Re: [Full-disclosure] Splunk Vulnerability

On Wed, Sep 5, 2012 at 11:30 PM, Zach C. wrote: > 1.) The tool, Splunk, is designed to index logs > 2.) Logs are arbitrary files. > Therefore, > 3.) Splunk is designed to index arbitrary files. > Agreed, Splunk is doing exactly what it's designed to do. This is not a vulnerability within Splunk

Re: [Full-disclosure] cloudsafe365 for wordpress: file disclosure

On Tue, Aug 28, 2012 at 09:59:19PM +1000, craig deveson wrote: > Issue has been resolved in version 1.47 In which revision? This looks like up-to-date repository: http://plugins.svn.wordpress.org/cloudsafe365-for-wp/ - Henri Salo ___ Full-Disclosure -

Re: [Full-disclosure] Splunk Vulnerability

1.) The tool, Splunk, is designed to index logs 2.) Logs are arbitrary files. Therefore, 3.) Splunk is designed to index arbitrary files. Whether or not you could preview the file before indexing, there would still be ways to gain access to the contents of the file once indexed. This just happens

[Full-disclosure] Security Advisory AA-005: Authorization Bypass Vulnerability in Password Reset Function Conceptronic Grab’n’Go Network Storage (0-day)

Security Advisory AA-005: Authorization Bypass Vulnerability in Password Reset Function Conceptronic Grab’n’Go Network Storage (0-day) Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability Type= Authorization Bypa

[Full-disclosure] Security Advisory AA-006: Authorization Bypass Vulnerability in Password Reset Function Sitecom Home Storage Center (0-day)

Security Advisory AA-006: Authorization Bypass Vulnerability in Password Reset Function Sitecom Home Storage Center (0-day) Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability Type= Authorization Bypass Impact=

[Full-disclosure] [Rooted CON 2013] Call for papers starts!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, Here you've attached all the necessary information for any potential speakers willing to have a talk at Rooted CON 2013. Kind regards to all and thanks in advance __ _ _ ___ _ _ / / _ \ ___ __

[Full-disclosure] ekoparty Security Conference and Trainings - 8th edition

[ * ] ekoparty Security Conference and Trainings - 8th edition [ * ] http://www.ekoparty.org Trainings: September 17-18 / Conference: September 19-21, 2012 Ciudad Autónoma de Buenos Aires, Argentina [*] WHAT? ekoparty is a one-of-a-kind event in South America; an annual security conference h

[Full-disclosure] [SECURITY] [DSA 2538-1] moin security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2538-1 secur...@debian.org http://www.debian.org/security/ Raphael Geissert September 05, 2012

[Full-disclosure] Barracuda Web Filter 910 5.0.015 - Multiple Vulnerabilities

Title: == Barracuda Web Filter 910 5.0.015 - Multiple Vulnerabilities Date: = 2012-08-02 References: === http://www.vulnerability-lab.com/get_content.php?id=570 Barracuda Networks Security ID: BNSEC-279/BNYF-5533 VL-ID: = 570 Common Vulnerability Scoring System: ===

[Full-disclosure] eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities

Title: == eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities Date: = 2012-08-06 References: === http://www.vulnerability-lab.com/get_content.php?id=668 VL-ID: = 668 Common Vulnerability Scoring System: 3.5 Introduction: ==

[Full-disclosure] ES Job Search Engine v3.0 - SQL injection vulnerability

Title: == ES Job Search Engine v3.0 - SQL injection vulnerability Date: = 2012-08-09 References: === http://www.vulnerability-lab.com/get_content.php?id=675 VL-ID: = 675 Common Vulnerability Scoring System: 8.1 Introduction: ===

[Full-disclosure] eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Title: == eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: = 2012-08-03 References: === http://www.vulnerability-lab.com/get_content.php?id=666 VL-ID: = 666 Common Vulnerability Scoring System: 3.5 Introduction: =

Re: [Full-disclosure] Splunk Vulnerability

8/3/12 - Vendor Response "we don't consider this behaviour a design defect or vulnerability" Why on earth would they think this would be ok? -- Michael D. Wood ITSecurityPros.org www.itsecuritypros.org -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclo

[Full-disclosure] [Security-news] SA-CONTRIB-2012-138 - Exposed Filter Data - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1775582 * Advisory ID: DRUPAL-SA-CONTRIB-2012-138 * Project: Exposed Filter Data [1] (third-party module) * Version: 6.x * Date: 2012-September-05 * Security risk: Critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting -

[Full-disclosure] [Security-news] SA-CONTRIB-2012-137 - Heartbeat - Cross Site Request Forgery (CSRF) in heartbeat_comments

View online: http://drupal.org/node/1775470 * Advisory ID: DRUPAL-SA-CONTRIB-2012-137 * Project: Heartbeat [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-September-5 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Request For

[Full-disclosure] Ektron CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-009

Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 a