-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04562179
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04562179
Version: 1
HPSBGN03251 r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3158-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
February 09, 2015
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04565853
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04565853
Version: 1
HPSBGN03252 r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3157-1 secur...@debian.org
http://www.debian.org/security/Alessandro Ghedini
February 09, 2015
Not sure what you think about this one.It appears to be a bug with IE.
---
// Shawn
On Feb 5, 2015, at 12:06 AM, David Leo wrote:
> "is this entirely an IE flaw"
> Yes.
>
> "is it tied to the use of Cloudflare"
> No.
>
> "I tried to reproduce... was unsuccessful"
> Likely, this detail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0227 Request Smuggling
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.8
- - Apache Tomcat 7.0.0 to 7.0.54
- - Apache Tomcat 6.0.0 to 6.0.41
Description:
It was possible to c
Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072)
Host below files on webserver (attacker.com) and share the exploit link with
victims,
exploit.php --- exploit link (Share with victim)
redirect.php --- Script to redirect on target page (target page should not
contain X-Frame-Options or
#Vulnerability title: Radexscript CMS 2.2.0 - SQL Injection vulnerability
#Vendor: http://redaxscript.com/
#Product: Radexscript CMS
#Software link: http://redaxscript.com/download/releases
#Affected version: Redaxscript 2.2.0
#Fixed version: Redaxscript 2.3.0
#CVE ID: CVE-2015-1518
#Author: Pham K
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-3156-1 secur...@debian.org
http://www.debian.org/security/Alessandro Ghedini
February 07, 2015
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3154-2 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
February 07, 2015
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04512909
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04512909
Version: 2
HPSBMU03216 r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04565856
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04565856
Version: 1
HPSBGN03254 r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04526330
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04526330
Version: 1
HPSBMU03224 r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04565855
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04565855
Version: 1
HPSBGN03253 r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04550240
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04550240
Version: 2
HPSBUX03235 S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04511778
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04511778
Version: 2
HPSBUX03166 S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-2978-2 secur...@debian.org
http://www.debian.org/security/Alessandro Ghedini
February 06, 2015
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-3155-1 secur...@debian.org
http://www.debian.org/security/ Luciano Bello
February 06, 2015
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2015:037
http://www.mandriva.com/en/support/security/
__
About the Product:
BMC FootPrints Service Core is an IT service and asset management platform used
by many organizations to help the IT departments deliver more value to
businesses.
Advisory Details:
During a Penetration testing, Help AG auditor (Ayman Abdelaziz) discovered the
following:
1) S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2015:035
http://www.mandriva.com/en/support/security/
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2015:036
http://www.mandriva.com/en/support/security/
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2015:034
http://www.mandriva.com/en/support/security/
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2015:033
http://www.mandriva.com/en/support/security/
__
LG On Screen Phone authentication bypass vulnerability
--
SEARCH-LAB Ltd. discovered a serious security vulnerability in the On
Screen Phone protocol used by LG Smart Phones. A malicious attacker is
able to bypass the authentication phase of the n
'could you share the contents of "1.php"?'
Sure:
http://www.dailymail.co.uk/robots.txt";);
?>
"I'm assuming it is a delayed re-direct to the target's domain?"
Exactly. :-)
"the cloudflare scripts"
It's been tested without them.
Kind Regards,
On 2015/2/6 2:31, Barkley, Peter wrote:
Thanks Zaak
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3154-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
February 05, 2015
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2015:031
http://www.mandriva.com/en/support/security/
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2015:032
http://www.mandriva.com/en/support/security/
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability
EMC Identifier: EMC-2015-012
CVE Identifier: CVE-2015-0519
Severity Rating: CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Affected products:
EMC Capti
#2015-002 e2fsprogs input sanitization errors
Description:
The e2fsprogs package is a set of open source utilities for ext2, ext3 and
ext4 filesytems.
The libext2fs library, part of e2fsprogs and utilized by its utilities, is
affected by a boundary check error on block group descriptor informat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2015:029
http://www.mandriva.com/en/support/security/
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2015:030
http://www.mandriva.com/en/support/security/
__
Product: holding_pattern
Vendor: Liftux
Vulnerable Version(s): 0.6 and prior
Tested Version: 0.6
Advisory Publication: January 18, 2015
Vendor Notification: January 14, 2015
Public Disclosure: January 18, 2015
Vulnerability Type: Exec Code
Authentication: Not required to exploit
CVE Reference: CVE-
Ben, we have reproduced the vulnerability in many occasion.
First of all, at least to steal the session it is no matter if
X-Frame-Option is set to deny/same-origin.
Secondly, we were able to easily bypass the alert popup. It is not needed if
you implement the "waiting" logic with a synchronous AJA
1.
"Spartan - vulnerable (Windows 10)"
http://www.deusen.co.uk/items/insider3show.3362009741042107/SpartanWin10_screenshot.png
Thanks to Zaakiy Siddiqui!
2.
http://www.dailymail.co.uk/robots.txt";);
?>
Many asked for it.
3.
It's Universal XSS, as we tested:
Not only dailymail.co.uk - also Yahoo
"is this entirely an IE flaw"
Yes.
"is it tied to the use of Cloudflare"
No.
"I tried to reproduce... was unsuccessful"
Likely, this detail is missing:
http://www.dailymail.co.uk/robots.txt";);
?>
Please tell us whether you reproduce(with the PHP code).
"am I correct... JavaScript hosted on sha
37 matches
Mail list logo