Microsoft Yammer Social Network - oAuth Bypass (Session Token) Vulnerability

Title: == Microsoft Yammer Social Network - oAuth Bypass (Session Token) Vulnerability Date: = 2013-08-04 References: === http://www.vulnerability-lab.com/get_content.php?id=1003 Microsoft Security Response Center (MSRC) ID: 15126 Video: http://www.vulnerability-lab.com/get_

Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!

Hi, the installation of Microsofts much acclaimed "security tool" EMET 3.0 (see and ) creates the following VULNERABLE registry entry that runs a rogue program C:\PROGRA.EXE (as well as "C:\Program Files.exe" on x64) in the s

Multiple Vulnerabilities in BigTree CMS

Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Version(s): 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection [CWE-89], Cross-Site Scripti

[ MDVSA-2013:210 ] firefox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:210 http://www.mandriva.com/en/support/security/ __

[SECURITY] [DSA 2735-1] iceweasel security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2735-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff August 07, 2013

Apache suEXEC privilege elevation / information disclosure

Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as

Trustport Webfilter Remote File Access Vulnerability

Trustport Webfilter Remote File Access Vulnerability Affected Product Product Name: Trustport Webfilter Product Version: 5.5.0.2232 Platform: Microsoft Windows Product/Company Information --- From Tru

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure

hi... I posted the advisory to make administratos aware that it will be still possible to read files with the apache uid even when suEXEC is in place. suEXEC is installed on many hosting providers. I read the cpanel site describing the patches [1], tough standart apache httpd does not have these pa

Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability Advisory ID: cisco-sa-20130807-tp Revision 1.0 For Public Release 2013 August 7 16:00 UTC (GMT

CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. *Advisory Information* Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL: http://www.coresecurity.com/advisories/hikvision-ip-cameras-

Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity

Issued: August 6, 2013 Updated: August 7, 2013 Product: Apache CloudStack Vendor: The Apache Software Foundation Vulnerability Type(s): Cross-site scripting (XSS) Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0 CVE Refere

PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities

PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities == Description == - Software link: http://www.phpfox.com - Affected versions: version 3.6.0 (build3) is vulnerable