise
scenarios where for instance it can be leveraged by a regular notebook
user to escalate privileges and be able to access all other
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Multiple vulnerabilities in McAfee ePO 4.6.6
Affected Product:
McAfee ePO 4.6.6 Build 176 (potentially) earlier versions
Timeline:
08 June 2013 - Vulnerability found
12 June 2013 - Vendor informed
12 June 2013
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version
10.2.1.95
Affected Product:
BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95
Timeline:
07 June 2013 - Vulnerability found
12 June 2013 - Vendor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03813919
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03813919
Version: 3
HPSBST02890
Corda Path Disclosure and XSS
FOREGROUND SECURITY, SECURITY ADVISORY 2013-002
- Original release date: July 12, 2013
- Discovered by: Adam Willard (Software Security Analyst at Foreground Security)
- Contact: (awillard (at)
Hi list,
I am writing to inform you of an information disclosure vulnerability I noticed
in MiniUPnPd a few months back. Specifically, MiniUPnPd versions 1.8 and
earlier are prone to an information disclosure vulnerability due to improper
use of snprintf() while preparing SSDP responses. An
On Fri, Jul 12, 2013 at 2:16 PM, cyo...@tripwire.com wrote:
...
This issue was addressed on April 26, 2013 as noted in the changelog:
http://miniupnp.free.fr/files/changelog.php?file=miniupnpd-1.8.20130607.tar.gz
2013/04/26:
Correctly handle truncated snprintf() in SSDP code
The