[Full-disclosure] [HITB-Announce] HITB Magazine Issue 009 - Call for Submissions

This is a call for article submissions for Issue 009 of HITB's quarterly magazine - http://magazine.hitb.org/ which will be released alongside #HITB2012KUL - The 10 year anniversary of the HITB Security Conference series in Malaysia. HITB Magazine is a deep-knowledge technical publication and we a

[Full-disclosure] [Security-news] SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Local File Inclusion and Cross Site Scripting (XSS)

View online: http://drupal.org/node/1719548 * Advisory ID: DRUPAL-SA-CONTRIB-2012-125 * Project: Chaos tool suite (ctools) [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-August-8 * Security risk: Critical [2] * Exploitable from: Remote * Vulnerability: Local File Inclusion

[Full-disclosure] [Security-news] SA-CONTRIB-2012-124 - Mime Mail - Access Bypass

View online: http://drupal.org/node/1719482 * Advisory ID: DRUPAL-SA-CONTRIB-2012-124 * Project: Mime Mail [1] (third-party module) * Version: 6.x * Date: 2012-August-8 * Security risk: Critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION ---

[Full-disclosure] [Security-news] SA-CONTRIB-2012-123 - Shibboleth authentication - Access Bypass

View online: http://drupal.org/node/1719462 * Advisory ID: DRUPAL-SA-CONTRIB-2012-123 * Project: Shibboleth authentication [1] (third-party module) * Version: 6.x * Date: 2012-August-8 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass

[Full-disclosure] [Security-news] SA-CONTRIB-2012-122 - Better Revisions - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1719402 * Advisory ID: DRUPAL-SA-CONTRIB-2012-122 * Project: Better Revisions [1] (third-party module) * Version: 7.x * Date: 2012-August-08 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1719392 * Advisory ID: DRUPAL-SA-CONTRIB-2012-121 * Project: Shorten URLs [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-August-8 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

Re: [Full-disclosure] Android HTC Mail insecure password management

On Tue, Aug 7, 2012 at 10:06 PM, Jeffrey Walton wrote: > ... > Android 4.0+ offers a Keychain, and applications should be storing > base secrets in the Keychain any bets on adoption? prepare to be disappointed... (we should have a name and shame for just this purpose) _

[Full-disclosure] Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit

Exploit Title: Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit Date: 2012-08-08 Author: coolkaveh coolka...@rocketmail.com Https://twitter.com/coolkaveh Vendor Homepage:http://www.ftpocx.com/download.htm Version: 4.6.02 Tested on: windows 7 Awesome Hesam BOF ==

[Full-disclosure] [HTTPCS] WooPress 'page' Cross Site Scripting Vulnerability

HTTPCS Advisory : HTTPCS57 Product : WooPress Version : v.1 Date : 2012-08-04 Criticality level : Less Critical Description : A vulnerability has been discovered in WooPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'page' pa

[Full-disclosure] htaccess files should not be used for security restrictions

Hi guys, I wrote a blog post about security issues related with htaccess files. http://www.acunetix.com/blog/web-security-zone/articles/htaccess-security/ -- Bogdan Calin - bogdan [at] acunetix.com CTO Acunetix Ltd. - http://www.acunetix.com Acunetix Web Security Blog - http://www.acunetix.com/b

[Full-disclosure] [ MDVSA-2012:127 ] libtiff

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:127 http://www.mandriva.com/security/ _

[Full-disclosure] [ MDVSA-2012:126 ] libxml2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:126 http://www.mandriva.com/security/ _