On Wed, Sep 5, 2012 at 11:30 PM, Zach C. wrote:
> 1.) The tool, Splunk, is designed to index logs
> 2.) Logs are arbitrary files.
> Therefore,
> 3.) Splunk is designed to index arbitrary files.
>
Agreed, Splunk is doing exactly what it's designed to do. This is not a
vulnerability within Splunk
On Tue, Aug 28, 2012 at 09:59:19PM +1000, craig deveson wrote:
> Issue has been resolved in version 1.47
In which revision? This looks like up-to-date repository:
http://plugins.svn.wordpress.org/cloudsafe365-for-wp/
- Henri Salo
___
Full-Disclosure -
1.) The tool, Splunk, is designed to index logs
2.) Logs are arbitrary files.
Therefore,
3.) Splunk is designed to index arbitrary files.
Whether or not you could preview the file before indexing, there would
still be ways to gain access to the contents of the file once indexed. This
just happens
Security Advisory AA-005: Authorization Bypass Vulnerability in Password Reset
Function Conceptronic Grab’n’Go Network Storage (0-day)
Severity Rating: High
Discovery Date: July 29, 2012
Vendor Notification: July 30, 2012
Disclosure Date: September 6, 2012
Vulnerability Type=
Authorization Bypa
Security Advisory AA-006: Authorization Bypass Vulnerability in Password Reset
Function Sitecom Home Storage Center (0-day)
Severity Rating: High
Discovery Date: July 29, 2012
Vendor Notification: July 30, 2012
Disclosure Date: September 6, 2012
Vulnerability Type=
Authorization Bypass
Impact=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello all,
Here you've attached all the necessary information for any potential
speakers willing to have a talk at Rooted CON 2013.
Kind regards to all and thanks in advance
__ _ _ ___ _ _
/ / _ \ ___ __
[ * ] ekoparty Security Conference and Trainings - 8th edition [ * ]
http://www.ekoparty.org
Trainings: September 17-18 / Conference: September 19-21, 2012
Ciudad Autónoma de Buenos Aires, Argentina
[*] WHAT?
ekoparty is a one-of-a-kind event in South America; an annual security
conference h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2538-1 secur...@debian.org
http://www.debian.org/security/ Raphael Geissert
September 05, 2012
Title:
==
Barracuda Web Filter 910 5.0.015 - Multiple Vulnerabilities
Date:
=
2012-08-02
References:
===
http://www.vulnerability-lab.com/get_content.php?id=570
Barracuda Networks Security ID: BNSEC-279/BNYF-5533
VL-ID:
=
570
Common Vulnerability Scoring System:
===
Title:
==
eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities
Date:
=
2012-08-06
References:
===
http://www.vulnerability-lab.com/get_content.php?id=668
VL-ID:
=
668
Common Vulnerability Scoring System:
3.5
Introduction:
==
Title:
==
ES Job Search Engine v3.0 - SQL injection vulnerability
Date:
=
2012-08-09
References:
===
http://www.vulnerability-lab.com/get_content.php?id=675
VL-ID:
=
675
Common Vulnerability Scoring System:
8.1
Introduction:
===
Title:
==
eFront Educational v3.6.11 - Multiple Web Vulnerabilities
Date:
=
2012-08-03
References:
===
http://www.vulnerability-lab.com/get_content.php?id=666
VL-ID:
=
666
Common Vulnerability Scoring System:
3.5
Introduction:
=
8/3/12 - Vendor Response "we don't consider this behaviour a design
defect or vulnerability"
Why on earth would they think this would be ok?
--
Michael D. Wood
ITSecurityPros.org
www.itsecuritypros.org
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclo
View online: http://drupal.org/node/1775582
* Advisory ID: DRUPAL-SA-CONTRIB-2012-138
* Project: Exposed Filter Data [1] (third-party module)
* Version: 6.x
* Date: 2012-September-05
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-
View online: http://drupal.org/node/1775470
* Advisory ID: DRUPAL-SA-CONTRIB-2012-137
* Project: Heartbeat [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-September-5
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request For
Sense of Security - Security Advisory - SOS-12-009
Release Date. 05-Sep-2012
Last Update. -
Vendor Notification Date. 07-May-2012
Product. Ektron CMS
Platform. ASP.NET
Affected versions. Ektron CMS version 8.5.0 a
16 matches
Mail list logo