[Full-disclosure] Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal

2011-09-14 Thread Irene Abezgauz
Seeker Research Center Security Advisory This vulnerability was discovered by Seeker(r) Automatic Run-Time Application Security Testing Solution bDisclosed By Irene Abezgauz, September 13th, 2011 = I. Overview = An Insecure Redirect vulnerability has been identified

[Full-disclosure] [SECURITY] [DSA 2309-1] openssl security update

2011-09-14 Thread Raphael Geissert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2309-1 secur...@debian.org http://www.debian.org/security/ Raphael Geissert September 13, 2011

Re: [Full-disclosure] Full-Disclosure Digest, Vol 79, Issue 21

2011-09-14 Thread Mikhail A. Utin
-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- next part -- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110914

[Full-disclosure] full-disclosure@lists.grok.org.uk

2011-09-14 Thread Heyder[AlligatorTeam]
# Exploit Title: WordPress Auctions plugin = 1.8.8 SQL Injection Vulnerability # Date: 2011-09-09 # Author: sherl0ck_ sherl0ck_[at]alligatorteam[dot]org @AlligatorTeam # Software Link: http://downloads.wordpress.org/plugin/wp-auctions.zip # Version: 1.8.8 (tested) --- PoC

[Full-disclosure] Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities

2011-09-14 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities Advisory ID: cisco-sa-20110914-lms Revision 1.0 For Public Release 2011 September 14 1600 UTC (GMT

[Full-disclosure] Cisco Security Advisory: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities

2011-09-14 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities Advisory ID: cisco-sa-20110914-cusm Revision 1.0 For Public Release 2011 September 14 1600 UTC (GMT

Re: [Full-disclosure] WordPress Auctions plugin = 1.8.8 SQL Injection

2011-09-14 Thread Henri Salo
On Wed, Sep 14, 2011 at 12:04:03PM -0300, Heyder[AlligatorTeam] wrote: # Exploit Title: WordPress Auctions plugin = 1.8.8 SQL Injection Vulnerability # Date: 2011-09-09 # Author: sherl0ck_ sherl0ck_[at]alligatorteam[dot]org @AlligatorTeam # Software Link:

[Full-disclosure] CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus

2011-09-14 Thread CORE Security Technologies Advisories
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiples Vulnerabilities in ManageEngine ServiceDesk Plus 1. *Advisory Information* Title: Multiples Vulnerabilities in ManageEngine ServiceDesk Plus Advisory ID: CORE-2011-0506 Advisory URL:

[Full-disclosure] WordPress Auctions plugin = 1.8.8 SQL Injection Vulnerability

2011-09-14 Thread Heyder[AlligatorTeam]
# Exploit Title: WordPress Auctions plugin = 1.8.8 SQL Injection Vulnerability # Date: 2011-09-09 # Author: sherl0ck_ sherl0ck_[at]alligatorteam[dot]org @AlligatorTeam # Software Link: http://downloads.wordpress.org/plugin/wp-auctions.zip # Version: 1.8.8 (tested) --- PoC