Moritz,
I understand your point here. I posted the description of the technique,
because it is a threat actually. You describe that if the appropriate
defensive configuration is in place the technique won't work.
But this can be applied everywhere, it's like saying when you want to defend
against
Hello list!
I want to warn you about new security vulnerabilities in Adobe ColdFusion
(to previous SQL DB Structure Extraction, Full path disclosure and
Cross-Site Scripting). These are Brute Force and Abuse of Functionality
vulnerabilities.
-
Affected products:
In light of recent events in the bitcoin community I have decided that
private disclosure of issues is doing nothing but making them more prevalent.
In light of this decision I would like to report multiple CSRF vulnerabilities
in http://clearcoin.appspot.com .
This set of CSRFs are
Message bounced due to lack of subscription the first time. Resending.
Site has already been pulled as this was simultaneously sent to the bitcoin
development list.
On Jun 19, 2011, at 4:54 PM, Doug Huff wrote:
In light of recent events in the bitcoin community I have decided that
private
Some of us take private disclosures of vulnerabilities very seriously.
In any case, the ClearCoin CSRF vulnerability is fixed. Thank you for
bringing it to my attention.
On Sun, Jun 19, 2011 at 5:54 PM, Doug Huff dh...@jrbobdobbs.org wrote:
In light of this decision I would like to report
I know. Please do not take this as a personal attack. Blame MagicalTux's
irresponsible behaviour as of late. :(
On Jun 19, 2011 5:34 PM, Gavin Andresen gavinandre...@gmail.com wrote:
Some of us take private disclosures of vulnerabilities very seriously.
In any case, the ClearCoin CSRF
I see numerous announcements from ZDI pointing to June 14th updates. Is that
what big guys MS and Adobe missed in last week updates? If NO, then we need to
stop ZDI from polluting our list with last year news. Anyway, I see repetitive
announcements pretty often.
Thank you
Mikhail A. Utin,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2265-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
June 20, 2011
Hello list!
I want to warn you about new security vulnerabilities in ADSL modem Callisto
821+ (SI2000 Callisto821+ Router).
These are Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities. In April I've already drew attention of Ukrtelecom's
representative (and this modem was bough
Information
Name : XSS Persistent in EA Sports
Software : EA Sports Main site
Vendor Homepage : http://www.ea.com
Vulnerability Type : XSS Persistent
Severity : Very High
Researcher : Juan Sacco jsacco [at] insecurityresearch [dot] com
Description
--
10 matches
Mail list logo