[Full-disclosure] [CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability

Title: CAID 34876: CA CleverPath Portal Session Inheritance Vulnerability CA Vulnerability ID (CAID): 34876 CA Advisory Date: 2006-12-19 Discovered By: CA customer and CA Technical Support Impact: Remote attackers can potentially gain access to a user's Portal session. Summary: CA CleverPath

Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting

On 12/20/06, putosoft softputo <[EMAIL PROTECTED]> wrote: > Oracle Portal/Applications HTTP Response Splitting > -- > > Sample: > > http:///webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E

[Full-disclosure] [ MDKSA-2006:234 ] - Updated mono packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:234 http://www.mandriva.com/security/ ___

[Full-disclosure] [USN-397-1] mono vulnerability

=== Ubuntu Security Notice USN-397-1 December 20, 2006 mono vulnerability CVE-2006-6104 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10

[Full-disclosure] [ GLSA 200612-21 ] Ruby: Denial of Service vulnerability

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200612-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 200612-20 ] imlib2: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200612-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 200612-19 ] pam_ldap: Authentication bypass vulnerability

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200612-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] Oracle Portal 10g HTTP Response Splitting

Oracle Portal/Applications HTTP Response Splitting -- Sample: http:///webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E How an attack can be conducted? --- Ora

[Full-disclosure] NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory

n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2006.004 20-Dec-2006 Vendor:E

[Full-disclosure] SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability

SEC-CONSULT Security Advisory < 20061220-0> === title: Remote Command Execution in Typo3 program: Typo3 Content Management System vulnerable version: 4.0.0 -

[Full-disclosure] comparing information security to other industries -

my mileage differs. Far east competition using quality engineering and giving >2 years guarantees around the 1980s made the crucial difference, not the intervening >120 years since the invention of the modern car engines OTTO DIESEL and WANKEL. cf.: http://en.wikipedia.org/wiki/Timeline_of_motor

[Full-disclosure] [WEB SECURITY] comparing information security to other industries

who are you? from which sector? country? as published and reported, there are actually six sigma systems even in IT - systems controlling (chemical) manufacturing plant, (nuclear) power stations, oil tankers, air-traffic control etc..., embedded systems in aircraft, cars etc.. but I doubt