SEC Consult Vulnerability Lab Security Advisory 20121017-0
===
title: ModSecurity multipart/invalid part ruleset bypass
product: ModSecurity
vulnerable version: = 2.6.8
fixed version: 2.7.0
SEC Consult Vulnerability Lab Security Advisory 20121017-1
===
title: SQL Injection
product: Unirgy uStoreLocator - Magento extension
vulnerable version: =2.0.0
fixed version: =2.0.1
Dear all,
the deadline for the submission of papers has been extended.
Accepted papers will be published in IEEE Computer Society's Conference
Proceedings Series and be available in the IEEE online Digital Library.
Please excuse possible cross-postings.
SEC Consult Vulnerability Lab Security Advisory 20121017-2
===
title: Multiple vulnerabilities in Oracle WebCenter Sites
product: Oracle WebCenter Sites (former FatWire Content Server)
vulnerable
[waraxe-2012-SA#092] - Multiple Vulnerabilities in Wordpress Slideshow Plugin
===
Author: Janek Vind waraxe
Date: 17. October 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-92.html
Description of
Agreed, it is very probably illegal to actually do so. This attack is
purely theoretical and should only be attempted after obtaining competent
legal counseling.
Myself, Matasano, and my other researches DO NOT endorse actually
counter-hacking. But its certainly pretty awesome that you could
On
1. OVERVIEW
Credential leaks lead to complete compromise of home automation
system
2. BACKGROUND
The 2 devices are identical, and act as an IP gateway between
the SCS home automation bus, and an IP network.
The devices uses https for the web-front, and is also open on
port 2 with an semi
[waraxe-2012-SA#093] - Multiple Vulnerabilities in Wordpress Social Discussions
Plugin
==
Author: Janek Vind waraxe
Date: 17. October 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-93.html
View online: http://drupal.org/node/1815912
* Advisory ID: DRUPAL-SA-CORE-2012-003
* Project: Drupal core [1]
* Version: 7.x
* Date: 2012-October-17
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclosure, Arbitrary PHP code execution