-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Onapsis Security Advisory 2011-016: SAP WebAS Malicious SAP Shortcut Generation
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
?Onapsis Security Advisory 2011-014: SAP WebAS Remote Denial of Service
1. Impact on Business
=
By exploiting this vulnerability, an unauthenticated attacker would be able to
remotely disrupt the SAP Application Server.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Onapsis Security Advisory 2011-015: SAP WebAS webrfc Cross-Site Scripting
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand
On Wed, Sep 14, 2011 at 08:12:33PM +0300, Henri Salo wrote:
On Wed, Sep 14, 2011 at 12:04:03PM -0300, Heyder[AlligatorTeam] wrote:
# Exploit Title: WordPress Auctions plugin = 1.8.8 SQL Injection
Vulnerability
# Date: 2011-09-09
# Author: sherl0ck_ sherl0ck_[at]alligatorteam[dot]org
On Wed, Sep 14, 2011 at 04:06:26PM -0300, Heyder[AlligatorTeam] wrote:
# Exploit Title: WordPress Auctions plugin = 1.8.8 SQL Injection
Vulnerability
# Date: 2011-09-09
# Author: sherl0ck_ sherl0ck_[at]alligatorteam[dot]org
@AlligatorTeam
# Software Link:
Hello,
Microsoft recently published MS11-074. This bulletin concerns mainly
SharePoint (2007 and 2010) but CVE-2011-1892 applies too to Office
Groove (client and server), Office Forms Server 2007 and Office Web Apps
2010.
The vulnerability is a XML External Entity Reference one, as described
in
Hi Thor,
Microsoft is maintaining a list of binary planting bugs they've fixed here:
http://technet.microsoft.com/en-us/security/advisory/2269637
You will find our name in some of these advisories.
Calling the above effort a Binary Planting Clean-up Mission was merely a
benign
poetic exercise,
Hi Adam,
I'm afraid you don't fully understand the issue. This is not about placing your
own
DLL on a local machine so that a chosen application will load it (i.e., user
attacking an application on his own computer). It is about an application
running
on your computer silently grabbing a
I'm afraid you don't fully understand the issue. This is not about placing
your own
DLL on a local machine so that a chosen application will load it (i.e.,
user
attacking an application on his own computer).
I'm not sure you understood the point. That being, whether the user
knowingly or
Dear Mitja,
In your blog
http://blog.acrossecurity.com/2011/09/microsofts-binary-planting-clean-up.html
you wrote:
Change #1: No file:// Inside http://;
Microsoft changed the behavior of Internet Explorer such that a web
page (served via http://) can't display the content of a shared
Adobe Reader X Sandbox Bypass Vulnerability
Sep 13, 2011
Summary:
Fortinet's FortiGuard Labs has discovered a sandbox bypass vulnerability
in Adobe Reader X.
Impact:
===
Local Privilege Escalation.
Risk:
=
Critical
Affected Software:
==
For a list of product
I really don't want to talk more about this because everyone seems to be
hating on this. However...
ld_preload has to be set locally by the user or somehow remotely pass and
set ld_preload environment variable. Not only that, but it has to be in the
trusted path. This search path problem would be
12 matches
Mail list logo