[BMSA-2011-01] Insecure secure cookie in web.go

BLUE MOON SECURITY ADVISORY 2011-01 === :Title: Insecure secure cookie in web.go :Severity: Low :Reporter: Blue Moon Consulting :Products: web.go :Fixed in: -- Description --- web.go is the simplest way to write web applications in the Go programming

Insecure secure cookie in Tornado

on the advisory or materials linked from the advisory is at your own risk. Blue Moon Consulting Co., Ltd reserves the right to change or update this notice at any time. -- Nam Nguyen, CISA, CISSP, CSSLP Blue Moon Consulting Co., Ltd http://www.bluemoon.com.vn pgpViSGwRhzlO.pgp Description: PGP

[BMSA-2009-08] Multiple Vulnerabilities in PyForum

BLUE MOON SECURITY ADVISORY 2009-08 === :Title: Multiple Vulnerabilities in PyForum :Severity: Critical :Reporter: Hoang Quoc Thinh and Blue Moon Consulting :Products: PyForum v1.0.3 :Fixed in: -- Description --- PyForum is a 100% python-based message

[BMSA-2009-07] Backdoor in PyForum

BLUE MOON SECURITY ADVISORY 2009-07 === :Title: Backdoor in PyForum :Severity: Critical :Reporter: Blue Moon Consulting :Products: PyForum v1.0.3 :Fixed in: -- Description --- pyForum is a 100% python-based message board system based in the excellent

[BMSA-2009-06] Remote code execution in BKAV eOffice

own risk. Blue Moon Consulting Co., Ltd reserves the right to change or update this notice at any time. -- Nam Nguyen, CISA, CISSP, CSSLP Blue Moon Consulting Co., Ltd http://www.bluemoon.com.vn pgpnH2h1ucBGT.pgp Description: PGP signature

Re: Universal XSS in all Google Services

in fixing this vulnerability, think again. This python script is used in a lot of places. Try this Google Dork to see the usage of this script in almost all Google Services. -- Nam Nguyen Blue Moon Consulting Co., Ltd http://www.bluemoon.com.vn

[BMSA 2009-04] Remote DoS in Internet Explorer

., Ltd reserves the right to change or update this notice at any time. Cheers -- Nam Nguyen Blue Moon Consulting Co., Ltd http://www.bluemoon.com.vn

[BMSA-2009-03] Multiple vulnerabilities in OpenSite v2.1

at any time. Cheers -- Nam Nguyen Blue Moon Consulting Co., Ltd http://www.bluemoon.com.vn pgpSCC7co3254.pgp Description: PGP signature

[BMSA-2009-02] XML injection in PyBlosxom

BLUE MOON SECURITY ADVISORY 2009-02 === :Title: XML Injection in PyBlosxom :Severity: Low :Reporter: Blue Moon Consulting :Products: PyBlosxom v1.4.3 :Fixed in: -- Description --- PyBlosxom is a lightweight file-based weblog system. The project started

[BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below

BLUE MOON SECURITY ADVISORY 2009-01 === :Title: Authentication bypass in Interspire Shopping Cart :Severity: Critical :Reporter: Truong Van Tri and Blue Moon Consulting :Products: Interspire Shopping Cart v4.0.1 Ultimate edition :Fixed in: v4.0.2 Description

[BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0

BLUE MOON SECURITY ADVISORY 2008-09 === :Title: Two buffer overflows in Maxum Rumpus :Severity: Critical :Reporter: Blue Moon Consulting :Products: Maxum Rumpus v6.0 :Fixed in: 6.0.1 Description --- Rumpus turns any Mac into a file transfer server.

Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)

The report is for ffdshow, but the referred URL is to ffdshow-tryout. I wonder if they are the same. Cheers Nam On Mon, 24 Nov 2008 15:17:05 +0700 svrt [EMAIL PROTECTED] wrote: 1. General Information ffdshow is a DirectShow filter and VFW codec for many audio and video formats, such as

[BMSA 2008-07] Format string vulnerability in 5th street

BLUE MOON SECURITY ADVISORY 2008-07 === :Title: Format string vulnerability in 5th street (Hot Step, High Street 5) :Severity: Critical :Reporter: Blue Moon Consulting, superkhung :Products: 5th street and derived clients :Fixed in: -- Description ---